From 12cbb8e0497bc4990cfb02f1b9ebe23df9b53a2c Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 1 May 2020 18:06:18 +0200 Subject: [PATCH] WPACKET: don't write DER length when we don't want to With endfirst writing, it could be that we want to abandon any zero length sub-packet. That's what WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH was supposed to make happen, but the DER length writing code didn't look at that flag. Now it does. Reviewed-by: Matt Caswell Reviewed-by: Ben Kaduk (Merged from https://github.com/openssl/openssl/pull/11703) --- crypto/packet.c | 5 ++++- test/wpackettest.c | 9 +++++++++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/crypto/packet.c b/crypto/packet.c index 661b59e842..6db97a5434 100644 --- a/crypto/packet.c +++ b/crypto/packet.c @@ -265,7 +265,10 @@ static int wpacket_intern_close(WPACKET *pkt, WPACKET_SUB *sub, int doclose) && !put_value(&buf[sub->packet_len], packlen, sub->lenbytes)) return 0; - } else if (pkt->endfirst && sub->parent != NULL) { + } else if (pkt->endfirst && sub->parent != NULL + && (packlen != 0 + || (sub->flags + & WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH) == 0)) { size_t tmplen = packlen; size_t numlenbytes = 1; diff --git a/test/wpackettest.c b/test/wpackettest.c index 08b5f976ca..b03dfcd2e0 100644 --- a/test/wpackettest.c +++ b/test/wpackettest.c @@ -360,6 +360,8 @@ static int test_WPACKET_init_der(void) unsigned char testdata[] = { 0x00, 0x01, 0x02, 0x03 }; unsigned char testdata2[259] = { 0x82, 0x01, 0x00 }; size_t written[2]; + size_t size1, size2; + int flags = WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH; int i; /* Test initialising for writing DER */ @@ -370,6 +372,13 @@ static int test_WPACKET_init_der(void) || !TEST_true(WPACKET_memcpy(&pkt, testdata, sizeof(testdata))) || !TEST_true(WPACKET_close(&pkt)) || !TEST_true(WPACKET_put_bytes_u8(&pkt, 0xfc)) + /* this sub-packet is empty, and should render zero bytes */ + || (!TEST_true(WPACKET_start_sub_packet(&pkt)) + || !TEST_true(WPACKET_set_flags(&pkt, flags)) + || !TEST_true(WPACKET_get_total_written(&pkt, &size1)) + || !TEST_true(WPACKET_close(&pkt)) + || !TEST_true(WPACKET_get_total_written(&pkt, &size2)) + || !TEST_size_t_eq(size1, size2)) || !TEST_true(WPACKET_finish(&pkt)) || !TEST_true(WPACKET_get_total_written(&pkt, &written[0])) || !TEST_mem_eq(WPACKET_get_curr(&pkt), written[0], simpleder, -- 2.25.1