#define TAG "OIC_SRM_PKIX_INTERFACE"
+#define ECC256_SIG_LEN 32+4
+
static HWPkixContext_t gHwPkixCtx = {
.getHwKeyContext = NULL,
.freeHwKeyContext = NULL,
return;
}
- OIC_LOG_V(INFO, TAG, "Cert Buf Length: %lu", *crtBufLen);
+ OIC_LOG_V(INFO, TAG, "Cert Buf Length: %zu", *crtBufLen);
OIC_LOG(INFO, TAG, "[Cert Buf] : ");
OIC_LOG_BUFFER(INFO, TAG, crtBuf, *crtBufLen);
if(NULL == derCrtBufTmp)
{
OIC_LOG (ERROR, TAG, "Failed to allocate memory.");
+ OICFree(certCopy);
goto exit;
}
* | tag (INTEGER) | length (1B) | value (r or s in integer) |
* +---------------+-------------+----------------------------+
*/
- uint8_t r_buf[32 + 4]; // for ECC 256 sign
- uint8_t s_buf[32 + 4];
+ uint8_t r_buf[ECC256_SIG_LEN]; // for ECC 256 sign
+ uint8_t s_buf[ECC256_SIG_LEN];
uint32_t r_len = 0;
uint32_t s_len = 0;
size_t sign_len = 0;
{
r_len = sign_ptr[1] + 2; // including header itself
}
- if (r_len > deviceCert.sig.len)
+ if (r_len > deviceCert.sig.len || r_len > ECC256_SIG_LEN)
{
OIC_LOG_V(ERROR, TAG, "signature length check error #1 : %d", ret);
goto exit;
{
s_len = sign_ptr[1] + 2; // including header itself
}
- if (s_len + r_len > deviceCert.sig.len)
+ if (s_len + r_len > deviceCert.sig.len || s_len > ECC256_SIG_LEN)
{
OIC_LOG_V(ERROR, TAG, "signature length check error #2 : %d", ret);
goto exit;
if (removed_total > 0)
{
// if length of signature is incorrect.
- OIC_LOG_V(INFO, TAG, "Cert Length (Before) : %lu", *derCrtBufLen);
+ OIC_LOG_V(INFO, TAG, "Cert Length (Before) : %zu", *derCrtBufLen);
OIC_LOG(INFO, TAG, "Invalid length of signature is dectected.");
OIC_LOG(INFO, TAG, "Update signature...");
*derCrtBufLen = (size_t)crt_len + remained_len;
mbedtls_x509_crt_free(&crt_cpy);
- OIC_LOG_V(INFO, TAG, "Dev cert : %lu -> %lu", org_len, crt_len);
- OIC_LOG_V(INFO, TAG, "Remained chain : %lu", remained_len);
- OIC_LOG_V(INFO, TAG, "Cert Length (After) : %lu", *crtBufLen);
+ OIC_LOG_V(INFO, TAG, "Dev cert : %zu -> %u", org_len, crt_len);
+ OIC_LOG_V(INFO, TAG, "Remained chain : %zu", remained_len);
+ OIC_LOG_V(INFO, TAG, "Cert Length (After) : %zu", *crtBufLen);
}
}
else
exit:
mbedtls_x509_crt_free(&deviceCert);
OICFree(derCrtBufTmp);
- OIC_LOG_V(DEBUG, TAG, "Cert chain length = %d", *crtBufLen);
+ OIC_LOG_V(DEBUG, TAG, "Cert chain length = %u", *crtBufLen);
OIC_LOG_V(DEBUG, TAG, "Out %s", __func__);
}
// check and fix invalid cert signature
CheckInvalidDERSignature(inf->crt.data, &inf->crt.len);
- OIC_LOG_V(INFO, TAG, "Cert chain length = %d", inf->crt.len);
+ OIC_LOG_V(INFO, TAG, "Cert chain length = %u", inf->crt.len);
OIC_LOG_V(INFO, TAG, "Out %s", __func__);
return true;
}