Store crlNumber as an MP_INT

Author: lealem47

src/crl.c

@@ -139,7 +139,9 @@ static int InitCRL_Entry(CRL_Entry* crle, DecodedCRL* dcrl, const byte* buff,
 #endif
     dcrl->certs = NULL;
     crle->totalCerts = dcrl->totalCerts;
+#ifndef NO_BIG_INT
     crle->crlNumber = dcrl->crlNumber;
+#endif
     crle->verified = verified;
     if (!verified) {
         crle->tbsSz = dcrl->sigIndex - dcrl->certBegin;
@@ -590,7 +592,9 @@ static void SetCrlInfo(CRL_Entry* entry, CrlInfo *info)
     info->nextDate = (byte *)entry->nextDate;
     info->nextDateMaxLen = MAX_DATE_SIZE;
     info->nextDateFormat = entry->nextDateFormat;
-    info->crlNumber = (sword32)entry->crlNumber;
+#ifndef NO_BIG_INT
+    info->crlNumber = entry->crlNumber;
+#endif
 }
 
 static void SetCrlInfoFromDecoded(DecodedCRL* entry, CrlInfo *info)
@@ -603,7 +607,9 @@ static void SetCrlInfoFromDecoded(DecodedCRL* entry, CrlInfo *info)
     info->nextDate = (byte *)entry->nextDate;
     info->nextDateMaxLen = MAX_DATE_SIZE;
     info->nextDateFormat = entry->nextDateFormat;
-    info->crlNumber = (sword32)entry->crlNumber;
+#ifndef NO_BIG_INT
+    info->crlNumber = entry->crlNumber;
+#endif
 }
 #endif
 
@@ -648,13 +654,14 @@ static int AddCRL(WOLFSSL_CRL* crl, DecodedCRL* dcrl, const byte* buff,
 
     for (curr = crl->crlList; curr != NULL; curr = curr->next) {
         if (XMEMCMP(curr->issuerHash, crle->issuerHash, CRL_DIGEST_SIZE) == 0) {
-            if (crle->crlNumber <= curr->crlNumber) {
+#ifndef NO_BIG_INT
+            if (mp_cmp(&crle->crlNumber, &curr->crlNumber) <= 0) {
                 WOLFSSL_MSG("Same or newer CRL entry already exists");
                 CRL_Entry_free(crle, crl->heap);
                 wc_UnLockRwLock(&crl->crlLock);
                 return BAD_FUNC_ARG;
             }
-
+#endif
             crle->next = curr->next;
             if (prev != NULL) {
                 prev->next = crle;

src/x509.c

@@ -8941,6 +8941,8 @@ static int X509CRLPrintExtensions(WOLFSSL_BIO* bio, WOLFSSL_X509_CRL* crl,
         int indent)
 {
     char tmp[MAX_WIDTH]; /* buffer for XSNPRINTF */
+    char crlNumberStr[50]; /* RFC5280 states that CRL number can be up to 20
+                            * octets long i.e 49 digits */
 
     if (XSNPRINTF(tmp, MAX_WIDTH, "%*s%s\n", indent, "",
                 "CRL extensions:") >= MAX_WIDTH) {
@@ -8951,7 +8953,8 @@ static int X509CRLPrintExtensions(WOLFSSL_BIO* bio, WOLFSSL_X509_CRL* crl,
             return WOLFSSL_FAILURE;
     }
 
-    if (crl->crlList->crlNumber) {
+#ifndef NO_BIG_INT
+    if (crl->crlList->crlNumber.used) {
         if (XSNPRINTF(tmp, MAX_WIDTH, "%*s%s\n", indent + 4, "",
                     "X509v3 CRL Number:") >= MAX_WIDTH) {
             return WOLFSSL_FAILURE;
@@ -8961,16 +8964,22 @@ static int X509CRLPrintExtensions(WOLFSSL_BIO* bio, WOLFSSL_X509_CRL* crl,
             return WOLFSSL_FAILURE;
         }
 
-        if (XSNPRINTF(tmp, MAX_WIDTH, "%*s%d\n", indent + 8, "",
-            crl->crlList->crlNumber) >= MAX_WIDTH)
-        {
+        if (mp_toradix(&crl->crlList->crlNumber, crlNumberStr, MP_RADIX_DEC)
+                != MP_OKAY) {
+            return WOLFSSL_FAILURE;
+        }
+
+        if (XSNPRINTF(tmp, MAX_WIDTH, "%*s%s\n", indent + 8, "",
+            crlNumberStr) >= MAX_WIDTH) {
             return WOLFSSL_FAILURE;
         }
+
         if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) {
             return WOLFSSL_FAILURE;
         }
         XMEMSET(tmp, 0, sizeof(tmp));
     }
+#endif
 
 #if !defined(NO_SKID)
     if (crl->crlList->extAuthKeyIdSet && crl->crlList->extAuthKeyId[0] != 0) {

wolfcrypt/src/asn.c

@@ -38507,6 +38507,11 @@ void FreeDecodedCRL(DecodedCRL* dcrl)
 #ifdef OPENSSL_EXTRA
     XFREE(dcrl->issuer, NULL, DYNAMIC_TYPE_OPENSSL);
 #endif
+
+    mp_free(&dcrl->crlNumber);
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(&dcrl->crlNumber, NULL, DYNAMIC_TYPE_BIGINT);
+#endif
 }
 
 
@@ -39077,50 +39082,31 @@ static int ParseCRL_Extensions(DecodedCRL* dcrl, const byte* buf,
                     return ret;
                 }
                 else {
-                    if (length > 1) {
-                        int    i;
-                    #ifdef WOLFSSL_SMALL_STACK
-                        mp_int* m = (mp_int*)XMALLOC(sizeof(*m), NULL,
-                                DYNAMIC_TYPE_BIGINT);
-                        if (m == NULL) {
-                            return MEMORY_E;
-                        }
-                    #else
-                        mp_int m[1];
-                    #endif
-
-                        if (mp_init(m) != MP_OKAY) {
-                            ret = MP_INIT_E;
-                        }
-
-                        if (ret == 0)
-                            ret = mp_read_unsigned_bin(m, buf + idx, length);
-                        if (ret != MP_OKAY)
-                            ret = BUFFER_E;
+                #ifdef WOLFSSL_SMALL_STACK
+                    mp_int* m = (mp_int*)XMALLOC(sizeof(*m), NULL,
+                            DYNAMIC_TYPE_BIGINT);
+                    if (m == NULL) {
+                        return MEMORY_E;
+                    }
+                #else
+                    mp_int m[1];
+                #endif
 
-                        if (ret == 0) {
-                            dcrl->crlNumber = 0;
-                            for (i = 0; i < (int)(*m).used; ++i) {
-                                if (i > (CHAR_BIT *
-                                         (int)sizeof(word32) / DIGIT_BIT)) {
-                                    break;
-                                }
-                                dcrl->crlNumber |= ((word32)(*m).dp[i]) <<
-                                    (DIGIT_BIT * i);
-                            }
-                        }
+                    if (mp_init(m) != MP_OKAY) {
+                        ret = MP_INIT_E;
+                    }
 
-                        mp_free(m);
-                    #ifdef WOLFSSL_SMALL_STACK
-                        XFREE(m, NULL, DYNAMIC_TYPE_BIGINT);
-                    #endif
+                    if (ret == 0)
+                        ret = mp_read_unsigned_bin(m, buf + idx, length);
+                    if (ret != MP_OKAY)
+                        ret = BUFFER_E;
 
-                        if (ret != 0)
-                            return ret;
-                    }
-                    else if (length == 1) {
-                        dcrl->crlNumber = buf[idx];
+                    if (ret == 0) {
+                        dcrl->crlNumber = *m;
                     }
+
+                    if (ret != 0)
+                        return ret;
                 }
             }
         }
@@ -39199,13 +39185,9 @@ static int ParseCRL_Extensions(DecodedCRL* dcrl, const byte* buf, word32 idx,
                     ret = GetInt(m, buf, &localIdx, maxIdx);
                 }
                 if (ret == 0) {
-                    dcrl->crlNumber = (int)m->dp[0];
+                    dcrl->crlNumber = *m;
                 }
 
-                mp_free(m);
-            #ifdef WOLFSSL_SMALL_STACK
-                XFREE(m, NULL, DYNAMIC_TYPE_BIGINT);
-            #endif
             }
             /* TODO: check criticality */
             /* Move index on to next extension. */

wolfssl/internal.h

@@ -2590,7 +2590,9 @@ struct CRL_Entry {
     byte    extAuthKeyIdSet;
     byte    extAuthKeyId[KEYID_SIZE];
 #endif
-    int                   crlNumber;  /* CRL number extension */
+#ifndef NO_BIG_INT
+    mp_int  crlNumber;  /* CRL number extension */
+#endif
 };
 
 

wolfssl/ssl.h

@@ -3756,7 +3756,9 @@ typedef struct CrlInfo {
     byte *nextDate;
     word32 nextDateMaxLen;
     byte nextDateFormat;
-    sword32 crlNumber;
+#ifndef NO_BIG_INT
+    mp_int crlNumber;
+#endif
 } CrlInfo;
 
 typedef void (*CbUpdateCRL)(CrlInfo* old, CrlInfo* cnew);

wolfssl/wolfcrypt/asn.h

@@ -2882,7 +2882,9 @@ struct DecodedCRL {
     byte    extAuthKeyIdSet;
     byte    extAuthKeyId[SIGNER_DIGEST_SIZE]; /* Authority Key ID        */
 #endif
-    int          crlNumber;          /* CRL number extension  */
+#ifndef NO_BIG_INT
+    mp_int  crlNumber;  /* CRL number extension */
+#endif
 };
 
 WOLFSSL_LOCAL void InitDecodedCRL(DecodedCRL* dcrl, void* heap);