lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-08-10 05:03:02 +03:00
Code Activity

x509: enhancement and fixes

Browse Source 
- enhance mbedtls_x509write_crt_set_serial(): avoid use of useless
  temporary buffer

- fix mbedtls_x509write_crt_der(): add an extra 0x00 byte at the
  beginning of serial if the MSb of serial is 1, as required from
  ASN.1

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
This commit is contained in:
Valerio Setti
2023-01-10 16:00:15 +01:00
parent b8dc18f3b6
commit 4752aac11d
1 changed files with 15 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
library/x509write_crt.c
View File

@@ -105,7 +105,6 @@ int mbedtls_x509write_crt_set_serial(mbedtls_x509write_cert *ctx,
const mbedtls_mpi *serial) const mbedtls_mpi *serial)
{ {
int ret; int ret;
unsigned char tmp[MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN];
size_t tmp_len; size_t tmp_len;
/* Ensure that the MPI value fits into the buffer */ /* Ensure that the MPI value fits into the buffer */
@@ -116,16 +115,11 @@ int mbedtls_x509write_crt_set_serial(mbedtls_x509write_cert *ctx,
ctx->serial_len = tmp_len; ctx->serial_len = tmp_len;
ret = mbedtls_mpi_write_binary(serial, tmp, ret = mbedtls_mpi_write_binary(serial, ctx->serial, tmp_len);
MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN);
if (ret < 0) { if (ret < 0) {
return ret; return ret;
} }
/* Copy data to the internal structure skipping leading zeros */
memcpy(ctx->serial, &tmp[MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN - tmp_len],
tmp_len);
return 0; return 0;
} }
#endif // MBEDTLS_BIGNUM_C && !MBEDTLS_DEPRECATED_REMOVED #endif // MBEDTLS_BIGNUM_C && !MBEDTLS_DEPRECATED_REMOVED
@@ -540,14 +534,25 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx,
* Serial ::= INTEGER * Serial ::= INTEGER
* *
* Written data is: * Written data is:
* - [ctx->serial_len] bytes for the raw serial buffer * - "ctx->serial_len" bytes for the raw serial buffer
* - if MSb of "serial" is 1, then prepend an extra 0x00 byte
* - 1 byte for the length * - 1 byte for the length
* - 1 byte for the TAG * - 1 byte for the TAG
*/ */
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(&c, buf, MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(&c, buf,
ctx->serial, ctx->serial_len)); ctx->serial, ctx->serial_len));
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, if (*c & 0x80) {
ctx->serial_len)); if (c - buf < 1) {
return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL;
}
*(c--) = 0x0;
len++;
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf,
ctx->serial_len + 1));
} else {
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf,
ctx->serial_len));
}
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf,
MBEDTLS_ASN1_INTEGER)); MBEDTLS_ASN1_INTEGER));