wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 10:47:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #6332 from SparkiDev/bn_to_asn1_fix

Browse Source 
BN_to_ASN1_INTEGER: fix handling of padding
This commit is contained in:
JacobBarthelmeh
2023-04-24 09:58:12 -06:00
committed by GitHub
parent 865581704e 6634ec198e
commit cfeb8b9aee
2 changed files with 39 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/ssl_asn1.c
View File

@ -1333,15 +1333,11 @@ WOLFSSL_ASN1_INTEGER* wolfSSL_BN_to_ASN1_INTEGER(const WOLFSSL_BIGNUM *bn,
/* Get length in bits of encoded number. */ /* Get length in bits of encoded number. */
numBits = wolfSSL_BN_num_bits(bn); numBits = wolfSSL_BN_num_bits(bn);
/* Leading zero required if most-significant byte has top bit set. */ /* Leading zero required if most-significant byte has top bit set. */
if ((numBits % 8) == 7) { if ((numBits > 0) && (numBits % 8) == 0) {
firstByte = 0x80; firstByte = 0x80;
} }
/* Get length of header based on length of number. */ /* Get length of header based on length of number. */
length = SetASNInt(len, firstByte, NULL); length = SetASNInt(len, firstByte, NULL);
if (firstByte != 0) {
/* Add one for leading zero. */
length++;
}
/* Add number of bytes to encode number. */ /* Add number of bytes to encode number. */
length += len; length += len;
@ -1359,9 +1355,6 @@ WOLFSSL_ASN1_INTEGER* wolfSSL_BN_to_ASN1_INTEGER(const WOLFSSL_BIGNUM *bn,
a->data[idx] = 0; a->data[idx] = 0;
} }
else { else {
if (firstByte != 0) {
a->data[idx++] = 0;
}
/* Add encoded number. */ /* Add encoded number. */
len = wolfSSL_BN_bn2bin(bn, a->data + idx); len = wolfSSL_BN_bn2bin(bn, a->data + idx);
if (len < 0) { if (len < 0) {

63
tests/api.c
View File

@ -31421,22 +31421,25 @@ static int test_wolfSSL_ASN1_INTEGER_BN(void)
int res = TEST_SKIPPED; int res = TEST_SKIPPED;
#if defined(OPENSSL_EXTRA) && !defined(NO_ASN) #if defined(OPENSSL_EXTRA) && !defined(NO_ASN)
ASN1_INTEGER* ai; ASN1_INTEGER* ai;
ASN1_INTEGER* a2; ASN1_INTEGER* ai2;
BIGNUM* a; BIGNUM* bn;
BIGNUM* bn2;
ai = ASN1_INTEGER_new(); ai = ASN1_INTEGER_new();
AssertNotNull(ai); AssertNotNull(ai);
bn2 = BN_new();
AssertNotNull(bn2);
/* Invalid parameter testing. */ /* Invalid parameter testing. */
AssertNull(a = ASN1_INTEGER_to_BN(NULL, NULL)); AssertNull(bn = ASN1_INTEGER_to_BN(NULL, NULL));
AssertNull(a2 = BN_to_ASN1_INTEGER(NULL, NULL)); AssertNull(ai2 = BN_to_ASN1_INTEGER(NULL, NULL));
/* at the moment hard setting since no set function */ /* at the moment hard setting since no set function */
ai->data[0] = 0xff; /* No DER encoding. */ ai->data[0] = 0xff; /* No DER encoding. */
ai->length = 1; ai->length = 1;
#if defined(WOLFSSL_QT) || defined(WOLFSSL_HAPROXY) #if defined(WOLFSSL_QT) || defined(WOLFSSL_HAPROXY)
AssertNotNull(a = ASN1_INTEGER_to_BN(ai, NULL)); AssertNotNull(bn = ASN1_INTEGER_to_BN(ai, NULL));
BN_free(a); BN_free(bn);
#else #else
AssertNull(ASN1_INTEGER_to_BN(ai, NULL)); AssertNull(ASN1_INTEGER_to_BN(ai, NULL));
#endif #endif
@ -31447,8 +31450,8 @@ static int test_wolfSSL_ASN1_INTEGER_BN(void)
ai->length = 3; ai->length = 3;
#if defined(WOLFSSL_QT) || defined(WOLFSSL_HAPROXY) #if defined(WOLFSSL_QT) || defined(WOLFSSL_HAPROXY)
/* Interpreted as a number 0x020403. */ /* Interpreted as a number 0x020403. */
AssertNotNull(a = ASN1_INTEGER_to_BN(ai, NULL)); AssertNotNull(bn = ASN1_INTEGER_to_BN(ai, NULL));
BN_free(a); BN_free(bn);
#else #else
AssertNull(ASN1_INTEGER_to_BN(ai, NULL)); AssertNull(ASN1_INTEGER_to_BN(ai, NULL));
#endif #endif
@ -31457,37 +31460,47 @@ static int test_wolfSSL_ASN1_INTEGER_BN(void)
ai->data[1] = 0x01; /* length of integer */ ai->data[1] = 0x01; /* length of integer */
ai->data[2] = 0x03; ai->data[2] = 0x03;
ai->length = 3; ai->length = 3;
AssertNotNull(a = ASN1_INTEGER_to_BN(ai, NULL)); AssertNotNull(bn = ASN1_INTEGER_to_BN(ai, NULL));
AssertNotNull(a2 = BN_to_ASN1_INTEGER(a, NULL)); AssertNotNull(ai2 = BN_to_ASN1_INTEGER(bn, NULL));
AssertIntEQ(ASN1_INTEGER_cmp(ai, a2), 0); AssertIntEQ(ASN1_INTEGER_cmp(ai, ai2), 0);
AssertNotNull(bn2 = ASN1_INTEGER_to_BN(ai2, bn2));
AssertIntEQ(BN_cmp(bn, bn2), 0);
ai->data[0] = 0x02; /* tag for ASN_INTEGER */ ai->data[0] = 0x02; /* tag for ASN_INTEGER */
ai->data[1] = 0x01; /* length of integer */ ai->data[1] = 0x02; /* length of integer */
ai->data[2] = 0xff; ai->data[2] = 0x00; /* padding byte to ensure positive */
ai->length = 3; ai->data[3] = 0xff;
AssertNotNull(a = ASN1_INTEGER_to_BN(ai, a)); ai->length = 4;
AssertNotNull(a2 = BN_to_ASN1_INTEGER(a, a2)); AssertNotNull(bn = ASN1_INTEGER_to_BN(ai, bn));
AssertIntEQ(ASN1_INTEGER_cmp(ai, a2), 0); AssertNotNull(ai2 = BN_to_ASN1_INTEGER(bn, ai2));
AssertIntEQ(ASN1_INTEGER_cmp(ai, ai2), 0);
AssertNotNull(bn2 = ASN1_INTEGER_to_BN(ai2, bn2));
AssertIntEQ(BN_cmp(bn, bn2), 0);
ai->data[0] = 0x02; /* tag for ASN_INTEGER */ ai->data[0] = 0x02; /* tag for ASN_INTEGER */
ai->data[1] = 0x01; /* length of integer */ ai->data[1] = 0x01; /* length of integer */
ai->data[2] = 0x00; ai->data[2] = 0x00;
ai->length = 3; ai->length = 3;
AssertNotNull(a = ASN1_INTEGER_to_BN(ai, a)); AssertNotNull(bn = ASN1_INTEGER_to_BN(ai, bn));
AssertNotNull(a2 = BN_to_ASN1_INTEGER(a, a2)); AssertNotNull(ai2 = BN_to_ASN1_INTEGER(bn, ai2));
AssertIntEQ(ASN1_INTEGER_cmp(ai, a2), 0); AssertIntEQ(ASN1_INTEGER_cmp(ai, ai2), 0);
AssertNotNull(bn2 = ASN1_INTEGER_to_BN(ai2, bn2));
AssertIntEQ(BN_cmp(bn, bn2), 0);
ai->data[0] = 0x02; /* tag for ASN_INTEGER */ ai->data[0] = 0x02; /* tag for ASN_INTEGER */
ai->data[1] = 0x01; /* length of integer */ ai->data[1] = 0x01; /* length of integer */
ai->data[2] = 0x01; ai->data[2] = 0x01;
ai->length = 3; ai->length = 3;
ai->negative = 1; ai->negative = 1;
AssertNotNull(a = ASN1_INTEGER_to_BN(ai, a)); AssertNotNull(bn = ASN1_INTEGER_to_BN(ai, bn));
AssertNotNull(a2 = BN_to_ASN1_INTEGER(a, a2)); AssertNotNull(ai2 = BN_to_ASN1_INTEGER(bn, ai2));
AssertIntEQ(ASN1_INTEGER_cmp(ai, a2), 0); AssertIntEQ(ASN1_INTEGER_cmp(ai, ai2), 0);
AssertNotNull(bn2 = ASN1_INTEGER_to_BN(ai2, bn2));
AssertIntEQ(BN_cmp(bn, bn2), 0);
BN_free(a); BN_free(bn2);
ASN1_INTEGER_free(a2); BN_free(bn);
ASN1_INTEGER_free(ai2);
ASN1_INTEGER_free(ai); ASN1_INTEGER_free(ai);
res = TEST_RES_CHECK(1); res = TEST_RES_CHECK(1);