diff --git a/src/headers/tomcrypt_pk.h b/src/headers/tomcrypt_pk.h index 9f04f38..4ea6f88 100644 --- a/src/headers/tomcrypt_pk.h +++ b/src/headers/tomcrypt_pk.h @@ -31,7 +31,7 @@ enum public_key_algorithms { typedef struct Oid { unsigned long OID[16]; - /** Length of DER encoding */ + /** Number of OID digits in use */ unsigned long OIDlen; } oid_st; diff --git a/src/pk/asn1/der/object_identifier/der_decode_object_identifier.c b/src/pk/asn1/der/object_identifier/der_decode_object_identifier.c index c957565..75bc127 100644 --- a/src/pk/asn1/der/object_identifier/der_decode_object_identifier.c +++ b/src/pk/asn1/der/object_identifier/der_decode_object_identifier.c @@ -26,6 +26,7 @@ int der_decode_object_identifier(const unsigned char *in, unsigned long inle unsigned long *words, unsigned long *outlen) { unsigned long x, y, t, len; + int err; LTC_ARGCHK(in != NULL); LTC_ARGCHK(words != NULL); @@ -38,6 +39,7 @@ int der_decode_object_identifier(const unsigned char *in, unsigned long inle /* must be room for at least two words */ if (*outlen < 2) { + *outlen = 2; return CRYPT_BUFFER_OVERFLOW; } @@ -73,21 +75,28 @@ int der_decode_object_identifier(const unsigned char *in, unsigned long inle if (!(in[x++] & 0x80)) { /* store t */ if (y >= *outlen) { - return CRYPT_BUFFER_OVERFLOW; - } - if (y == 0) { - words[0] = t / 40; - words[1] = t % 40; - y = 2; + y++; } else { - words[y++] = t; + if (y == 0) { + words[0] = t / 40; + words[1] = t % 40; + y = 2; + } else { + words[y++] = t; + } } - t = 0; + t = 0; } } + if (y > *outlen) { + err = CRYPT_BUFFER_OVERFLOW; + } else { + err = CRYPT_OK; + } + *outlen = y; - return CRYPT_OK; + return err; } #endif diff --git a/src/pk/asn1/der/utf8/der_decode_utf8_string.c b/src/pk/asn1/der/utf8/der_decode_utf8_string.c index d857ce9..195a3f5 100644 --- a/src/pk/asn1/der/utf8/der_decode_utf8_string.c +++ b/src/pk/asn1/der/utf8/der_decode_utf8_string.c @@ -29,6 +29,7 @@ int der_decode_utf8_string(const unsigned char *in, unsigned long inlen, { wchar_t tmp; unsigned long x, y, z, len; + int err; LTC_ARGCHK(in != NULL); LTC_ARGCHK(out != NULL); @@ -91,15 +92,19 @@ int der_decode_utf8_string(const unsigned char *in, unsigned long inlen, tmp = (tmp << 6) | ((wchar_t)in[x++] & 0x3F); } - if (y > *outlen) { - *outlen = y; - return CRYPT_BUFFER_OVERFLOW; + if (y < *outlen) { + out[y] = tmp; } - out[y++] = tmp; + y++; + } + if (y > *outlen) { + err = CRYPT_BUFFER_OVERFLOW; + } else { + err = CRYPT_OK; } *outlen = y; - return CRYPT_OK; + return err; } #endif diff --git a/src/pk/asn1/der/utf8/der_encode_utf8_string.c b/src/pk/asn1/der/utf8/der_encode_utf8_string.c index 63ad840..4c2030f 100644 --- a/src/pk/asn1/der/utf8/der_encode_utf8_string.c +++ b/src/pk/asn1/der/utf8/der_encode_utf8_string.c @@ -53,7 +53,7 @@ int der_encode_utf8_string(const wchar_t *in, unsigned long inlen, /* too big? */ if (y > *outlen) { - *outlen = len; + *outlen = y; return CRYPT_BUFFER_OVERFLOW; } diff --git a/tests/der_test.c b/tests/der_test.c index 9fa942e..6dab424 100644 --- a/tests/der_test.c +++ b/tests/der_test.c @@ -286,7 +286,7 @@ static void _der_tests_print_flexi(ltc_asn1_list* l, unsigned int level) for (n = 0; n < l->size; ++n) { r = snprintf(s, sz, "%02X", ((unsigned char*)l->data)[n]); if (r < 0 || r >= sz) { - printf("Octet string boom"); + fprintf(stderr, "%s boom\n", name); exit(EXIT_FAILURE); } s += r; @@ -310,7 +310,7 @@ static void _der_tests_print_flexi(ltc_asn1_list* l, unsigned int level) for (i = 0; i < l->size; ++i) { r = snprintf(s, sz, "%lu.", ((unsigned long*)l->data)[i]); if (r < 0 || r >= sz) { - printf("OID boom"); + fprintf(stderr, "%s boom\n", name); exit(EXIT_FAILURE); } s += r; @@ -413,16 +413,16 @@ static void _der_tests_print_flexi(ltc_asn1_list* l, unsigned int level) } for (n = 0; n < level; ++n) { - printf(" "); + fprintf(stderr, " "); } if (name) { if (text) - printf("%s %s\n", name, text); + fprintf(stderr, "%s %s\n", name, text); else - printf("%s \n", name); + fprintf(stderr, "%s \n", name); } else - printf("WTF type=%i\n", l->type); + fprintf(stderr, "WTF type=%i\n", l->type); if (ostring) { _der_tests_print_flexi(ostring, level + 1); diff --git a/tests/dsa_test.c b/tests/dsa_test.c index e620dde..a429993 100644 --- a/tests/dsa_test.c +++ b/tests/dsa_test.c @@ -143,14 +143,14 @@ static int _dsa_compat_test(void) x = sizeof(tmp); DO(dsa_export(tmp, &x, PK_PRIVATE | PK_STD, &key)); if (compare_testvector(tmp, x, openssl_priv_dsa, sizeof(openssl_priv_dsa), - "DSA private export failed from dsa_import(priv_key)\n", 0)) { + "DSA private export failed from dsa_import(priv_key)\n", __LINE__)) { return CRYPT_FAIL_TESTVECTOR; } x = sizeof(tmp); DO(dsa_export(tmp, &x, PK_PUBLIC | PK_STD, &key)); if (compare_testvector(tmp, x, openssl_pub_dsa, sizeof(openssl_pub_dsa), - "DSA public export failed from dsa_import(priv_key)\n", 0)) { + "DSA public export failed from dsa_import(priv_key)\n", __LINE__)) { return CRYPT_FAIL_TESTVECTOR; } dsa_free(&key); @@ -160,7 +160,7 @@ static int _dsa_compat_test(void) x = sizeof(tmp); DO(dsa_export(tmp, &x, PK_PUBLIC | PK_STD, &key)); if (compare_testvector(tmp, x, openssl_pub_dsa, sizeof(openssl_pub_dsa), - "DSA public export failed from dsa_import(pub_key)\n", 0)) { + "DSA public export failed from dsa_import(pub_key)\n", __LINE__)) { return CRYPT_FAIL_TESTVECTOR; } dsa_free(&key); @@ -185,7 +185,7 @@ static int _dsa_compat_test(void) len = sizeof(buf); DO(dsa_export(buf, &len, PK_PRIVATE | PK_STD, &key)); if (compare_testvector(buf, len, openssl_priv_dsa, sizeof(openssl_priv_dsa), - "DSA private export failed from dsa_set_pqg() & dsa_set_key()\n", 0)) { + "DSA private export failed from dsa_set_pqg() & dsa_set_key()\n", __LINE__)) { return CRYPT_FAIL_TESTVECTOR; } dsa_free(&key); @@ -201,7 +201,7 @@ static int _dsa_compat_test(void) len = sizeof(buf); DO(dsa_export(buf, &len, PK_PUBLIC | PK_STD, &key)); if (compare_testvector(buf, len, openssl_pub_dsa, sizeof(openssl_pub_dsa), - "DSA public export failed from dsa_set_pqg() & dsa_set_key()\n", 0)) { + "DSA public export failed from dsa_set_pqg() & dsa_set_key()\n", __LINE__)) { return CRYPT_FAIL_TESTVECTOR; } dsa_free(&key); @@ -225,7 +225,7 @@ static int _dsa_compat_test(void) len = sizeof(buf); DO(dsa_export(buf, &len, PK_PUBLIC | PK_STD, &key)); if (compare_testvector(buf, len, openssl_pub_dsa, sizeof(openssl_pub_dsa), - "DSA public export failed from dsa_set_pqg_dsaparam()\n", 0)) { + "DSA public export failed from dsa_set_pqg_dsaparam()\n", __LINE__)) { return CRYPT_FAIL_TESTVECTOR; } dsa_free(&key); @@ -238,7 +238,7 @@ static int _dsa_compat_test(void) len = sizeof(buf); DO(dsa_export(buf, &len, PK_PRIVATE | PK_STD, &key)); if (compare_testvector(buf, len, openssl_priv_dsa, sizeof(openssl_priv_dsa), - "DSA private export failed from dsa_set_pqg_dsaparam()\n", 0)) { + "DSA private export failed from dsa_set_pqg_dsaparam()\n", __LINE__)) { return CRYPT_FAIL_TESTVECTOR; } dsa_free(&key);