[*] Linux fault: LTC/Clang driver bug? _multi encode variant results in inexplicable given a SEQUENCE after seemingly anything.

Faults on bool deref under encode boolean.
2022-12-16 07:04:11 +00:00 · 2022-12-16 07:04:11 +00:00 · 42d02b185c
commit 42d02b185c
parent f0fcec0cb7
1 changed files with 11 additions and 18 deletions
--- a/Source/Extensions/LTC/LTCExport.c
+++ b/Source/Extensions/LTC/LTCExport.c
@ -5,7 +5,6 @@
    Date: 2021-6-24
    Author: Reece
 ***/
-#include <tomcrypt.h>
 #include "tomcrypt_private.h"
 #include "LTCExtensions.h"

@ -78,8 +77,6 @@ int rsa_pkcs8_export(unsigned char *out, unsigned long *outlen, const rsa_key *
        unsigned long oid[16];
        const char *oidReference;

-        ltc_asn1_list alg_seq[2];
-
        ret = pk_get_oid(PKA_RSA, &oidReference);
        if (ret != CRYPT_OK)
        {
@ -93,31 +90,27 @@ int rsa_pkcs8_export(unsigned char *out, unsigned long *outlen, const rsa_key *
            return ret;
        }

-        LTC_SET_ASN1(alg_seq, 0, LTC_ASN1_OBJECT_IDENTIFIER, oid, oidArraySize);
-        LTC_SET_ASN1(alg_seq, 1, LTC_ASN1_NULL, NULL, 0UL);
-
        if ((flags & kRsaFlagPublic) == 0)
        {
            if (key->type == PK_PUBLIC)
            {
                return CRYPT_INVALID_ARG;
            }
+    
+            ltc_asn1_list alg_seq[2], top_seq[3];
+            unsigned long zero = 0;

-            void *keyType;
-
-            mp_init(&keyType);
-            mp_set_int(keyType, 0);
-
-            ret = der_encode_sequence_multi(out, outlen,
-                                            LTC_ASN1_INTEGER, 1, keyType,
-                                            LTC_ASN1_SEQUENCE, 2, alg_seq,
-                                            LTC_ASN1_OCTET_STRING, length, temp,
-                                            LTC_ASN1_EOL, 0UL, NULL);
-
-            mp_clear(keyType);
+            LTC_SET_ASN1(alg_seq, 0, LTC_ASN1_OBJECT_IDENTIFIER, oid, oidArraySize);
+            LTC_SET_ASN1(alg_seq, 1, LTC_ASN1_NULL, NULL, 0UL);
+            LTC_SET_ASN1(top_seq, 0, LTC_ASN1_SHORT_INTEGER, &zero, 1UL);
+            LTC_SET_ASN1(top_seq, 1, LTC_ASN1_SEQUENCE, alg_seq, 2UL);
+            LTC_SET_ASN1(top_seq, 2, LTC_ASN1_OCTET_STRING, temp, length);
+            ret = der_encode_sequence(top_seq, 3, out, outlen);
        }
        else
        {
+            ltc_asn1_list alg_seq[2];
+            LTC_SET_ASN1(alg_seq, 0, LTC_ASN1_OBJECT_IDENTIFIER, oid, oidArraySize);
            // TODO: return false?
            ret = der_encode_sequence_multi(out, outlen,
                                            LTC_ASN1_SEQUENCE, 1, alg_seq,