mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2025-08-03 04:34:41 +02:00
Handle larger values with ASN1 INTEGER structure
This commit is contained in:
Jacob Barthelmeh
47
src/ssl.c
47
src/ssl.c
@@ -18087,6 +18087,36 @@ WOLFSSL_X509_REVOKED* wolfSSL_sk_X509_REVOKED_value(
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
/* Used to create a new WOLFSSL_ASN1_INTEGER structure.
|
||||||
|
* returns a pointer to new structure on success and NULL on failure
|
||||||
|
*/
|
||||||
|
WOLFSSL_ASN1_INTEGER* wolfSSL_ASN1_INTEGER_new(void)
|
||||||
|
{
|
||||||
|
WOLFSSL_ASN1_INTEGER* a;
|
||||||
|
|
||||||
|
a = (WOLFSSL_ASN1_INTEGER*)XMALLOC(sizeof(WOLFSSL_ASN1_INTEGER), NULL,
|
||||||
|
DYNAMIC_TYPE_OPENSSL);
|
||||||
|
if (a == NULL) {
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
XMEMSET(a, 0, sizeof(WOLFSSL_ASN1_INTEGER));
|
||||||
|
a->data = a->intData;
|
||||||
|
return a;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/* free's internal elements of WOLFSSL_ASN1_INTEGER and free's "in" itself */
|
||||||
|
void wolfSSL_ASN1_INTEGER_free(WOLFSSL_ASN1_INTEGER* in)
|
||||||
|
{
|
||||||
|
if (in != NULL) {
|
||||||
|
if (in->isDynamic) {
|
||||||
|
XFREE(in->data, NULL, DYNAMIC_TYPE_OPENSSL);
|
||||||
|
}
|
||||||
|
XFREE(in, NULL, DYNAMIC_TYPE_OPENSSL);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
WOLFSSL_ASN1_INTEGER* wolfSSL_X509_get_serialNumber(WOLFSSL_X509* x509)
|
WOLFSSL_ASN1_INTEGER* wolfSSL_X509_get_serialNumber(WOLFSSL_X509* x509)
|
||||||
{
|
{
|
||||||
@@ -18095,19 +18125,24 @@ WOLFSSL_ASN1_INTEGER* wolfSSL_X509_get_serialNumber(WOLFSSL_X509* x509)
|
|||||||
|
|
||||||
WOLFSSL_ENTER("wolfSSL_X509_get_serialNumber");
|
WOLFSSL_ENTER("wolfSSL_X509_get_serialNumber");
|
||||||
|
|
||||||
a = (WOLFSSL_ASN1_INTEGER*)XMALLOC(sizeof(WOLFSSL_ASN1_INTEGER), NULL,
|
a = wolfSSL_ASN1_INTEGER_new();
|
||||||
DYNAMIC_TYPE_OPENSSL);
|
|
||||||
if (a == NULL)
|
if (a == NULL)
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
||||||
/* Make sure there is space for the data, ASN.1 type and length. */
|
/* Make sure there is space for the data, ASN.1 type and length. */
|
||||||
if (x509->serialSz > (int)(sizeof(WOLFSSL_ASN1_INTEGER) - 2)) {
|
if (x509->serialSz > (WOLFSSL_ASN1_INTEGER_MAX - 2)) {
|
||||||
XFREE(a, NULL, DYNAMIC_TYPE_OPENSSL);
|
/* dynamicly create data buffer, +2 for type and length */
|
||||||
return NULL;
|
a->data = (unsigned char*)XMALLOC(x509->serialSz + 2, NULL,
|
||||||
|
DYNAMIC_TYPE_OPENSSL);
|
||||||
|
if (a->data == NULL) {
|
||||||
|
wolfSSL_ASN1_INTEGER_free(a);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
a->isDynamic = 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
a->data[i++] = ASN_INTEGER;
|
a->data[i++] = ASN_INTEGER;
|
||||||
a->data[i++] = (unsigned char)x509->serialSz;
|
i += SetLength(x509->serialSz, a->data + i);
|
||||||
XMEMCPY(&a->data[i], x509->serial, x509->serialSz);
|
XMEMCPY(&a->data[i], x509->serial, x509->serialSz);
|
||||||
|
|
||||||
return a;
|
return a;
|
||||||
|
|||||||
34
tests/api.c
34
tests/api.c
@@ -17745,6 +17745,39 @@ static void test_wolfSSL_SHA256(void)
|
|||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static void test_wolfSSL_X509_get_serialNumber(void)
|
||||||
|
{
|
||||||
|
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
|
||||||
|
!defined(NO_RSA)
|
||||||
|
ASN1_INTEGER* a;
|
||||||
|
BIGNUM* bn;
|
||||||
|
X509* x509;
|
||||||
|
|
||||||
|
|
||||||
|
printf(testingFmt, "wolfSSL_X509_get_serialNumber()");
|
||||||
|
|
||||||
|
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile,
|
||||||
|
SSL_FILETYPE_PEM));
|
||||||
|
AssertNotNull(a = X509_get_serialNumber(x509));
|
||||||
|
|
||||||
|
/* check on value of ASN1 Integer */
|
||||||
|
AssertNotNull(bn = ASN1_INTEGER_to_BN(a, NULL));
|
||||||
|
AssertIntEQ(BN_get_word(bn), 1);
|
||||||
|
|
||||||
|
BN_free(bn);
|
||||||
|
ASN1_INTEGER_free(a);
|
||||||
|
|
||||||
|
/* hard test free'ing with dynamic buffer to make sure there is no leaks */
|
||||||
|
a = ASN1_INTEGER_new();
|
||||||
|
AssertNotNull(a->data = (unsigned char*)XMALLOC(100, NULL,
|
||||||
|
DYNAMIC_TYPE_OPENSSL));
|
||||||
|
a->isDynamic = 1;
|
||||||
|
ASN1_INTEGER_free(a);
|
||||||
|
|
||||||
|
printf(resultFmt, passed);
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
static void test_no_op_functions(void)
|
static void test_no_op_functions(void)
|
||||||
{
|
{
|
||||||
#if defined(OPENSSL_EXTRA)
|
#if defined(OPENSSL_EXTRA)
|
||||||
@@ -18589,6 +18622,7 @@ void ApiTest(void)
|
|||||||
test_wolfSSL_DH_1536_prime();
|
test_wolfSSL_DH_1536_prime();
|
||||||
test_wolfSSL_AES_ecb_encrypt();
|
test_wolfSSL_AES_ecb_encrypt();
|
||||||
test_wolfSSL_SHA256();
|
test_wolfSSL_SHA256();
|
||||||
|
test_wolfSSL_X509_get_serialNumber();
|
||||||
|
|
||||||
/* test the no op functions for compatibility */
|
/* test the no op functions for compatibility */
|
||||||
test_no_op_functions();
|
test_no_op_functions();
|
||||||
|
|||||||
@@ -379,6 +379,8 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
|
|||||||
#define ASN1_GENERALIZEDTIME_print wolfSSL_ASN1_GENERALIZEDTIME_print
|
#define ASN1_GENERALIZEDTIME_print wolfSSL_ASN1_GENERALIZEDTIME_print
|
||||||
#define ASN1_TIME_adj wolfSSL_ASN1_TIME_adj
|
#define ASN1_TIME_adj wolfSSL_ASN1_TIME_adj
|
||||||
|
|
||||||
|
#define ASN1_INTEGER_new wolfSSL_ASN1_INTEGER_new
|
||||||
|
#define ASN1_INTEGER_free wolfSSL_ASN1_INTEGER_free
|
||||||
#define ASN1_INTEGER_cmp wolfSSL_ASN1_INTEGER_cmp
|
#define ASN1_INTEGER_cmp wolfSSL_ASN1_INTEGER_cmp
|
||||||
#define ASN1_INTEGER_get wolfSSL_ASN1_INTEGER_get
|
#define ASN1_INTEGER_get wolfSSL_ASN1_INTEGER_get
|
||||||
#define ASN1_INTEGER_to_BN wolfSSL_ASN1_INTEGER_to_BN
|
#define ASN1_INTEGER_to_BN wolfSSL_ASN1_INTEGER_to_BN
|
||||||
|
|||||||
@@ -182,11 +182,15 @@ typedef struct WOLFSSL_ASN1_BIT_STRING WOLFSSL_ASN1_BIT_STRING;
|
|||||||
#define WOLFSSL_ASN1_UTCTIME WOLFSSL_ASN1_TIME
|
#define WOLFSSL_ASN1_UTCTIME WOLFSSL_ASN1_TIME
|
||||||
#define WOLFSSL_ASN1_GENERALIZEDTIME WOLFSSL_ASN1_TIME
|
#define WOLFSSL_ASN1_GENERALIZEDTIME WOLFSSL_ASN1_TIME
|
||||||
|
|
||||||
|
#define WOLFSSL_ASN1_INTEGER_MAX 20
|
||||||
struct WOLFSSL_ASN1_INTEGER {
|
struct WOLFSSL_ASN1_INTEGER {
|
||||||
/* size can be increased set at 20 for tag, length then to hold at least 16
|
/* size can be increased set at 20 for tag, length then to hold at least 16
|
||||||
* byte type */
|
* byte type */
|
||||||
unsigned char data[20];
|
unsigned char intData[WOLFSSL_ASN1_INTEGER_MAX];
|
||||||
/* ASN_INTEGER | LENGTH | hex of number */
|
/* ASN_INTEGER | LENGTH | hex of number */
|
||||||
|
|
||||||
|
unsigned char* data;
|
||||||
|
byte isDynamic:1; /* flag for if data pointer dynamic (1 is yes 0 is no) */
|
||||||
};
|
};
|
||||||
|
|
||||||
struct WOLFSSL_ASN1_TIME {
|
struct WOLFSSL_ASN1_TIME {
|
||||||
@@ -927,6 +931,8 @@ WOLFSSL_API WOLFSSL_X509_REVOKED* wolfSSL_X509_CRL_get_REVOKED(WOLFSSL_X509_CRL*
|
|||||||
WOLFSSL_API WOLFSSL_X509_REVOKED* wolfSSL_sk_X509_REVOKED_value(
|
WOLFSSL_API WOLFSSL_X509_REVOKED* wolfSSL_sk_X509_REVOKED_value(
|
||||||
WOLFSSL_X509_REVOKED*,int);
|
WOLFSSL_X509_REVOKED*,int);
|
||||||
WOLFSSL_API WOLFSSL_ASN1_INTEGER* wolfSSL_X509_get_serialNumber(WOLFSSL_X509*);
|
WOLFSSL_API WOLFSSL_ASN1_INTEGER* wolfSSL_X509_get_serialNumber(WOLFSSL_X509*);
|
||||||
|
WOLFSSL_API void wolfSSL_ASN1_INTEGER_free(WOLFSSL_ASN1_INTEGER*);
|
||||||
|
WOLFSSL_API WOLFSSL_ASN1_INTEGER* wolfSSL_ASN1_INTEGER_new(void);
|
||||||
|
|
||||||
WOLFSSL_API int wolfSSL_ASN1_TIME_print(WOLFSSL_BIO*, const WOLFSSL_ASN1_TIME*);
|
WOLFSSL_API int wolfSSL_ASN1_TIME_print(WOLFSSL_BIO*, const WOLFSSL_ASN1_TIME*);
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user