diff --git a/library/x509write.c b/library/x509write.c index 35dc5bfe7..7499bf775 100644 --- a/library/x509write.c +++ b/library/x509write.c @@ -440,7 +440,7 @@ int x509write_pubkey_der( rsa_context *rsa, unsigned char *buf, size_t size ) unsigned char *c; size_t len = 0; - c = buf + size - 1; + c = buf + size; ASN1_CHK_ADD( len, x509_write_rsa_pubkey( &c, buf, rsa ) ); @@ -473,7 +473,7 @@ int x509write_key_der( rsa_context *rsa, unsigned char *buf, size_t size ) unsigned char *c; size_t len = 0; - c = buf + size - 1; + c = buf + size; ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->QP ) ); ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->DQ ) ); @@ -703,7 +703,7 @@ int x509write_csr_der( x509write_csr *ctx, unsigned char *buf, size_t size ) size_t pub_len = 0, sig_len = 0; size_t len = 0; - c = tmp_buf + 2048 - 1; + c = tmp_buf + sizeof( tmp_buf ); ASN1_CHK_ADD( len, x509_write_extensions( &c, tmp_buf, ctx->extensions ) ); @@ -726,7 +726,7 @@ int x509write_csr_der( x509write_csr *ctx, unsigned char *buf, size_t size ) ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | ASN1_CONTEXT_SPECIFIC ) ); ASN1_CHK_ADD( pub_len, x509write_pubkey_der( pk_rsa( *ctx->key ), - tmp_buf, c - tmp_buf + 1 ) ); + tmp_buf, c - tmp_buf ) ); c -= pub_len; len += pub_len; @@ -758,7 +758,7 @@ int x509write_csr_der( x509write_csr *ctx, unsigned char *buf, size_t size ) &sig_oid_len ); // TODO: use pk_get_len() - c2 = buf + size - 1; + c2 = buf + size; ASN1_CHK_ADD( sig_len, x509_write_sig( &c2, buf, sig_oid, sig_oid_len, sig, pk_rsa( *ctx->key )->len ) ); @@ -784,7 +784,7 @@ int x509write_crt_der( x509write_cert *ctx, unsigned char *buf, size_t size ) size_t sub_len = 0, pub_len = 0, sig_len = 0; size_t len = 0; - c = tmp_buf + 2048 - 1; + c = tmp_buf + sizeof( tmp_buf ); // Generate correct OID // @@ -806,7 +806,7 @@ int x509write_crt_der( x509write_cert *ctx, unsigned char *buf, size_t size ) * SubjectPublicKeyInfo */ ASN1_CHK_ADD( pub_len, x509write_pubkey_der( ctx->subject_key, - tmp_buf, c - tmp_buf + 1 ) ); + tmp_buf, c - tmp_buf ) ); c -= pub_len; len += pub_len; @@ -864,7 +864,7 @@ int x509write_crt_der( x509write_cert *ctx, unsigned char *buf, size_t size ) rsa_pkcs1_sign( ctx->issuer_key, NULL, NULL, RSA_PRIVATE, ctx->md_alg, 0, hash, sig ); - c2 = buf + size - 1; + c2 = buf + size; ASN1_CHK_ADD( sig_len, x509_write_sig( &c2, buf, sig_oid, sig_oid_len, sig, ctx->issuer_key->len ) ); @@ -942,7 +942,7 @@ int x509write_crt_pem( x509write_cert *crt, unsigned char *buf, size_t size ) } if( ( ret = x509write_pemify( PEM_BEGIN_CRT, PEM_END_CRT, - output_buf + sizeof(output_buf) - 1 - ret, + output_buf + sizeof(output_buf) - ret, ret, buf, size ) ) != 0 ) { return( ret ); @@ -963,7 +963,7 @@ int x509write_pubkey_pem( rsa_context *rsa, unsigned char *buf, size_t size ) } if( ( ret = x509write_pemify( PEM_BEGIN_PUBLIC_KEY, PEM_END_PUBLIC_KEY, - output_buf + sizeof(output_buf) - 1 - ret, + output_buf + sizeof(output_buf) - ret, ret, buf, size ) ) != 0 ) { return( ret ); @@ -984,7 +984,7 @@ int x509write_key_pem( rsa_context *rsa, unsigned char *buf, size_t size ) } if( ( ret = x509write_pemify( PEM_BEGIN_PRIVATE_KEY, PEM_END_PRIVATE_KEY, - output_buf + sizeof(output_buf) - 1 - ret, + output_buf + sizeof(output_buf) - ret, ret, buf, size ) ) != 0 ) { return( ret ); @@ -1005,7 +1005,7 @@ int x509write_csr_pem( x509write_csr *ctx, unsigned char *buf, size_t size ) } if( ( ret = x509write_pemify( PEM_BEGIN_CSR, PEM_END_CSR, - output_buf + sizeof(output_buf) - 1 - ret, + output_buf + sizeof(output_buf) - ret, ret, buf, size ) ) != 0 ) { return( ret ); diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index 53fb3ed6f..b45395fd1 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -21,7 +21,7 @@ void x509_csr_check( char *key_file, int md_type, unsigned char buf[4000]; unsigned char check_buf[4000]; int ret; - size_t olen = 2000; + size_t olen = sizeof( check_buf ); FILE *f; char *subject_name = "C=NL,O=PolarSSL,CN=PolarSSL Server 1"; @@ -36,21 +36,21 @@ void x509_csr_check( char *key_file, int md_type, x509write_csr_set_rsa_key( &req, &rsa ); TEST_ASSERT( x509write_csr_set_subject_name( &req, subject_name ) == 0 ); - ret = x509write_csr_der( &req, buf, 4000 ); + ret = x509write_csr_der( &req, buf, sizeof( buf ) ); TEST_ASSERT( ret >= 0 ); - c = buf + 3999 - ret; + c = buf + sizeof( buf ) - ret; f = fopen( cert_req_check_file, "r" ); TEST_ASSERT( f != NULL ); - fread( check_buf, 1, 4000, f ); + fread( check_buf, 1, sizeof( check_buf ), f ); fclose( f ); pem_init( &pem ); pem_read_buffer( &pem, "-----BEGIN CERTIFICATE REQUEST-----", "-----END CERTIFICATE REQUEST-----", check_buf, NULL, 0, &olen ); - TEST_ASSERT( memcmp( c, pem.buf, pem.buflen ) == 0 ); TEST_ASSERT( pem.buflen == (size_t) ret ); + TEST_ASSERT( memcmp( c, pem.buf, pem.buflen ) == 0 ); x509write_csr_free( &req ); rsa_free( &rsa ); @@ -73,7 +73,7 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd, unsigned char check_buf[5000]; mpi serial; int ret; - size_t olen = 2000; + size_t olen = sizeof( check_buf ); FILE *f; mpi_init( &serial ); @@ -103,7 +103,7 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd, ret = x509write_crt_der( &crt, buf, sizeof(buf) ); TEST_ASSERT( ret >= 0 ); - c = buf + 3999 - ret; + c = buf + sizeof( buf ) - ret; f = fopen( cert_check_file, "r" ); TEST_ASSERT( f != NULL );