From 9f366b07ea9ac1496b8929b67dffb9f7dee6d49c Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 11 Sep 2023 15:47:00 +0100 Subject: [PATCH 1/9] Reduce code size in mbedtls_asn1_write_len Signed-off-by: Dave Rodgman --- library/asn1write.c | 77 +++++++++++++-------------------------------- 1 file changed, 22 insertions(+), 55 deletions(-) diff --git a/library/asn1write.c b/library/asn1write.c index c65d9370e..1c7f15d8f 100644 --- a/library/asn1write.c +++ b/library/asn1write.c @@ -30,66 +30,33 @@ int mbedtls_asn1_write_len(unsigned char **p, const unsigned char *start, size_t len) { - if (len < 0x80) { - if (*p - start < 1) { - return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; - } - - *--(*p) = (unsigned char) len; - return 1; - } - - if (len <= 0xFF) { - if (*p - start < 2) { - return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; - } - - *--(*p) = (unsigned char) len; - *--(*p) = 0x81; - return 2; - } - - if (len <= 0xFFFF) { - if (*p - start < 3) { - return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; - } - - *--(*p) = MBEDTLS_BYTE_0(len); - *--(*p) = MBEDTLS_BYTE_1(len); - *--(*p) = 0x82; - return 3; - } - - if (len <= 0xFFFFFF) { - if (*p - start < 4) { - return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; - } - - *--(*p) = MBEDTLS_BYTE_0(len); - *--(*p) = MBEDTLS_BYTE_1(len); - *--(*p) = MBEDTLS_BYTE_2(len); - *--(*p) = 0x83; - return 4; - } - - int len_is_valid = 1; #if SIZE_MAX > 0xFFFFFFFF - len_is_valid = (len <= 0xFFFFFFFF); + if (len > 0xFFFFFFFF) return MBEDTLS_ERR_ASN1_INVALID_LENGTH; #endif - if (len_is_valid) { - if (*p - start < 5) { - return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; - } - *--(*p) = MBEDTLS_BYTE_0(len); - *--(*p) = MBEDTLS_BYTE_1(len); - *--(*p) = MBEDTLS_BYTE_2(len); - *--(*p) = MBEDTLS_BYTE_3(len); - *--(*p) = 0x84; - return 5; + int required = 1; + if (len < 0x80) { + required = 1; + } else { + for (size_t l = len; l != 0; l >>= 8) { + required++; + } } - return MBEDTLS_ERR_ASN1_INVALID_LENGTH; + if (required > (*p - start)) { + return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; + } + + do { + *--(*p) = MBEDTLS_BYTE_0(len); + len >>= 8; + } while (len); + + if (required > 1) { + *--(*p) = (unsigned char)(required + 0x7f); + } + + return required; } int mbedtls_asn1_write_tag(unsigned char **p, const unsigned char *start, unsigned char tag) From 3bbedf6ba0a0233a0ab0b2efe908d2239dc13726 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 11 Sep 2023 16:06:28 +0100 Subject: [PATCH 2/9] code style Signed-off-by: Dave Rodgman --- library/asn1write.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/library/asn1write.c b/library/asn1write.c index 1c7f15d8f..5dde3fe7a 100644 --- a/library/asn1write.c +++ b/library/asn1write.c @@ -31,7 +31,9 @@ int mbedtls_asn1_write_len(unsigned char **p, const unsigned char *start, size_t len) { #if SIZE_MAX > 0xFFFFFFFF - if (len > 0xFFFFFFFF) return MBEDTLS_ERR_ASN1_INVALID_LENGTH; + if (len > 0xFFFFFFFF) { + return MBEDTLS_ERR_ASN1_INVALID_LENGTH; + } #endif int required = 1; @@ -53,7 +55,7 @@ int mbedtls_asn1_write_len(unsigned char **p, const unsigned char *start, size_t } while (len); if (required > 1) { - *--(*p) = (unsigned char)(required + 0x7f); + *--(*p) = (unsigned char) (required + 0x7f); } return required; From cf5f746a8caa3810116417a88f526a67534fe270 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 11 Sep 2023 16:27:34 +0100 Subject: [PATCH 3/9] Refactor out some common code Signed-off-by: Dave Rodgman --- library/asn1write.c | 67 ++++++++++++++++----------------------------- 1 file changed, 23 insertions(+), 44 deletions(-) diff --git a/library/asn1write.c b/library/asn1write.c index 5dde3fe7a..4887f1551 100644 --- a/library/asn1write.c +++ b/library/asn1write.c @@ -72,6 +72,19 @@ int mbedtls_asn1_write_tag(unsigned char **p, const unsigned char *start, unsign return 1; } +static int mbedtls_write_len_and_tag(unsigned char **p, + const unsigned char *start, + int len, + unsigned char tag) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, tag)); + + return len; +} + int mbedtls_asn1_write_raw_buffer(unsigned char **p, const unsigned char *start, const unsigned char *buf, size_t size) { @@ -123,10 +136,7 @@ int mbedtls_asn1_write_mpi(unsigned char **p, const unsigned char *start, const len += 1; } - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_INTEGER)); - - ret = (int) len; + ret = mbedtls_write_len_and_tag(p, start, len, MBEDTLS_ASN1_INTEGER); cleanup: return ret; @@ -135,15 +145,9 @@ cleanup: int mbedtls_asn1_write_null(unsigned char **p, const unsigned char *start) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len = 0; - // Write NULL // - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, 0)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_NULL)); - - return (int) len; + return mbedtls_write_len_and_tag(p, start, 0, MBEDTLS_ASN1_NULL); } int mbedtls_asn1_write_oid(unsigned char **p, const unsigned char *start, @@ -154,10 +158,7 @@ int mbedtls_asn1_write_oid(unsigned char **p, const unsigned char *start, MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(p, start, (const unsigned char *) oid, oid_len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_OID)); - - return (int) len; + return mbedtls_write_len_and_tag(p, start, len, MBEDTLS_ASN1_OID); } int mbedtls_asn1_write_algorithm_identifier(unsigned char **p, const unsigned char *start, @@ -184,17 +185,12 @@ int mbedtls_asn1_write_algorithm_identifier_ext(unsigned char **p, const unsigne MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_oid(p, start, oid, oid_len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, - MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE)); - - return (int) len; + return mbedtls_write_len_and_tag(p, start, len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE); } int mbedtls_asn1_write_bool(unsigned char **p, const unsigned char *start, int boolean) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; if (*p - start < 1) { @@ -204,15 +200,11 @@ int mbedtls_asn1_write_bool(unsigned char **p, const unsigned char *start, int b *--(*p) = (boolean) ? 255 : 0; len++; - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_BOOLEAN)); - - return (int) len; + return mbedtls_write_len_and_tag(p, start, len, MBEDTLS_ASN1_BOOLEAN); } static int asn1_write_tagged_int(unsigned char **p, const unsigned char *start, int val, int tag) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; do { @@ -232,10 +224,7 @@ static int asn1_write_tagged_int(unsigned char **p, const unsigned char *start, len += 1; } - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, tag)); - - return (int) len; + return mbedtls_write_len_and_tag(p, start, len, tag); } int mbedtls_asn1_write_int(unsigned char **p, const unsigned char *start, int val) @@ -258,10 +247,7 @@ int mbedtls_asn1_write_tagged_string(unsigned char **p, const unsigned char *sta (const unsigned char *) text, text_len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, tag)); - - return (int) len; + return mbedtls_write_len_and_tag(p, start, len, tag); } int mbedtls_asn1_write_utf8_string(unsigned char **p, const unsigned char *start, @@ -330,7 +316,6 @@ int mbedtls_asn1_write_named_bitstring(unsigned char **p, int mbedtls_asn1_write_bitstring(unsigned char **p, const unsigned char *start, const unsigned char *buf, size_t bits) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; size_t unused_bits, byte_len; @@ -354,10 +339,7 @@ int mbedtls_asn1_write_bitstring(unsigned char **p, const unsigned char *start, /* Write unused bits */ *--(*p) = (unsigned char) unused_bits; - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_BIT_STRING)); - - return (int) len; + return mbedtls_write_len_and_tag(p, start, len, MBEDTLS_ASN1_BIT_STRING); } int mbedtls_asn1_write_octet_string(unsigned char **p, const unsigned char *start, @@ -368,10 +350,7 @@ int mbedtls_asn1_write_octet_string(unsigned char **p, const unsigned char *star MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(p, start, buf, size)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_OCTET_STRING)); - - return (int) len; + return mbedtls_write_len_and_tag(p, start, len, MBEDTLS_ASN1_OCTET_STRING); } From 33287ae1340ea4a6225dc9e2016b91bf115214f2 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 11 Sep 2023 17:03:22 +0100 Subject: [PATCH 4/9] Tidy up mbedtls_asn1_write_len Signed-off-by: Dave Rodgman --- library/asn1write.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/library/asn1write.c b/library/asn1write.c index 4887f1551..7d533491f 100644 --- a/library/asn1write.c +++ b/library/asn1write.c @@ -37,9 +37,8 @@ int mbedtls_asn1_write_len(unsigned char **p, const unsigned char *start, size_t #endif int required = 1; - if (len < 0x80) { - required = 1; - } else { + + if (len >= 0x80) { for (size_t l = len; l != 0; l >>= 8) { required++; } @@ -55,7 +54,7 @@ int mbedtls_asn1_write_len(unsigned char **p, const unsigned char *start, size_t } while (len); if (required > 1) { - *--(*p) = (unsigned char) (required + 0x7f); + *--(*p) = (unsigned char) (0x80 + required - 1); } return required; From 49352832c9054ebff0f8542bc02038bf8a621a3a Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 11 Sep 2023 17:09:13 +0100 Subject: [PATCH 5/9] Eliminate duplicate of mbedtls_asn1_find_named_data Signed-off-by: Dave Rodgman --- library/asn1write.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/library/asn1write.c b/library/asn1write.c index 7d533491f..2e7c4a96f 100644 --- a/library/asn1write.c +++ b/library/asn1write.c @@ -28,6 +28,10 @@ #include "mbedtls/platform.h" +#if defined(MBEDTLS_ASN1_PARSE_C) +#include "mbedtls/asn1.h" +#endif + int mbedtls_asn1_write_len(unsigned char **p, const unsigned char *start, size_t len) { #if SIZE_MAX > 0xFFFFFFFF @@ -353,6 +357,7 @@ int mbedtls_asn1_write_octet_string(unsigned char **p, const unsigned char *star } +#if !defined(MBEDTLS_ASN1_PARSE_C) /* This is a copy of the ASN.1 parsing function mbedtls_asn1_find_named_data(), * which is replicated to avoid a dependency ASN1_WRITE_C on ASN1_PARSE_C. */ static mbedtls_asn1_named_data *asn1_find_named_data( @@ -370,6 +375,10 @@ static mbedtls_asn1_named_data *asn1_find_named_data( return list; } +#else +#define asn1_find_named_data(list, oid, len) \ + ((mbedtls_asn1_named_data *) mbedtls_asn1_find_named_data(list, oid, len)) +#endif mbedtls_asn1_named_data *mbedtls_asn1_store_named_data( mbedtls_asn1_named_data **head, From 5265c318a03e2b681821aeabe651e8ab3f7a2216 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 11 Sep 2023 18:04:13 +0100 Subject: [PATCH 6/9] Fix type-conversion error Signed-off-by: Dave Rodgman --- library/asn1write.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/asn1write.c b/library/asn1write.c index 2e7c4a96f..6e806151d 100644 --- a/library/asn1write.c +++ b/library/asn1write.c @@ -77,7 +77,7 @@ int mbedtls_asn1_write_tag(unsigned char **p, const unsigned char *start, unsign static int mbedtls_write_len_and_tag(unsigned char **p, const unsigned char *start, - int len, + size_t len, unsigned char tag) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; From dc669a1944d4196b9fa8058a1480c9ec14dc288f Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 11 Sep 2023 18:39:57 +0100 Subject: [PATCH 7/9] Fix type error Signed-off-by: Dave Rodgman --- library/asn1write.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/asn1write.c b/library/asn1write.c index 6e806151d..fb725748b 100644 --- a/library/asn1write.c +++ b/library/asn1write.c @@ -85,7 +85,7 @@ static int mbedtls_write_len_and_tag(unsigned char **p, MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, tag)); - return len; + return (int) len; } int mbedtls_asn1_write_raw_buffer(unsigned char **p, const unsigned char *start, From ecdfc1c94f547817edf2e1b045e59998383bd87f Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 15 Sep 2023 18:00:37 +0100 Subject: [PATCH 8/9] Fix poorly named function Signed-off-by: Dave Rodgman --- library/asn1write.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/library/asn1write.c b/library/asn1write.c index fb725748b..40584d6ba 100644 --- a/library/asn1write.c +++ b/library/asn1write.c @@ -75,7 +75,7 @@ int mbedtls_asn1_write_tag(unsigned char **p, const unsigned char *start, unsign return 1; } -static int mbedtls_write_len_and_tag(unsigned char **p, +static int mbedtls_asn1_write_len_and_tag(unsigned char **p, const unsigned char *start, size_t len, unsigned char tag) @@ -139,7 +139,7 @@ int mbedtls_asn1_write_mpi(unsigned char **p, const unsigned char *start, const len += 1; } - ret = mbedtls_write_len_and_tag(p, start, len, MBEDTLS_ASN1_INTEGER); + ret = mbedtls_asn1_write_len_and_tag(p, start, len, MBEDTLS_ASN1_INTEGER); cleanup: return ret; @@ -150,7 +150,7 @@ int mbedtls_asn1_write_null(unsigned char **p, const unsigned char *start) { // Write NULL // - return mbedtls_write_len_and_tag(p, start, 0, MBEDTLS_ASN1_NULL); + return mbedtls_asn1_write_len_and_tag(p, start, 0, MBEDTLS_ASN1_NULL); } int mbedtls_asn1_write_oid(unsigned char **p, const unsigned char *start, @@ -161,7 +161,7 @@ int mbedtls_asn1_write_oid(unsigned char **p, const unsigned char *start, MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(p, start, (const unsigned char *) oid, oid_len)); - return mbedtls_write_len_and_tag(p, start, len, MBEDTLS_ASN1_OID); + return mbedtls_asn1_write_len_and_tag(p, start, len, MBEDTLS_ASN1_OID); } int mbedtls_asn1_write_algorithm_identifier(unsigned char **p, const unsigned char *start, @@ -188,7 +188,7 @@ int mbedtls_asn1_write_algorithm_identifier_ext(unsigned char **p, const unsigne MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_oid(p, start, oid, oid_len)); - return mbedtls_write_len_and_tag(p, start, len, + return mbedtls_asn1_write_len_and_tag(p, start, len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE); } @@ -203,7 +203,7 @@ int mbedtls_asn1_write_bool(unsigned char **p, const unsigned char *start, int b *--(*p) = (boolean) ? 255 : 0; len++; - return mbedtls_write_len_and_tag(p, start, len, MBEDTLS_ASN1_BOOLEAN); + return mbedtls_asn1_write_len_and_tag(p, start, len, MBEDTLS_ASN1_BOOLEAN); } static int asn1_write_tagged_int(unsigned char **p, const unsigned char *start, int val, int tag) @@ -227,7 +227,7 @@ static int asn1_write_tagged_int(unsigned char **p, const unsigned char *start, len += 1; } - return mbedtls_write_len_and_tag(p, start, len, tag); + return mbedtls_asn1_write_len_and_tag(p, start, len, tag); } int mbedtls_asn1_write_int(unsigned char **p, const unsigned char *start, int val) @@ -250,7 +250,7 @@ int mbedtls_asn1_write_tagged_string(unsigned char **p, const unsigned char *sta (const unsigned char *) text, text_len)); - return mbedtls_write_len_and_tag(p, start, len, tag); + return mbedtls_asn1_write_len_and_tag(p, start, len, tag); } int mbedtls_asn1_write_utf8_string(unsigned char **p, const unsigned char *start, @@ -342,7 +342,7 @@ int mbedtls_asn1_write_bitstring(unsigned char **p, const unsigned char *start, /* Write unused bits */ *--(*p) = (unsigned char) unused_bits; - return mbedtls_write_len_and_tag(p, start, len, MBEDTLS_ASN1_BIT_STRING); + return mbedtls_asn1_write_len_and_tag(p, start, len, MBEDTLS_ASN1_BIT_STRING); } int mbedtls_asn1_write_octet_string(unsigned char **p, const unsigned char *start, @@ -353,7 +353,7 @@ int mbedtls_asn1_write_octet_string(unsigned char **p, const unsigned char *star MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(p, start, buf, size)); - return mbedtls_write_len_and_tag(p, start, len, MBEDTLS_ASN1_OCTET_STRING); + return mbedtls_asn1_write_len_and_tag(p, start, len, MBEDTLS_ASN1_OCTET_STRING); } From 0c9516ea896bed84f45d2818b71b688e563dd47a Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 15 Sep 2023 18:30:09 +0100 Subject: [PATCH 9/9] code style Signed-off-by: Dave Rodgman --- library/asn1write.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/library/asn1write.c b/library/asn1write.c index 2fb8a12a3..2e9b98ad5 100644 --- a/library/asn1write.c +++ b/library/asn1write.c @@ -78,9 +78,9 @@ int mbedtls_asn1_write_tag(unsigned char **p, const unsigned char *start, unsign #if defined(MBEDTLS_ASN1_WRITE_C) static int mbedtls_asn1_write_len_and_tag(unsigned char **p, - const unsigned char *start, - size_t len, - unsigned char tag) + const unsigned char *start, + size_t len, + unsigned char tag) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -191,7 +191,7 @@ int mbedtls_asn1_write_algorithm_identifier_ext(unsigned char **p, const unsigne MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_oid(p, start, oid, oid_len)); return mbedtls_asn1_write_len_and_tag(p, start, len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE); + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE); } int mbedtls_asn1_write_bool(unsigned char **p, const unsigned char *start, int boolean)