arduino/esp8266
1
0
Fork 0
mirror of https://github.com/esp8266/Arduino.git synced 2025-08-05 13:16:13 +03:00
Code Activity

* Added check to get_asn1_length() to limit the number of octets and to not allow overflow.

Browse Source 
* Changed a few copyright dates to add a bit of new polish :-)

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@239 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
This commit is contained in:
cameronrich
2014-11-19 10:13:31 +00:00
parent 82a7638efa
commit 58790919c1
5 changed files with 13 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
crypto/crypto.h
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2007, Cameron Rich * Copyright (c) 2007-2014, Cameron Rich
* *
* All rights reserved. * All rights reserved.
* *

4
crypto/rsa.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2007, Cameron Rich * Copyright (c) 2007-2014, Cameron Rich
* *
* All rights reserved. * All rights reserved.
* *
@@ -189,7 +189,7 @@ int RSA_decrypt(const RSA_CTX *ctx, const uint8_t *in_data,
pad_count++; pad_count++;
} }
/* check separator byte - and padding must be 8 or more bytes */ /* check separator byte 0x00 - and padding must be 8 or more bytes */
if (i == byte_size || pad_count < 8) if (i == byte_size || pad_count < 8)
return -1; return -1;

12
ssl/asn1.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2007, Cameron Rich * Copyright (c) 2007-2014, Cameron Rich
* *
* All rights reserved. * All rights reserved.
* *
@@ -40,7 +40,7 @@
#include "crypto.h" #include "crypto.h"
#include "crypto_misc.h" #include "crypto_misc.h"
/* Must be an RSA algorithm with either SHA1 or MD5 for verifying to work */ /* Must be an RSA algorithm with either SHA1/SHA256/MD5 for verifying to work */
static const uint8_t sig_oid_prefix[] = static const uint8_t sig_oid_prefix[] =
{ {
0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01
@@ -64,9 +64,10 @@ static const uint8_t sig_subject_alt_name[] =
/* CN, O, OU */ /* CN, O, OU */
static const uint8_t g_dn_types[] = { 3, 10, 11 }; static const uint8_t g_dn_types[] = { 3, 10, 11 };
int get_asn1_length(const uint8_t *buf, int *offset) uint32_t get_asn1_length(const uint8_t *buf, int *offset)
{ {
int len, i; int i;
uint32_t len;
if (!(buf[*offset] & 0x80)) /* short form */ if (!(buf[*offset] & 0x80)) /* short form */
{ {
@@ -75,6 +76,9 @@ int get_asn1_length(const uint8_t *buf, int *offset)
else /* long form */ else /* long form */
{ {
int length_bytes = buf[(*offset)++]&0x7f; int length_bytes = buf[(*offset)++]&0x7f;
if (length_bytes > 4) /* limit number of bytes */
return 0;
len = 0; len = 0;
for (i = 0; i < length_bytes; i++) for (i = 0; i < length_bytes; i++)
{ {

2
ssl/crypto_misc.h
View File

@@ -128,7 +128,7 @@ const char * x509_display_error(int error);
#define SIG_TYPE_SHA1 0x05 #define SIG_TYPE_SHA1 0x05
#define SIG_TYPE_SHA256 0x0b #define SIG_TYPE_SHA256 0x0b
int get_asn1_length(const uint8_t *buf, int *offset); uint32_t get_asn1_length(const uint8_t *buf, int *offset);
int asn1_get_private_key(const uint8_t *buf, int len, RSA_CTX **rsa_ctx); int asn1_get_private_key(const uint8_t *buf, int len, RSA_CTX **rsa_ctx);
int asn1_next_obj(const uint8_t *buf, int *offset, int obj_type); int asn1_next_obj(const uint8_t *buf, int *offset, int obj_type);
int asn1_skip_obj(const uint8_t *buf, int *offset, int obj_type); int asn1_skip_obj(const uint8_t *buf, int *offset, int obj_type);

2
ssl/x509.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2007, Cameron Rich * Copyright (c) 2007-2014, Cameron Rich
* *
* All rights reserved. * All rights reserved.
* *