projects
/
platform
/
upstream
/
iotivity.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Merge tizen_5.0 codes into tizen_4.0
[platform/upstream/iotivity.git]
/
resource
/
csdk
/
security
/
src
/
pkix_interface.c
diff --git
a/resource/csdk/security/src/pkix_interface.c
b/resource/csdk/security/src/pkix_interface.c
index
919608d
..
6a487a9
100644
(file)
--- a/
resource/csdk/security/src/pkix_interface.c
+++ b/
resource/csdk/security/src/pkix_interface.c
@@
-32,6
+32,8
@@
#define TAG "OIC_SRM_PKIX_INTERFACE"
#define TAG "OIC_SRM_PKIX_INTERFACE"
+#define ECC256_SIG_LEN 32+4
+
static HWPkixContext_t gHwPkixCtx = {
.getHwKeyContext = NULL,
.freeHwKeyContext = NULL,
static HWPkixContext_t gHwPkixCtx = {
.getHwKeyContext = NULL,
.freeHwKeyContext = NULL,
@@
-165,6
+167,7
@@
void CheckInvalidDERSignature(uint8_t *crtBuf, size_t *crtBufLen)
if(NULL == derCrtBufTmp)
{
OIC_LOG (ERROR, TAG, "Failed to allocate memory.");
if(NULL == derCrtBufTmp)
{
OIC_LOG (ERROR, TAG, "Failed to allocate memory.");
+ OICFree(certCopy);
goto exit;
}
goto exit;
}
@@
-195,8
+198,8
@@
void CheckInvalidDERSignature(uint8_t *crtBuf, size_t *crtBufLen)
* | tag (INTEGER) | length (1B) | value (r or s in integer) |
* +---------------+-------------+----------------------------+
*/
* | tag (INTEGER) | length (1B) | value (r or s in integer) |
* +---------------+-------------+----------------------------+
*/
- uint8_t r_buf[
32 + 4
]; // for ECC 256 sign
- uint8_t s_buf[
32 + 4
];
+ uint8_t r_buf[
ECC256_SIG_LEN
]; // for ECC 256 sign
+ uint8_t s_buf[
ECC256_SIG_LEN
];
uint32_t r_len = 0;
uint32_t s_len = 0;
size_t sign_len = 0;
uint32_t r_len = 0;
uint32_t s_len = 0;
size_t sign_len = 0;
@@
-237,7
+240,7
@@
void CheckInvalidDERSignature(uint8_t *crtBuf, size_t *crtBufLen)
{
r_len = sign_ptr[1] + 2; // including header itself
}
{
r_len = sign_ptr[1] + 2; // including header itself
}
- if (r_len > deviceCert.sig.len)
+ if (r_len > deviceCert.sig.len
|| r_len > ECC256_SIG_LEN
)
{
OIC_LOG_V(ERROR, TAG, "signature length check error #1 : %d", ret);
goto exit;
{
OIC_LOG_V(ERROR, TAG, "signature length check error #1 : %d", ret);
goto exit;
@@
-254,7
+257,7
@@
void CheckInvalidDERSignature(uint8_t *crtBuf, size_t *crtBufLen)
{
s_len = sign_ptr[1] + 2; // including header itself
}
{
s_len = sign_ptr[1] + 2; // including header itself
}
- if (s_len + r_len > deviceCert.sig.len)
+ if (s_len + r_len > deviceCert.sig.len
|| s_len > ECC256_SIG_LEN
)
{
OIC_LOG_V(ERROR, TAG, "signature length check error #2 : %d", ret);
goto exit;
{
OIC_LOG_V(ERROR, TAG, "signature length check error #2 : %d", ret);
goto exit;
@@
-341,7
+344,7
@@
void CheckInvalidDERSignature(uint8_t *crtBuf, size_t *crtBufLen)
exit:
mbedtls_x509_crt_free(&deviceCert);
OICFree(derCrtBufTmp);
exit:
mbedtls_x509_crt_free(&deviceCert);
OICFree(derCrtBufTmp);
- OIC_LOG_V(DEBUG, TAG, "Cert chain length = %
l
u", *crtBufLen);
+ OIC_LOG_V(DEBUG, TAG, "Cert chain length = %u", *crtBufLen);
OIC_LOG_V(DEBUG, TAG, "Out %s", __func__);
}
OIC_LOG_V(DEBUG, TAG, "Out %s", __func__);
}
@@
-378,7
+381,7
@@
static bool GetPkixInfoFromHw(PkiInfo_t * inf)
// check and fix invalid cert signature
CheckInvalidDERSignature(inf->crt.data, &inf->crt.len);
// check and fix invalid cert signature
CheckInvalidDERSignature(inf->crt.data, &inf->crt.len);
- OIC_LOG_V(INFO, TAG, "Cert chain length = %
l
u", inf->crt.len);
+ OIC_LOG_V(INFO, TAG, "Cert chain length = %u", inf->crt.len);
OIC_LOG_V(INFO, TAG, "Out %s", __func__);
return true;
}
OIC_LOG_V(INFO, TAG, "Out %s", __func__);
return true;
}