[*] Linux fault: LTC/Clang driver bug? _multi encode variant results in inexplicable given a SEQUENCE after seemingly anything.

Faults on bool deref under encode boolean.
This commit is contained in:
Reece Wilson 2022-12-16 07:04:11 +00:00
parent f0fcec0cb7
commit 42d02b185c

View File

@ -5,7 +5,6 @@
Date: 2021-6-24
Author: Reece
***/
#include <tomcrypt.h>
#include "tomcrypt_private.h"
#include "LTCExtensions.h"
@ -78,8 +77,6 @@ int rsa_pkcs8_export(unsigned char *out, unsigned long *outlen, const rsa_key *
unsigned long oid[16];
const char *oidReference;
ltc_asn1_list alg_seq[2];
ret = pk_get_oid(PKA_RSA, &oidReference);
if (ret != CRYPT_OK)
{
@ -93,31 +90,27 @@ int rsa_pkcs8_export(unsigned char *out, unsigned long *outlen, const rsa_key *
return ret;
}
LTC_SET_ASN1(alg_seq, 0, LTC_ASN1_OBJECT_IDENTIFIER, oid, oidArraySize);
LTC_SET_ASN1(alg_seq, 1, LTC_ASN1_NULL, NULL, 0UL);
if ((flags & kRsaFlagPublic) == 0)
{
if (key->type == PK_PUBLIC)
{
return CRYPT_INVALID_ARG;
}
ltc_asn1_list alg_seq[2], top_seq[3];
unsigned long zero = 0;
void *keyType;
mp_init(&keyType);
mp_set_int(keyType, 0);
ret = der_encode_sequence_multi(out, outlen,
LTC_ASN1_INTEGER, 1, keyType,
LTC_ASN1_SEQUENCE, 2, alg_seq,
LTC_ASN1_OCTET_STRING, length, temp,
LTC_ASN1_EOL, 0UL, NULL);
mp_clear(keyType);
LTC_SET_ASN1(alg_seq, 0, LTC_ASN1_OBJECT_IDENTIFIER, oid, oidArraySize);
LTC_SET_ASN1(alg_seq, 1, LTC_ASN1_NULL, NULL, 0UL);
LTC_SET_ASN1(top_seq, 0, LTC_ASN1_SHORT_INTEGER, &zero, 1UL);
LTC_SET_ASN1(top_seq, 1, LTC_ASN1_SEQUENCE, alg_seq, 2UL);
LTC_SET_ASN1(top_seq, 2, LTC_ASN1_OCTET_STRING, temp, length);
ret = der_encode_sequence(top_seq, 3, out, outlen);
}
else
{
ltc_asn1_list alg_seq[2];
LTC_SET_ASN1(alg_seq, 0, LTC_ASN1_OBJECT_IDENTIFIER, oid, oidArraySize);
// TODO: return false?
ret = der_encode_sequence_multi(out, outlen,
LTC_ASN1_SEQUENCE, 1, alg_seq,