yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-29 17:04:16 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3488 from CodeMonkeyLeet/mbedtls-2.16_backport_2632

Browse Source 
Backport 2.16: PR #2632 Avoid use of large stack buffers in CRT writing
This commit is contained in:
Manuel Pégourié-Gonnard 2020-08-11 10:32:18 +02:00 committed by GitHub
commit dfd517234d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 167 additions and 99 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog.d/bugfix_PR_2632.txt Normal file
View File

@ -0,0 +1,4 @@
Bugfix
* Avoid use of statically sized stack buffers for certificate writing.
This previously limited the maximum size of DER encoded certificates
in mbedtls_x509write_crt_der() to 2Kb. Reported by soccerGB in #2631.

30
include/mbedtls/pem.h
View File

@ -139,17 +139,27 @@ void mbedtls_pem_free( mbedtls_pem_context *ctx );
* \brief Write a buffer of PEM information from a DER encoded * \brief Write a buffer of PEM information from a DER encoded
* buffer. * buffer.
* *
* \param header header string to write * \param header The header string to write.
* \param footer footer string to write * \param footer The footer string to write.
* \param der_data DER data to write * \param der_data The DER data to encode.
* \param der_len length of the DER data * \param der_len The length of the DER data \p der_data in Bytes.
* \param buf buffer to write to * \param buf The buffer to write to.
* \param buf_len length of output buffer * \param buf_len The length of the output buffer \p buf in Bytes.
* \param olen total length written / required (if buf_len is not enough) * \param olen The address at which to store the total length written
* or required (if \p buf_len is not enough).
* *
* \return 0 on success, or a specific PEM or BASE64 error code. On * \note You may pass \c NULL for \p buf and \c 0 for \p buf_len
* MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL olen is the required * to request the length of the resulting PEM buffer in
* size. * `*olen`.
*
* \note This function may be called with overlapping \p der_data
* and \p buf buffers.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL if \p buf isn't large
* enough to hold the PEM buffer. In this case, `*olen` holds
* the required minimum size of \p buf.
* \return Another PEM or BASE64 error code on other kinds of failure.
*/ */
int mbedtls_pem_write_buffer( const char *header, const char *footer, int mbedtls_pem_write_buffer( const char *header, const char *footer,
const unsigned char *der_data, size_t der_len, const unsigned char *der_data, size_t der_len,

232
library/x509write_crt.c
View File

@ -101,39 +101,44 @@ void mbedtls_x509write_crt_free( mbedtls_x509write_cert *ctx )
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_x509write_cert ) ); mbedtls_platform_zeroize( ctx, sizeof( mbedtls_x509write_cert ) );
} }
void mbedtls_x509write_crt_set_version( mbedtls_x509write_cert *ctx, int version ) void mbedtls_x509write_crt_set_version( mbedtls_x509write_cert *ctx,
int version )
{ {
ctx->version = version; ctx->version = version;
} }
void mbedtls_x509write_crt_set_md_alg( mbedtls_x509write_cert *ctx, mbedtls_md_type_t md_alg ) void mbedtls_x509write_crt_set_md_alg( mbedtls_x509write_cert *ctx,
mbedtls_md_type_t md_alg )
{ {
ctx->md_alg = md_alg; ctx->md_alg = md_alg;
} }
void mbedtls_x509write_crt_set_subject_key( mbedtls_x509write_cert *ctx, mbedtls_pk_context *key ) void mbedtls_x509write_crt_set_subject_key( mbedtls_x509write_cert *ctx,
mbedtls_pk_context *key )
{ {
ctx->subject_key = key; ctx->subject_key = key;
} }
void mbedtls_x509write_crt_set_issuer_key( mbedtls_x509write_cert *ctx, mbedtls_pk_context *key ) void mbedtls_x509write_crt_set_issuer_key( mbedtls_x509write_cert *ctx,
mbedtls_pk_context *key )
{ {
ctx->issuer_key = key; ctx->issuer_key = key;
} }
int mbedtls_x509write_crt_set_subject_name( mbedtls_x509write_cert *ctx, int mbedtls_x509write_crt_set_subject_name( mbedtls_x509write_cert *ctx,
const char *subject_name ) const char *subject_name )
{ {
return mbedtls_x509_string_to_names( &ctx->subject, subject_name ); return mbedtls_x509_string_to_names( &ctx->subject, subject_name );
} }
int mbedtls_x509write_crt_set_issuer_name( mbedtls_x509write_cert *ctx, int mbedtls_x509write_crt_set_issuer_name( mbedtls_x509write_cert *ctx,
const char *issuer_name ) const char *issuer_name )
{ {
return mbedtls_x509_string_to_names( &ctx->issuer, issuer_name ); return mbedtls_x509_string_to_names( &ctx->issuer, issuer_name );
} }
int mbedtls_x509write_crt_set_serial( mbedtls_x509write_cert *ctx, const mbedtls_mpi *serial ) int mbedtls_x509write_crt_set_serial( mbedtls_x509write_cert *ctx,
const mbedtls_mpi *serial )
{ {
int ret; int ret;
@ -143,8 +148,9 @@ int mbedtls_x509write_crt_set_serial( mbedtls_x509write_cert *ctx, const mbedtls
return( 0 ); return( 0 );
} }
int mbedtls_x509write_crt_set_validity( mbedtls_x509write_cert *ctx, const char *not_before, int mbedtls_x509write_crt_set_validity( mbedtls_x509write_cert *ctx,
const char *not_after ) const char *not_before,
const char *not_after )
{ {
if( strlen( not_before ) != MBEDTLS_X509_RFC5280_UTC_TIME_LEN - 1 || if( strlen( not_before ) != MBEDTLS_X509_RFC5280_UTC_TIME_LEN - 1 ||
strlen( not_after ) != MBEDTLS_X509_RFC5280_UTC_TIME_LEN - 1 ) strlen( not_after ) != MBEDTLS_X509_RFC5280_UTC_TIME_LEN - 1 )
@ -164,12 +170,12 @@ int mbedtls_x509write_crt_set_extension( mbedtls_x509write_cert *ctx,
int critical, int critical,
const unsigned char *val, size_t val_len ) const unsigned char *val, size_t val_len )
{ {
return mbedtls_x509_set_extension( &ctx->extensions, oid, oid_len, return( mbedtls_x509_set_extension( &ctx->extensions, oid, oid_len,
critical, val, val_len ); critical, val, val_len ) );
} }
int mbedtls_x509write_crt_set_basic_constraints( mbedtls_x509write_cert *ctx, int mbedtls_x509write_crt_set_basic_constraints( mbedtls_x509write_cert *ctx,
int is_ca, int max_pathlen ) int is_ca, int max_pathlen )
{ {
int ret; int ret;
unsigned char buf[9]; unsigned char buf[9];
@ -185,18 +191,21 @@ int mbedtls_x509write_crt_set_basic_constraints( mbedtls_x509write_cert *ctx,
{ {
if( max_pathlen >= 0 ) if( max_pathlen >= 0 )
{ {
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_int( &c, buf, max_pathlen ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_int( &c, buf,
max_pathlen ) );
} }
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_bool( &c, buf, 1 ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_bool( &c, buf, 1 ) );
} }
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf,
MBEDTLS_ASN1_CONSTRUCTED |
MBEDTLS_ASN1_SEQUENCE ) ); MBEDTLS_ASN1_SEQUENCE ) );
return mbedtls_x509write_crt_set_extension( ctx, MBEDTLS_OID_BASIC_CONSTRAINTS, return(
MBEDTLS_OID_SIZE( MBEDTLS_OID_BASIC_CONSTRAINTS ), mbedtls_x509write_crt_set_extension( ctx, MBEDTLS_OID_BASIC_CONSTRAINTS,
0, buf + sizeof(buf) - len, len ); MBEDTLS_OID_SIZE( MBEDTLS_OID_BASIC_CONSTRAINTS ),
0, buf + sizeof(buf) - len, len ) );
} }
#if defined(MBEDTLS_SHA1_C) #if defined(MBEDTLS_SHA1_C)
@ -208,7 +217,8 @@ int mbedtls_x509write_crt_set_subject_key_identifier( mbedtls_x509write_cert *ct
size_t len = 0; size_t len = 0;
memset( buf, 0, sizeof(buf) ); memset( buf, 0, sizeof(buf) );
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_pk_write_pubkey( &c, buf, ctx->subject_key ) ); MBEDTLS_ASN1_CHK_ADD( len,
mbedtls_pk_write_pubkey( &c, buf, ctx->subject_key ) );
ret = mbedtls_sha1_ret( buf + sizeof( buf ) - len, len, ret = mbedtls_sha1_ret( buf + sizeof( buf ) - len, len,
buf + sizeof( buf ) - 20 ); buf + sizeof( buf ) - 20 );
@ -218,11 +228,13 @@ int mbedtls_x509write_crt_set_subject_key_identifier( mbedtls_x509write_cert *ct
len = 20; len = 20;
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_OCTET_STRING ) ); MBEDTLS_ASN1_CHK_ADD( len,
mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_OCTET_STRING ) );
return mbedtls_x509write_crt_set_extension( ctx, MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER, return mbedtls_x509write_crt_set_extension( ctx,
MBEDTLS_OID_SIZE( MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER ), MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER,
0, buf + sizeof(buf) - len, len ); MBEDTLS_OID_SIZE( MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER ),
0, buf + sizeof(buf) - len, len );
} }
int mbedtls_x509write_crt_set_authority_key_identifier( mbedtls_x509write_cert *ctx ) int mbedtls_x509write_crt_set_authority_key_identifier( mbedtls_x509write_cert *ctx )
@ -233,7 +245,8 @@ int mbedtls_x509write_crt_set_authority_key_identifier( mbedtls_x509write_cert *
size_t len = 0; size_t len = 0;
memset( buf, 0, sizeof(buf) ); memset( buf, 0, sizeof(buf) );
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_pk_write_pubkey( &c, buf, ctx->issuer_key ) ); MBEDTLS_ASN1_CHK_ADD( len,
mbedtls_pk_write_pubkey( &c, buf, ctx->issuer_key ) );
ret = mbedtls_sha1_ret( buf + sizeof( buf ) - len, len, ret = mbedtls_sha1_ret( buf + sizeof( buf ) - len, len,
buf + sizeof( buf ) - 20 ); buf + sizeof( buf ) - 20 );
@ -243,15 +256,19 @@ int mbedtls_x509write_crt_set_authority_key_identifier( mbedtls_x509write_cert *
len = 20; len = 20;
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_CONTEXT_SPECIFIC | 0 ) ); MBEDTLS_ASN1_CHK_ADD( len,
mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_CONTEXT_SPECIFIC | 0 ) );
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CHK_ADD( len,
MBEDTLS_ASN1_SEQUENCE ) ); mbedtls_asn1_write_tag( &c, buf,
MBEDTLS_ASN1_CONSTRUCTED |
MBEDTLS_ASN1_SEQUENCE ) );
return mbedtls_x509write_crt_set_extension( ctx, MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER, return mbedtls_x509write_crt_set_extension(
MBEDTLS_OID_SIZE( MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER ), ctx, MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER,
0, buf + sizeof( buf ) - len, len ); MBEDTLS_OID_SIZE( MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER ),
0, buf + sizeof( buf ) - len, len );
} }
#endif /* MBEDTLS_SHA1_C */ #endif /* MBEDTLS_SHA1_C */
@ -298,8 +315,8 @@ int mbedtls_x509write_crt_set_key_usage( mbedtls_x509write_cert *ctx,
return( MBEDTLS_ERR_X509_INVALID_FORMAT ); return( MBEDTLS_ERR_X509_INVALID_FORMAT );
ret = mbedtls_x509write_crt_set_extension( ctx, MBEDTLS_OID_KEY_USAGE, ret = mbedtls_x509write_crt_set_extension( ctx, MBEDTLS_OID_KEY_USAGE,
MBEDTLS_OID_SIZE( MBEDTLS_OID_KEY_USAGE ), MBEDTLS_OID_SIZE( MBEDTLS_OID_KEY_USAGE ),
1, c, (size_t)ret ); 1, c, (size_t)ret );
if( ret != 0 ) if( ret != 0 )
return( ret ); return( ret );
@ -325,8 +342,8 @@ int mbedtls_x509write_crt_set_ns_cert_type( mbedtls_x509write_cert *ctx,
return( ret ); return( ret );
ret = mbedtls_x509write_crt_set_extension( ctx, MBEDTLS_OID_NS_CERT_TYPE, ret = mbedtls_x509write_crt_set_extension( ctx, MBEDTLS_OID_NS_CERT_TYPE,
MBEDTLS_OID_SIZE( MBEDTLS_OID_NS_CERT_TYPE ), MBEDTLS_OID_SIZE( MBEDTLS_OID_NS_CERT_TYPE ),
0, c, (size_t)ret ); 0, c, (size_t)ret );
if( ret != 0 ) if( ret != 0 )
return( ret ); return( ret );
@ -348,7 +365,8 @@ static int x509_write_time( unsigned char **p, unsigned char *start,
(const unsigned char *) t + 2, (const unsigned char *) t + 2,
size - 2 ) ); size - 2 ) );
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_UTC_TIME ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start,
MBEDTLS_ASN1_UTC_TIME ) );
} }
else else
{ {
@ -356,15 +374,17 @@ static int x509_write_time( unsigned char **p, unsigned char *start,
(const unsigned char *) t, (const unsigned char *) t,
size ) ); size ) );
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_GENERALIZED_TIME ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start,
MBEDTLS_ASN1_GENERALIZED_TIME ) );
} }
return( (int) len ); return( (int) len );
} }
int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size, int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx,
int (*f_rng)(void *, unsigned char *, size_t), unsigned char *buf, size_t size,
void *p_rng ) int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{ {
int ret; int ret;
const char *sig_oid; const char *sig_oid;
@ -372,15 +392,14 @@ int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf,
unsigned char *c, *c2; unsigned char *c, *c2;
unsigned char hash[64]; unsigned char hash[64];
unsigned char sig[SIGNATURE_MAX_SIZE]; unsigned char sig[SIGNATURE_MAX_SIZE];
unsigned char tmp_buf[2048];
size_t sub_len = 0, pub_len = 0, sig_and_oid_len = 0, sig_len; size_t sub_len = 0, pub_len = 0, sig_and_oid_len = 0, sig_len;
size_t len = 0; size_t len = 0;
mbedtls_pk_type_t pk_alg; mbedtls_pk_type_t pk_alg;
/* /*
* Prepare data to be signed in tmp_buf * Prepare data to be signed at the end of the target buffer
*/ */
c = tmp_buf + sizeof( tmp_buf ); c = buf + size;
/* Signature algorithm needed in TBS, and later for actual signature */ /* Signature algorithm needed in TBS, and later for actual signature */
@ -406,27 +425,36 @@ int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf,
/* Only for v3 */ /* Only for v3 */
if( ctx->version == MBEDTLS_X509_CRT_VERSION_3 ) if( ctx->version == MBEDTLS_X509_CRT_VERSION_3 )
{ {
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_extensions( &c, tmp_buf, ctx->extensions ) ); MBEDTLS_ASN1_CHK_ADD( len,
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) ); mbedtls_x509_write_extensions( &c,
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED | buf, ctx->extensions ) );
MBEDTLS_ASN1_SEQUENCE ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) ); MBEDTLS_ASN1_CHK_ADD( len,
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONTEXT_SPECIFIC | mbedtls_asn1_write_tag( &c, buf,
MBEDTLS_ASN1_CONSTRUCTED | 3 ) ); MBEDTLS_ASN1_CONSTRUCTED |
MBEDTLS_ASN1_SEQUENCE ) );
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
MBEDTLS_ASN1_CHK_ADD( len,
mbedtls_asn1_write_tag( &c, buf,
MBEDTLS_ASN1_CONTEXT_SPECIFIC |
MBEDTLS_ASN1_CONSTRUCTED | 3 ) );
} }
/* /*
* SubjectPublicKeyInfo * SubjectPublicKeyInfo
*/ */
MBEDTLS_ASN1_CHK_ADD( pub_len, mbedtls_pk_write_pubkey_der( ctx->subject_key, MBEDTLS_ASN1_CHK_ADD( pub_len,
tmp_buf, c - tmp_buf ) ); mbedtls_pk_write_pubkey_der( ctx->subject_key,
buf, c - buf ) );
c -= pub_len; c -= pub_len;
len += pub_len; len += pub_len;
/* /*
* Subject ::= Name * Subject ::= Name
*/ */
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_names( &c, tmp_buf, ctx->subject ) ); MBEDTLS_ASN1_CHK_ADD( len,
mbedtls_x509_write_names( &c, buf,
ctx->subject ) );
/* /*
* Validity ::= SEQUENCE { * Validity ::= SEQUENCE {
@ -435,32 +463,39 @@ int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf,
*/ */
sub_len = 0; sub_len = 0;
MBEDTLS_ASN1_CHK_ADD( sub_len, x509_write_time( &c, tmp_buf, ctx->not_after, MBEDTLS_ASN1_CHK_ADD( sub_len,
MBEDTLS_X509_RFC5280_UTC_TIME_LEN ) ); x509_write_time( &c, buf, ctx->not_after,
MBEDTLS_X509_RFC5280_UTC_TIME_LEN ) );
MBEDTLS_ASN1_CHK_ADD( sub_len, x509_write_time( &c, tmp_buf, ctx->not_before, MBEDTLS_ASN1_CHK_ADD( sub_len,
MBEDTLS_X509_RFC5280_UTC_TIME_LEN ) ); x509_write_time( &c, buf, ctx->not_before,
MBEDTLS_X509_RFC5280_UTC_TIME_LEN ) );
len += sub_len; len += sub_len;
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, sub_len ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, sub_len ) );
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CHK_ADD( len,
MBEDTLS_ASN1_SEQUENCE ) ); mbedtls_asn1_write_tag( &c, buf,
MBEDTLS_ASN1_CONSTRUCTED |
MBEDTLS_ASN1_SEQUENCE ) );
/* /*
* Issuer ::= Name * Issuer ::= Name
*/ */
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_names( &c, tmp_buf, ctx->issuer ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_names( &c, buf,
ctx->issuer ) );
/* /*
* Signature ::= AlgorithmIdentifier * Signature ::= AlgorithmIdentifier
*/ */
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_algorithm_identifier( &c, tmp_buf, MBEDTLS_ASN1_CHK_ADD( len,
sig_oid, strlen( sig_oid ), 0 ) ); mbedtls_asn1_write_algorithm_identifier( &c, buf,
sig_oid, strlen( sig_oid ), 0 ) );
/* /*
* Serial ::= INTEGER * Serial ::= INTEGER
*/ */
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &c, tmp_buf, &ctx->serial ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &c, buf,
&ctx->serial ) );
/* /*
* Version ::= INTEGER { v1(0), v2(1), v3(2) } * Version ::= INTEGER { v1(0), v2(1), v3(2) }
@ -470,48 +505,67 @@ int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf,
if( ctx->version != MBEDTLS_X509_CRT_VERSION_1 ) if( ctx->version != MBEDTLS_X509_CRT_VERSION_1 )
{ {
sub_len = 0; sub_len = 0;
MBEDTLS_ASN1_CHK_ADD( sub_len, mbedtls_asn1_write_int( &c, tmp_buf, ctx->version ) ); MBEDTLS_ASN1_CHK_ADD( sub_len,
mbedtls_asn1_write_int( &c, buf, ctx->version ) );
len += sub_len; len += sub_len;
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, sub_len ) ); MBEDTLS_ASN1_CHK_ADD( len,
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONTEXT_SPECIFIC | mbedtls_asn1_write_len( &c, buf, sub_len ) );
MBEDTLS_ASN1_CONSTRUCTED | 0 ) ); MBEDTLS_ASN1_CHK_ADD( len,
mbedtls_asn1_write_tag( &c, buf,
MBEDTLS_ASN1_CONTEXT_SPECIFIC |
MBEDTLS_ASN1_CONSTRUCTED | 0 ) );
} }
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CHK_ADD( len,
MBEDTLS_ASN1_SEQUENCE ) ); mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_CONSTRUCTED |
MBEDTLS_ASN1_SEQUENCE ) );
/* /*
* Make signature * Make signature
*/ */
/* Compute hash of CRT. */
if( ( ret = mbedtls_md( mbedtls_md_info_from_type( ctx->md_alg ), c, if( ( ret = mbedtls_md( mbedtls_md_info_from_type( ctx->md_alg ), c,
len, hash ) ) != 0 ) len, hash ) ) != 0 )
{ {
return( ret ); return( ret );
} }
if( ( ret = mbedtls_pk_sign( ctx->issuer_key, ctx->md_alg, hash, 0, sig, &sig_len, if( ( ret = mbedtls_pk_sign( ctx->issuer_key, ctx->md_alg,
f_rng, p_rng ) ) != 0 ) hash, 0, sig, &sig_len,
f_rng, p_rng ) ) != 0 )
{ {
return( ret ); return( ret );
} }
/* /* Move CRT to the front of the buffer to have space
* Write data to output buffer * for the signature. */
*/ memmove( buf, c, len );
c = buf + len;
/* Add signature at the end of the buffer,
* making sure that it doesn't underflow
* into the CRT buffer. */
c2 = buf + size; c2 = buf + size;
MBEDTLS_ASN1_CHK_ADD( sig_and_oid_len, mbedtls_x509_write_sig( &c2, buf, MBEDTLS_ASN1_CHK_ADD( sig_and_oid_len, mbedtls_x509_write_sig( &c2, c,
sig_oid, sig_oid_len, sig, sig_len ) ); sig_oid, sig_oid_len, sig, sig_len ) );
if( len > (size_t)( c2 - buf ) ) /*
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); * Memory layout after this step:
*
* buf c=buf+len c2 buf+size
* [CRT0,...,CRTn, UNUSED, ..., UNUSED, SIG0, ..., SIGm]
*/
c2 -= len; /* Move raw CRT to just before the signature. */
memcpy( c2, c, len ); c = c2 - len;
memmove( c, buf, len );
len += sig_and_oid_len; len += sig_and_oid_len;
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c2, buf, len ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c2, buf, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf,
MBEDTLS_ASN1_CONSTRUCTED |
MBEDTLS_ASN1_SEQUENCE ) ); MBEDTLS_ASN1_SEQUENCE ) );
return( (int) len ); return( (int) len );
@ -521,23 +575,23 @@ int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf,
#define PEM_END_CRT "-----END CERTIFICATE-----\n" #define PEM_END_CRT "-----END CERTIFICATE-----\n"
#if defined(MBEDTLS_PEM_WRITE_C) #if defined(MBEDTLS_PEM_WRITE_C)
int mbedtls_x509write_crt_pem( mbedtls_x509write_cert *crt, unsigned char *buf, size_t size, int mbedtls_x509write_crt_pem( mbedtls_x509write_cert *crt,
int (*f_rng)(void *, unsigned char *, size_t), unsigned char *buf, size_t size,
void *p_rng ) int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{ {
int ret; int ret;
unsigned char output_buf[4096]; size_t olen;
size_t olen = 0;
if( ( ret = mbedtls_x509write_crt_der( crt, output_buf, sizeof(output_buf), if( ( ret = mbedtls_x509write_crt_der( crt, buf, size,
f_rng, p_rng ) ) < 0 ) f_rng, p_rng ) ) < 0 )
{ {
return( ret ); return( ret );
} }
if( ( ret = mbedtls_pem_write_buffer( PEM_BEGIN_CRT, PEM_END_CRT, if( ( ret = mbedtls_pem_write_buffer( PEM_BEGIN_CRT, PEM_END_CRT,
output_buf + sizeof(output_buf) - ret, buf + size - ret, ret,
ret, buf, size, &olen ) ) != 0 ) buf, size, &olen ) ) != 0 )
{ {
return( ret ); return( ret );
} }