Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

20231208-asn-big-short-ints #7053

Merged
merged 2 commits into from
Dec 12, 2023
Merged

20231208-asn-big-short-ints #7053

merged 2 commits into from
Dec 12, 2023

Conversation

douzzer
Copy link
Contributor

@douzzer douzzer commented Dec 11, 2023

support ASN ShortInts up to 4 bytes (2^32-1):

  • parameterize MAX_LENGTH_SZ using overrideable WOLFSSL_ASN_MAX_LENGTH_SZ, default value 5 (raised from 4).
  • refactor other Misc_ASN constants to refer to MAX_LENGTH_SZ as appropriate.
  • tweak BytePrecision() appropriately.
  • refactor SetShortInt() to use BytePrecision() and include a length assert against MAX_SHORT_SZ to assure no buffer overruns with reduced WOLFSSL_ASN_MAX_LENGTH_SZ.

wolfcrypt/src/evp.c and wolfcrypt/test/test.c: in FIPS builds <5.3, gate out AES-XTS functionality that depends on new APIs added in #7031 (b14aba4 and 931ac4e) (AES-XTS is non-FIPS in FIPS <5.3).

tested with wolfssl-multi-test.sh ... super-quick-check and https://github.com/wolfssl/wolfssl-examples/pkcs7/ hacked to generate and validate a PKCS#7 object larger than 2^24 bytes.

@douzzer
support ASN ShortInts up to 4 bytes (2^32-1):
9c17d5d 
* parameterize MAX_LENGTH_SZ using overrideable WOLFSSL_ASN_MAX_LENGTH_SZ, default value 5 (raised from 4).
* refactor other Misc_ASN constants to refer to MAX_LENGTH_SZ as appropriate.
* tweak BytePrecision() appropriately.
* refactor SetShortInt() to use BytePrecision() and include a length assert against MAX_SHORT_SZ to assure no buffer overruns with reduced WOLFSSL_ASN_MAX_LENGTH_SZ.
@douzzer
wolfcrypt/src/evp.c and wolfcrypt/test/test.c: in FIPS builds <5.3, g…
c1b5135 
…ate out AES-XTS functionality that depends on new APIs added in wolfSSL#7031 (b14aba4 and 931ac4e) (AES-XTS is non-FIPS in FIPS <5.3).
dgarske
dgarske approved these changes Dec 11, 2023
View reviewed changes
Copy link
Contributor

@dgarske dgarske left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Over to Sean.

@dgarske
Copy link
Contributor

dgarske commented Dec 11, 2023

Retest this please

@SparkiDev SparkiDev removed the request for review from wolfSSL-Bot December 12, 2023 03:53
@SparkiDev SparkiDev self-assigned this Dec 12, 2023
@SparkiDev SparkiDev merged commit 1aed438 into wolfSSL:master Dec 12, 2023
92 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SparkiDev SparkiDev SparkiDev approved these changes

@dgarske dgarske dgarske approved these changes

Assignees

@wolfSSL-Bot wolfSSL-Bot

@SparkiDev SparkiDev

Labels
For This Release
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@douzzer @dgarske @SparkiDev @wolfSSL-Bot