wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-02 12:14:38 +02:00
Code Issues Packages Projects Releases Wiki Activity

Improvements and comments

Browse Source
This commit is contained in:
Sean Parkinson
2017-04-04 10:42:04 +10:00
parent fd9e41dd99
commit abaf820537
1 changed files with 209 additions and 108 deletions
Download Patch File Download Diff File Expand all files Collapse all files

309
wolfcrypt/src/asn.c
View File

@@ -547,54 +547,65 @@ WOLFSSL_LOCAL int GetLength(const byte* input, word32* inOutIdx, int* len,
} }
WOLFSSL_LOCAL int GetSequence(const byte* input, word32* inOutIdx, int* len, /* Get the DER/BER encoding of an ASN.1 header.
*
* input Buffer holding DER/BER encoded data.
* tag ASN.1 tag value expected in header.
* inOutIdx Current index into buffer to parse.
* len The number of bytes in the ASN.1 data.
* maxIdx Length of data in buffer.
* returns BUFFER_E when there is not enough data to parse.
* ASN_PARSE_E when the expected tag is not found or length is invalid.
* Otherwise, the number of bytes in the ASN.1 data.
*/
static int GetASNHeader(const byte* input, byte tag, word32* inOutIdx, int* len,
word32 maxIdx) word32 maxIdx)
{ {
int length = -1;
word32 idx = *inOutIdx; word32 idx = *inOutIdx;
byte b;
int length;
if ((idx + 1) > maxIdx) if ((idx + 1) > maxIdx)
return BUFFER_E; return BUFFER_E;
if (input[idx++] != (ASN_SEQUENCE | ASN_CONSTRUCTED) || b = input[idx++];
GetLength(input, &idx, &length, maxIdx) < 0) { if (b != tag)
return ASN_PARSE_E; return ASN_PARSE_E;
}
/* make sure length exists in buffer */ if (GetLength(input, &idx, &length, maxIdx) < 0)
if ((idx + length) > maxIdx) return ASN_PARSE_E;
return BUFFER_E;
*len = length; *len = length;
*inOutIdx = idx; *inOutIdx = idx;
return length; return length;
} }
WOLFSSL_LOCAL int GetSequence(const byte* input, word32* inOutIdx, int* len,
word32 maxIdx)
{
return GetASNHeader(input, ASN_SEQUENCE | ASN_CONSTRUCTED, inOutIdx, len,
maxIdx);
}
WOLFSSL_LOCAL int GetSet(const byte* input, word32* inOutIdx, int* len, WOLFSSL_LOCAL int GetSet(const byte* input, word32* inOutIdx, int* len,
word32 maxIdx) word32 maxIdx)
{ {
int length = -1; return GetASNHeader(input, ASN_SET | ASN_CONSTRUCTED, inOutIdx, len,
word32 idx = *inOutIdx; maxIdx);
if ((idx + 1) > maxIdx)
return BUFFER_E;
if (input[idx++] != (ASN_SET | ASN_CONSTRUCTED) ||
GetLength(input, &idx, &length, maxIdx) < 0)
return ASN_PARSE_E;
/* make sure length exists in buffer */
if ((idx + length) > maxIdx)
return BUFFER_E;
*len = length;
*inOutIdx = idx;
return length;
} }
/* Get the DER/BER encoded ASN.1 NULL element.
* Ensure that the all fields are as expected and move index past the element.
*
* input Buffer holding DER/BER encoded data.
* inOutIdx Current index into buffer to parse.
* maxIdx Length of data in buffer.
* returns BUFFER_E when there is not enough data to parse.
* ASN_TAG_NULL_E when the NULL tag is not found.
* ASN_EXPECT_0_E when the length is not zero.
* Otherwise, 0 to indicate success.
*/
static int GetASNNull(const byte* input, word32* inOutIdx, word32 maxIdx) static int GetASNNull(const byte* input, word32* inOutIdx, word32 maxIdx)
{ {
word32 idx = *inOutIdx; word32 idx = *inOutIdx;
@@ -605,7 +616,7 @@ static int GetASNNull(const byte* input, word32* inOutIdx, word32 maxIdx)
b = input[idx++]; b = input[idx++];
if (b != ASN_TAG_NULL) if (b != ASN_TAG_NULL)
return ASN_PARSE_E; return ASN_TAG_NULL_E;
if (input[idx++] != 0) if (input[idx++] != 0)
return ASN_EXPECT_0_E; return ASN_EXPECT_0_E;
@@ -614,6 +625,11 @@ static int GetASNNull(const byte* input, word32* inOutIdx, word32 maxIdx)
return 0; return 0;
} }
/* Set the DER/BER encoding of the ASN.1 NULL element.
*
* output Buffer to write into.
* returns the number of bytes added to the buffer.
*/
static int SetASNNull(byte* output) static int SetASNNull(byte* output)
{ {
output[0] = ASN_TAG_NULL; output[0] = ASN_TAG_NULL;
@@ -622,6 +638,15 @@ static int SetASNNull(byte* output)
return 2; return 2;
} }
/* Get the DER/BER encoding of an ASN.1 BOOLEAN.
*
* input Buffer holding DER/BER encoded data.
* inOutIdx Current index into buffer to parse.
* maxIdx Length of data in buffer.
* returns BUFFER_E when there is not enough data to parse.
* ASN_PARSE_E when the BOOLEAN tag is not found or length is not 1.
* Otherwise, 0 to indicate the value was false and 1 to indicate true.
*/
static int GetBoolean(const byte* input, word32* inOutIdx, word32 maxIdx) static int GetBoolean(const byte* input, word32* inOutIdx, word32 maxIdx)
{ {
word32 idx = *inOutIdx; word32 idx = *inOutIdx;
@@ -644,6 +669,13 @@ static int GetBoolean(const byte* input, word32* inOutIdx, word32 maxIdx)
} }
#ifdef ASN1_SET_BOOLEAN #ifdef ASN1_SET_BOOLEAN
/* Set the DER/BER encoding of the ASN.1 NULL element.
* Note: Function not required as yet.
*
* val Boolean value to encode.
* output Buffer to write into.
* returns the number of bytes added to the buffer.
*/
static int SetBoolean(int val, byte* output) static int SetBoolean(int val, byte* output)
{ {
output[0] = ASN_BOOLEAN; output[0] = ASN_BOOLEAN;
@@ -654,58 +686,69 @@ static int SetBoolean(int val, byte* output)
} }
#endif #endif
/* Get the DER/BER encoding of an ASN.1 OCTET_STRING header.
*
* input Buffer holding DER/BER encoded data.
* inOutIdx Current index into buffer to parse.
* len The number of bytes in the ASN.1 data.
* maxIdx Length of data in buffer.
* returns BUFFER_E when there is not enough data to parse.
* ASN_PARSE_E when the OCTET_STRING tag is not found or length is
* invalid.
* Otherwise, the number of bytes in the ASN.1 data.
*/
static int GetOctetString(const byte* input, word32* inOutIdx, int* len, static int GetOctetString(const byte* input, word32* inOutIdx, int* len,
word32 maxIdx) word32 maxIdx)
{ {
word32 idx = *inOutIdx; return GetASNHeader(input, ASN_OCTET_STRING, inOutIdx, len, maxIdx);
byte b;
int length;
if ((idx + 1) > maxIdx)
return BUFFER_E;
b = input[idx++];
if (b != ASN_OCTET_STRING)
return ASN_PARSE_E;
if (GetLength(input, &idx, &length, maxIdx) < 0)
return ASN_PARSE_E;
*len = length;
*inOutIdx = idx;
return 0;
} }
/* Get the DER/BER encoding of an ASN.1 INTEGER header.
* Removes the leading zero byte when found.
*
* input Buffer holding DER/BER encoded data.
* inOutIdx Current index into buffer to parse.
* len The number of bytes in the ASN.1 data (excluding any leading zero).
* maxIdx Length of data in buffer.
* returns BUFFER_E when there is not enough data to parse.
* ASN_PARSE_E when the INTEGER tag is not found, length is invalid,
* or invalid use of or missing leading zero.
* Otherwise, 0 to indicate success.
*/
static int GetASNInt(const byte* input, word32* inOutIdx, int* len, static int GetASNInt(const byte* input, word32* inOutIdx, int* len,
word32 maxIdx) word32 maxIdx)
{ {
word32 idx = *inOutIdx; int ret;
byte b;
int length;
if ((idx + 1) > maxIdx) ret = GetASNHeader(input, ASN_INTEGER, inOutIdx, len, maxIdx);
return BUFFER_E; if (ret < 0)
return ret;
b = input[idx++]; if (*len > 0) {
if (b != ASN_INTEGER) if (input[*inOutIdx] == 0x00) {
(*inOutIdx)++;
(*len)--;
if (*len > 0 && (input[*inOutIdx] & 0x80) == 0)
return ASN_PARSE_E; return ASN_PARSE_E;
}
if (GetLength(input, &idx, &length, maxIdx) < 0) else if ((input[*inOutIdx] & 0x80) == 0x80)
return ASN_PARSE_E;
if (length > 0 && input[idx] == 0x00) {
idx++;
length--;
if (length > 0 && (input[idx] & 0x80) == 0)
return ASN_PARSE_E; return ASN_PARSE_E;
} }
*len = length;
*inOutIdx = idx;
return 0; return 0;
} }
/* Get the DER/BER encoding of an ASN.1 INTEGER that has a value of no more than
* 7 bits.
*
* input Buffer holding DER/BER encoded data.
* inOutIdx Current index into buffer to parse.
* maxIdx Length of data in buffer.
* returns BUFFER_E when there is not enough data to parse.
* ASN_PARSE_E when the INTEGER tag is not found or length is invalid.
* Otherwise, the 7-bit value.
*/
static int GetInteger7Bit(const byte* input, word32* inOutIdx, word32 maxIdx) static int GetInteger7Bit(const byte* input, word32* inOutIdx, word32 maxIdx)
{ {
word32 idx = *inOutIdx; word32 idx = *inOutIdx;
@@ -725,6 +768,13 @@ static int GetInteger7Bit(const byte* input, word32* inOutIdx, word32 maxIdx)
} }
#if !defined(NO_DSA) || defined(HAVE_ECC) || (!defined(NO_RSA) && (defined(WOLFSSL_CERT_GEN) || (defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA)))) #if !defined(NO_DSA) || defined(HAVE_ECC) || (!defined(NO_RSA) && (defined(WOLFSSL_CERT_GEN) || (defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA))))
/* Set the DER/BER encoding of the ASN.1 INTEGER header.
*
* len Length of data to encode.
* firstByte First byte of data, most significant byte of integer, to encode.
* output Buffer to write into.
* returns the number of bytes added to the buffer.
*/
static int SetASNInt(int len, byte firstByte, byte* output) static int SetASNInt(int len, byte firstByte, byte* output)
{ {
word32 idx = 0; word32 idx = 0;
@@ -741,49 +791,69 @@ static int SetASNInt(int len, byte firstByte, byte* output)
#endif #endif
#if !defined(NO_DSA) || defined(HAVE_ECC) || (defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && !defined(HAVE_USER_RSA)) #if !defined(NO_DSA) || defined(HAVE_ECC) || (defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && !defined(HAVE_USER_RSA))
static int SetASNIntMP(mp_int* n, byte* output) /* Set the DER/BER encoding of the ASN.1 INTEGER element with an mp_int.
* The number is assumed to be positive.
*
* n Multi-precision integer to encode.
* maxSz Maximum size of the encoded integer.
* A negative value indicates no check of length requested.
* output Buffer to write into.
* returns BUFFER_E when the data is too long for the buffer.
* MP_TO_E when encoding the integer fails.
* Otherwise, the number of bytes added to the buffer.
*/
static int SetASNIntMP(mp_int* n, int maxSz, byte* output)
{ {
int nSz = 0; int idx = 0;
int leadingBit; int leadingBit;
int rawLen; int length;
int err; int err;
leadingBit = mp_leading_bit(n); leadingBit = mp_leading_bit(n);
rawLen = mp_unsigned_bin_size(n); length = mp_unsigned_bin_size(n);
nSz = SetASNInt(rawLen, leadingBit ? 0x80 : 0x00, output); idx = SetASNInt(length, leadingBit ? 0x80 : 0x00, output);
if ((nSz + rawLen) > MAX_RSA_INT_SZ) if (maxSz >= 0 && (idx + length) > maxSz)
return BUFFER_E; return BUFFER_E;
err = mp_to_unsigned_bin(n, output + nSz); err = mp_to_unsigned_bin(n, output + idx);
if (err != MP_OKAY) if (err != MP_OKAY)
return MP_TO_E; return MP_TO_E;
nSz += rawLen; idx += length;
return nSz; return idx;
} }
#endif #endif
#if !defined(NO_RSA) && defined(HAVE_USER_RSA) && defined(WOLFSSL_CERT_GEN) #if !defined(NO_RSA) && defined(HAVE_USER_RSA) && defined(WOLFSSL_CERT_GEN)
/* Set the DER/BER encoding of the ASN.1 INTEGER element with an mp_int from
* an RSA key.
* The number is assumed to be positive.
*
* n Multi-precision integer to encode.
* output Buffer to write into.
* returns BUFFER_E when the data is too long for the buffer.
* MP_TO_E when encoding the integer fails.
* Otherwise, the number of bytes added to the buffer.
*/
static int SetASNIntRSA(mp_int* n, byte* output) static int SetASNIntRSA(mp_int* n, byte* output)
{ {
int nSz = 0; int idx = 0;
int leadingBit; int leadingBit;
int rawLen; int length;
int err; int err;
leadingBit = wc_Rsa_leading_bit(n); leadingBit = wc_Rsa_leading_bit(n);
rawLen = wc_Rsa_unsigned_bin_size(n); length = wc_Rsa_unsigned_bin_size(n);
nSz = SetASNInt(rawLen, leadingBit ? 0x80 : 0x00, output); idx = SetASNInt(length, leadingBit ? 0x80 : 0x00, output);
if ((idx + length) > MAX_RSA_INT_SZ)
if ((nSz + rawLen) > MAX_RSA_INT_SZ)
return BUFFER_E; return BUFFER_E;
err = wc_Rsa_to_unsigned_bin(n, output + nSz, rawLen); err = wc_Rsa_to_unsigned_bin(n, output + idx, length);
if (err != MP_OKAY) if (err != MP_OKAY)
return MP_TO_E; return MP_TO_E;
nSz += rawLen; idx += length;
return nSz; return idx;
} }
#endif /* !NO_RSA && (WOLFSSL_CERT_GEN || (WOLFSSL_KEY_GEN && #endif /* !NO_RSA && (WOLFSSL_CERT_GEN || (WOLFSSL_KEY_GEN &&
!HAVE_USER_RSA))) */ !HAVE_USER_RSA))) */
@@ -929,6 +999,15 @@ static int CheckBitString(const byte* input, word32* inOutIdx, int* len,
} }
#if !defined(NO_RSA) && (defined(WOLFSSL_CERT_GEN) || (defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA))) #if !defined(NO_RSA) && (defined(WOLFSSL_CERT_GEN) || (defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA)))
/* Set the DER/BER encoding of the ASN.1 BIT_STRING header.
*
* len Length of data to encode.
* unusedBits The number of unused bits in the last byte of data.
* That is, the number of least significant zero bits before a one.
* The last byte is the most-significant non-zero byte of a number.
* output Buffer to write into.
* returns the number of bytes added to the buffer.
*/
static word32 SetBitString(word32 len, byte unusedBits, byte* output) static word32 SetBitString(word32 len, byte unusedBits, byte* output)
{ {
word32 idx = 0; word32 idx = 0;
@@ -941,7 +1020,13 @@ static word32 SetBitString(word32 len, byte unusedBits, byte* output)
} }
#ifdef WOLFSSL_CERT_EXT #ifdef WOLFSSL_CERT_EXT
static word32 SetBitString16(word16 val, byte* output) /* Set the DER/BER encoding of the ASN.1 BIT_STRING with a 16-bit value.
*
* val 16-bit value to encode.
* output Buffer to write into.
* returns the number of bytes added to the buffer.
*/
static word32 SetBitString16Bit(word16 val, byte* output)
{ {
word32 idx; word32 idx;
int len; int len;
@@ -1586,6 +1671,17 @@ int DecodeObjectId(const byte* in, word32 inSz, word16* out, word32* outSz)
} }
#endif /* HAVE_OID_DECODING */ #endif /* HAVE_OID_DECODING */
/* Get the DER/BER encoding of an ASN.1 OBJECT_ID header.
*
* input Buffer holding DER/BER encoded data.
* inOutIdx Current index into buffer to parse.
* len The number of bytes in the ASN.1 data.
* maxIdx Length of data in buffer.
* returns BUFFER_E when there is not enough data to parse.
* ASN_OBJECt_ID_E when the OBJECT_ID tag is not found.
* ASN_PARSE_E when length is invalid.
* Otherwise, 0 to indicate success.
*/
static int GetASNObjectId(const byte* input, word32* inOutIdx, int* len, static int GetASNObjectId(const byte* input, word32* inOutIdx, int* len,
word32 maxIdx) word32 maxIdx)
{ {
@@ -1605,10 +1701,15 @@ static int GetASNObjectId(const byte* input, word32* inOutIdx, int* len,
*len = length; *len = length;
*inOutIdx = idx; *inOutIdx = idx;
return 0; return 0;
} }
/* Set the DER/BER encoding of the ASN.1 OBJECT_ID header.
*
* len Length of the OBJECT_ID data.
* output Buffer to write into.
* returns the number of bytes added to the buffer.
*/
static int SetObjectId(int len, byte* output) static int SetObjectId(int len, byte* output)
{ {
int idx = 0; int idx = 0;
@@ -1807,7 +1908,7 @@ int ToTraditionalInline(const byte* input, word32* inOutIdx, word32 sz)
} }
ret = GetOctetString(input, &idx, &length, sz); ret = GetOctetString(input, &idx, &length, sz);
if (ret != 0) if (ret < 0)
return ret; return ret;
*inOutIdx = idx; *inOutIdx = idx;
@@ -2418,7 +2519,7 @@ int ToTraditionalEnc(byte* input, word32 sz,const char* password,int passwordSz)
} }
ret = GetOctetString(input, &inOutIdx, &saltSz, sz); ret = GetOctetString(input, &inOutIdx, &saltSz, sz);
if (ret != 0) if (ret < 0)
goto exit_tte; goto exit_tte;
if (saltSz > MAX_SALT_SIZE) { if (saltSz > MAX_SALT_SIZE) {
@@ -2458,7 +2559,7 @@ int ToTraditionalEnc(byte* input, word32 sz,const char* password,int passwordSz)
} }
ret = GetOctetString(input, &inOutIdx, &length, sz); ret = GetOctetString(input, &inOutIdx, &length, sz);
if (ret != 0) if (ret < 0)
goto exit_tte; goto exit_tte;
if (length > MAX_IV_SIZE) { if (length > MAX_IV_SIZE) {
@@ -2470,7 +2571,7 @@ int ToTraditionalEnc(byte* input, word32 sz,const char* password,int passwordSz)
} }
ret = GetOctetString(input, &inOutIdx, &length, sz); ret = GetOctetString(input, &inOutIdx, &length, sz);
if (ret != 0) if (ret < 0)
goto exit_tte; goto exit_tte;
ret = DecryptKey(password, passwordSz, salt, saltSz, iterations, id, ret = DecryptKey(password, passwordSz, salt, saltSz, iterations, id,
@@ -2535,7 +2636,7 @@ int DecryptContent(byte* input, word32 sz,const char* password,int passwordSz)
} }
ret = GetOctetString(input, &inOutIdx, &saltSz, sz); ret = GetOctetString(input, &inOutIdx, &saltSz, sz);
if (ret != 0) if (ret < 0)
goto exit_dc; goto exit_dc;
if (saltSz > MAX_SALT_SIZE) { if (saltSz > MAX_SALT_SIZE) {
@@ -2575,7 +2676,7 @@ int DecryptContent(byte* input, word32 sz,const char* password,int passwordSz)
} }
ret = GetOctetString(input, &inOutIdx, &length, sz); ret = GetOctetString(input, &inOutIdx, &length, sz);
if (ret != 0) if (ret < 0)
goto exit_dc; goto exit_dc;
XMEMCPY(cbcIv, &input[inOutIdx], length); XMEMCPY(cbcIv, &input[inOutIdx], length);
@@ -2864,7 +2965,7 @@ int wc_DsaKeyToDer(DsaKey* key, byte* output, word32 inLen)
break; break;
} }
mpSz = SetASNIntMP(keyInt, tmps[i]); mpSz = SetASNIntMP(keyInt, -1, tmps[i]);
if (mpSz < 0) { if (mpSz < 0) {
ret = mpSz; ret = mpSz;
break; break;
@@ -4899,7 +5000,7 @@ static int DecodeAltNames(byte* input, int sz, DecodedCert* cert)
idx += strLen; idx += strLen;
ret = GetOctetString(input, &idx, &strLen, sz); ret = GetOctetString(input, &idx, &strLen, sz);
if (ret != 0) if (ret < 0)
return ret; return ret;
cert->hwSerialNum = (byte*)XMALLOC(strLen + 1, cert->heap, cert->hwSerialNum = (byte*)XMALLOC(strLen + 1, cert->heap,
@@ -5159,7 +5260,7 @@ static int DecodeSubjKeyId(byte* input, int sz, DecodedCert* cert)
return ASN_PARSE_E; return ASN_PARSE_E;
ret = GetOctetString(input, &idx, &length, sz); ret = GetOctetString(input, &idx, &length, sz);
if (ret != 0) if (ret < 0)
return ret; return ret;
#ifdef OPENSSL_EXTRA #ifdef OPENSSL_EXTRA
@@ -5588,7 +5689,7 @@ static int DecodeCertExtensions(DecodedCert* cert)
/* process the extension based on the OID */ /* process the extension based on the OID */
ret = GetOctetString(input, &idx, &length, sz); ret = GetOctetString(input, &idx, &length, sz);
if (ret != 0) { if (ret < 0) {
WOLFSSL_MSG("\tfail: bad OCTET STRING"); WOLFSSL_MSG("\tfail: bad OCTET STRING");
return ret; return ret;
} }
@@ -6356,7 +6457,7 @@ static int SetRsaPublicKey(byte* output, RsaKey* key,
#ifdef HAVE_USER_RSA #ifdef HAVE_USER_RSA
nSz = SetASNIntRSA(key->n, n); nSz = SetASNIntRSA(key->n, n);
#else #else
nSz = SetASNIntMP(&key->n, n); nSz = SetASNIntMP(&key->n, MAX_RSA_INT_SZ, n);
#endif #endif
if (nSz < 0) { if (nSz < 0) {
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
@@ -6379,7 +6480,7 @@ static int SetRsaPublicKey(byte* output, RsaKey* key,
#ifdef HAVE_USER_RSA #ifdef HAVE_USER_RSA
eSz = SetASNIntRSA(key->e, e); eSz = SetASNIntRSA(key->e, e);
#else #else
eSz = SetASNIntMP(&key->e, e); eSz = SetASNIntMP(&key->e, MAX_RSA_INT_SZ, e);
#endif #endif
if (eSz < 0) { if (eSz < 0) {
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
@@ -6536,7 +6637,7 @@ int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen)
break; break;
} }
mpSz = SetASNIntMP(keyInt, tmps[i]); mpSz = SetASNIntMP(keyInt, MAX_RSA_INT_SZ, tmps[i]);
if (mpSz < 0) { if (mpSz < 0) {
ret = mpSz; ret = mpSz;
break; break;
@@ -7316,7 +7417,7 @@ static int SetKeyUsage(byte* output, word32 outSz, word16 input)
if (output == NULL) if (output == NULL)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
idx = SetBitString16(input, ku); idx = SetBitString16Bit(input, ku);
return SetOidValue(output, outSz, keyusage_oid, sizeof(keyusage_oid), return SetOidValue(output, outSz, keyusage_oid, sizeof(keyusage_oid),
ku, idx); ku, idx);
} }
@@ -9218,13 +9319,13 @@ int StoreECC_DSA_Sig(byte* out, word32* outLen, mp_int* r, mp_int* s)
idx = SetSequence(rLen+rLeadingZero+sLen+sLeadingZero+headerSz, out); idx = SetSequence(rLen+rLeadingZero+sLen+sLeadingZero+headerSz, out);
/* store r */ /* store r */
rSz = SetASNIntMP(r, &out[idx]); rSz = SetASNIntMP(r, -1, &out[idx]);
if (rSz < 0) if (rSz < 0)
return rSz; return rSz;
idx += rSz; idx += rSz;
/* store s */ /* store s */
sSz = SetASNIntMP(s, &out[idx]); sSz = SetASNIntMP(s, -1, &out[idx]);
if (sSz < 0) if (sSz < 0)
return sSz; return sSz;
idx += sSz; idx += sSz;
@@ -9650,13 +9751,13 @@ static int DecodeSingleResponse(byte* source,
return ASN_PARSE_E; return ASN_PARSE_E;
/* Save reference to the hash of CN */ /* Save reference to the hash of CN */
ret = GetOctetString(source, &idx, &length, size); ret = GetOctetString(source, &idx, &length, size);
if (ret != 0) if (ret < 0)
return ret; return ret;
resp->issuerHash = source + idx; resp->issuerHash = source + idx;
idx += length; idx += length;
/* Save reference to the hash of the issuer public key */ /* Save reference to the hash of the issuer public key */
ret = GetOctetString(source, &idx, &length, size); ret = GetOctetString(source, &idx, &length, size);
if (ret != 0) if (ret < 0)
return ret; return ret;
resp->issuerKeyHash = source + idx; resp->issuerKeyHash = source + idx;
idx += length; idx += length;
@@ -9779,13 +9880,13 @@ static int DecodeOcspRespExtensions(byte* source,
} }
ret = GetOctetString(source, &idx, &length, sz); ret = GetOctetString(source, &idx, &length, sz);
if (ret != 0) if (ret < 0)
return ret; return ret;
if (oid == OCSP_NONCE_OID) { if (oid == OCSP_NONCE_OID) {
/* get data inside extra OCTET_STRING */ /* get data inside extra OCTET_STRING */
ret = GetOctetString(source, &idx, &length, sz); ret = GetOctetString(source, &idx, &length, sz);
if (ret != 0) if (ret < 0)
return ret; return ret;
resp->nonce = source + idx; resp->nonce = source + idx;
@@ -10037,7 +10138,7 @@ int OcspResponseDecode(OcspResponse* resp, void* cm, void* heap, int noVerify)
if (oid != OCSP_BASIC_OID) if (oid != OCSP_BASIC_OID)
return ASN_PARSE_E; return ASN_PARSE_E;
ret = GetOctetString(source, &idx, &length, size); ret = GetOctetString(source, &idx, &length, size);
if (ret != 0) if (ret < 0)
return ret; return ret;
ret = DecodeBasicOcspResponse(source, &idx, resp, size, cm, heap, noVerify); ret = DecodeBasicOcspResponse(source, &idx, resp, size, cm, heap, noVerify);