wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 02:37:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

ASN template: handle short OIDs

Browse Source 
cert_asn1_test was constructing a BER encoding of a certificate that
didn't have all the components. It was trying to test putting in a bad
OID in the certificate name.
The original ASN.1 parsing code stopped at the bad name. ASN.1 template
code does the whole structure and then digs into the name.
A complete certificate should have always been used.
This commit is contained in:
Sean Parkinson
2022-02-24 09:24:34 +10:00
parent b13826a3a5
commit bb50777f1a
2 changed files with 12 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
wolfcrypt/src/asn.c
View File

@ -1506,6 +1506,12 @@ int GetASN_Items(const ASNItem* asn, ASNGetData *data, int count, int complete,
idx++;
len--;
}
else if ((asn[i].tag == ASN_OBJECT_ID) && (len < 3)) {
#ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
WOLFSSL_MSG_VSNPRINTF("OID length must be 3 or more: %d", len);
#endif
return ASN_PARSE_E;
}
/* Don't parse data if only header required. */
if (asn[i].headerOnly) {

7
wolfcrypt/test/test.c
View File

@ -12012,7 +12012,7 @@ static int cert_asn1_test(void)
int ret;
int len[3];
DecodedCert cert;
byte certData[106];
byte certData[114];
byte* badCert = NULL;
len[2] = add_data(certData, 0, minSerial, (byte)sizeof(minSerial));
@ -12038,7 +12038,12 @@ static int cert_asn1_test(void)
len[2] = add_data(certData, 0, minSerial, (byte)sizeof(minSerial));
len[2] = add_data(certData, len[2], minSigAlg, (byte)sizeof(minSigAlg));
len[2] = add_data(certData, len[2], nameBad, (byte)sizeof(nameBad));
len[2] = add_data(certData, len[2], minDates, (byte)sizeof(minDates));
len[2] = add_data(certData, len[2], minName, (byte)sizeof(minName));
len[2] = add_data(certData, len[2], minPubKey, (byte)sizeof(minPubKey));
len[1] = add_seq(certData, 0, certData, len[2]);
len[1] = add_data(certData, len[1], minSigAlg, (byte)sizeof(minSigAlg));
len[1] = add_data(certData, len[1], minSig, (byte)sizeof(minSig));
len[0] = add_seq(certData, 0, certData, len[1]);
/* Put data into allocated buffer to allow access error checking. */
badCert = (byte*)XMALLOC(len[0], HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);