mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-29 11:34:15 +01:00
Merge pull request #3489 from CodeMonkeyLeet/mbedtls-2.16_backport_3464
Backport 2.16: PR #3464 Dynamically allocate requested CSR write buffer size
This commit is contained in:
Gilles Peskine
GitHub
commit
de7e03688d
4
ChangeLog.d/x509write_csr_heap_alloc.txt
Normal file
4
ChangeLog.d/x509write_csr_heap_alloc.txt
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
Bugfix
|
||||||
|
* Reduce the stack consumption of mbedtls_x509write_csr_der() which
|
||||||
|
previously could lead to stack overflow on constrained devices.
|
||||||
|
Contributed by Doru Gucea and Simon Leet in #3464.
|
||||||
@ -81,6 +81,14 @@
|
|||||||
#define SIGNATURE_MAX_SIZE MBEDTLS_MPI_MAX_SIZE
|
#define SIGNATURE_MAX_SIZE MBEDTLS_MPI_MAX_SIZE
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_PLATFORM_C)
|
||||||
|
#include "mbedtls/platform.h"
|
||||||
|
#else
|
||||||
|
#include <stdlib.h>
|
||||||
|
#define mbedtls_calloc calloc
|
||||||
|
#define mbedtls_free free
|
||||||
|
#endif
|
||||||
|
|
||||||
void mbedtls_x509write_csr_init( mbedtls_x509write_csr *ctx )
|
void mbedtls_x509write_csr_init( mbedtls_x509write_csr *ctx )
|
||||||
{
|
{
|
||||||
memset( ctx, 0, sizeof( mbedtls_x509write_csr ) );
|
memset( ctx, 0, sizeof( mbedtls_x509write_csr ) );
|
||||||
@ -187,7 +195,10 @@ int mbedtls_x509write_csr_set_ns_cert_type( mbedtls_x509write_csr *ctx,
|
|||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
int mbedtls_x509write_csr_der( mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size,
|
static int x509write_csr_der_internal( mbedtls_x509write_csr *ctx,
|
||||||
|
unsigned char *buf,
|
||||||
|
size_t size,
|
||||||
|
unsigned char *sig,
|
||||||
int (*f_rng)(void *, unsigned char *, size_t),
|
int (*f_rng)(void *, unsigned char *, size_t),
|
||||||
void *p_rng )
|
void *p_rng )
|
||||||
{
|
{
|
||||||
@ -196,62 +207,73 @@ int mbedtls_x509write_csr_der( mbedtls_x509write_csr *ctx, unsigned char *buf, s
|
|||||||
size_t sig_oid_len = 0;
|
size_t sig_oid_len = 0;
|
||||||
unsigned char *c, *c2;
|
unsigned char *c, *c2;
|
||||||
unsigned char hash[64];
|
unsigned char hash[64];
|
||||||
unsigned char sig[SIGNATURE_MAX_SIZE];
|
|
||||||
unsigned char tmp_buf[2048];
|
|
||||||
size_t pub_len = 0, sig_and_oid_len = 0, sig_len;
|
size_t pub_len = 0, sig_and_oid_len = 0, sig_len;
|
||||||
size_t len = 0;
|
size_t len = 0;
|
||||||
mbedtls_pk_type_t pk_alg;
|
mbedtls_pk_type_t pk_alg;
|
||||||
|
|
||||||
/*
|
/* Write the CSR backwards starting from the end of buf */
|
||||||
* Prepare data to be signed in tmp_buf
|
c = buf + size;
|
||||||
*/
|
|
||||||
c = tmp_buf + sizeof( tmp_buf );
|
|
||||||
|
|
||||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_extensions( &c, tmp_buf, ctx->extensions ) );
|
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_extensions( &c, buf,
|
||||||
|
ctx->extensions ) );
|
||||||
|
|
||||||
if( len )
|
if( len )
|
||||||
{
|
{
|
||||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) );
|
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
|
||||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED |
|
MBEDTLS_ASN1_CHK_ADD( len,
|
||||||
MBEDTLS_ASN1_SEQUENCE ) );
|
mbedtls_asn1_write_tag(
|
||||||
|
&c, buf,
|
||||||
|
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) );
|
||||||
|
|
||||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) );
|
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
|
||||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED |
|
MBEDTLS_ASN1_CHK_ADD( len,
|
||||||
MBEDTLS_ASN1_SET ) );
|
mbedtls_asn1_write_tag(
|
||||||
|
&c, buf,
|
||||||
|
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET ) );
|
||||||
|
|
||||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_oid( &c, tmp_buf, MBEDTLS_OID_PKCS9_CSR_EXT_REQ,
|
MBEDTLS_ASN1_CHK_ADD( len,
|
||||||
|
mbedtls_asn1_write_oid(
|
||||||
|
&c, buf, MBEDTLS_OID_PKCS9_CSR_EXT_REQ,
|
||||||
MBEDTLS_OID_SIZE( MBEDTLS_OID_PKCS9_CSR_EXT_REQ ) ) );
|
MBEDTLS_OID_SIZE( MBEDTLS_OID_PKCS9_CSR_EXT_REQ ) ) );
|
||||||
|
|
||||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) );
|
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
|
||||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED |
|
MBEDTLS_ASN1_CHK_ADD( len,
|
||||||
MBEDTLS_ASN1_SEQUENCE ) );
|
mbedtls_asn1_write_tag(
|
||||||
|
&c, buf,
|
||||||
|
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) );
|
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
|
||||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED |
|
MBEDTLS_ASN1_CHK_ADD( len,
|
||||||
MBEDTLS_ASN1_CONTEXT_SPECIFIC ) );
|
mbedtls_asn1_write_tag(
|
||||||
|
&c, buf,
|
||||||
|
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC ) );
|
||||||
|
|
||||||
MBEDTLS_ASN1_CHK_ADD( pub_len, mbedtls_pk_write_pubkey_der( ctx->key,
|
MBEDTLS_ASN1_CHK_ADD( pub_len, mbedtls_pk_write_pubkey_der( ctx->key,
|
||||||
tmp_buf, c - tmp_buf ) );
|
buf, c - buf ) );
|
||||||
c -= pub_len;
|
c -= pub_len;
|
||||||
len += pub_len;
|
len += pub_len;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Subject ::= Name
|
* Subject ::= Name
|
||||||
*/
|
*/
|
||||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_names( &c, tmp_buf, ctx->subject ) );
|
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_names( &c, buf,
|
||||||
|
ctx->subject ) );
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Version ::= INTEGER { v1(0), v2(1), v3(2) }
|
* Version ::= INTEGER { v1(0), v2(1), v3(2) }
|
||||||
*/
|
*/
|
||||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_int( &c, tmp_buf, 0 ) );
|
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_int( &c, buf, 0 ) );
|
||||||
|
|
||||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) );
|
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
|
||||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED |
|
MBEDTLS_ASN1_CHK_ADD( len,
|
||||||
MBEDTLS_ASN1_SEQUENCE ) );
|
mbedtls_asn1_write_tag(
|
||||||
|
&c, buf,
|
||||||
|
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) );
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Prepare signature
|
* Sign the written CSR data into the sig buffer
|
||||||
|
* Note: hash errors can happen only after an internal error
|
||||||
*/
|
*/
|
||||||
ret = mbedtls_md( mbedtls_md_info_from_type( ctx->md_alg ), c, len, hash );
|
ret = mbedtls_md( mbedtls_md_info_from_type( ctx->md_alg ), c, len, hash );
|
||||||
if( ret != 0 )
|
if( ret != 0 )
|
||||||
@ -277,26 +299,62 @@ int mbedtls_x509write_csr_der( mbedtls_x509write_csr *ctx, unsigned char *buf, s
|
|||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Write data to output buffer
|
* Move the written CSR data to the start of buf to create space for
|
||||||
|
* writing the signature into buf.
|
||||||
|
*/
|
||||||
|
memmove( buf, c, len );
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Write sig and its OID into buf backwards from the end of buf.
|
||||||
|
* Note: mbedtls_x509_write_sig will check for c2 - ( buf + len ) < sig_len
|
||||||
|
* and return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL if needed.
|
||||||
*/
|
*/
|
||||||
c2 = buf + size;
|
c2 = buf + size;
|
||||||
MBEDTLS_ASN1_CHK_ADD( sig_and_oid_len, mbedtls_x509_write_sig( &c2, buf,
|
MBEDTLS_ASN1_CHK_ADD( sig_and_oid_len,
|
||||||
sig_oid, sig_oid_len, sig, sig_len ) );
|
mbedtls_x509_write_sig( &c2, buf + len, sig_oid, sig_oid_len,
|
||||||
|
sig, sig_len ) );
|
||||||
if( len > (size_t)( c2 - buf ) )
|
|
||||||
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
|
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Compact the space between the CSR data and signature by moving the
|
||||||
|
* CSR data to the start of the signature.
|
||||||
|
*/
|
||||||
c2 -= len;
|
c2 -= len;
|
||||||
memcpy( c2, c, len );
|
memmove( c2, buf, len );
|
||||||
|
|
||||||
|
/* ASN encode the total size and tag the CSR data with it. */
|
||||||
len += sig_and_oid_len;
|
len += sig_and_oid_len;
|
||||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c2, buf, len ) );
|
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c2, buf, len ) );
|
||||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c2, buf, MBEDTLS_ASN1_CONSTRUCTED |
|
MBEDTLS_ASN1_CHK_ADD( len,
|
||||||
MBEDTLS_ASN1_SEQUENCE ) );
|
mbedtls_asn1_write_tag(
|
||||||
|
&c2, buf,
|
||||||
|
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) );
|
||||||
|
|
||||||
|
/* Zero the unused bytes at the start of buf */
|
||||||
|
memset( buf, 0, c2 - buf);
|
||||||
|
|
||||||
return( (int) len );
|
return( (int) len );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int mbedtls_x509write_csr_der( mbedtls_x509write_csr *ctx, unsigned char *buf,
|
||||||
|
size_t size,
|
||||||
|
int (*f_rng)(void *, unsigned char *, size_t),
|
||||||
|
void *p_rng )
|
||||||
|
{
|
||||||
|
int ret;
|
||||||
|
unsigned char *sig;
|
||||||
|
|
||||||
|
if( ( sig = mbedtls_calloc( 1, SIGNATURE_MAX_SIZE ) ) == NULL )
|
||||||
|
{
|
||||||
|
return( MBEDTLS_ERR_X509_ALLOC_FAILED );
|
||||||
|
}
|
||||||
|
|
||||||
|
ret = x509write_csr_der_internal( ctx, buf, size, sig, f_rng, p_rng );
|
||||||
|
|
||||||
|
mbedtls_free( sig );
|
||||||
|
|
||||||
|
return( ret );
|
||||||
|
}
|
||||||
|
|
||||||
#define PEM_BEGIN_CSR "-----BEGIN CERTIFICATE REQUEST-----\n"
|
#define PEM_BEGIN_CSR "-----BEGIN CERTIFICATE REQUEST-----\n"
|
||||||
#define PEM_END_CSR "-----END CERTIFICATE REQUEST-----\n"
|
#define PEM_END_CSR "-----END CERTIFICATE REQUEST-----\n"
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user