Browse code

tls_wolfssl: cert serial number can exceed uint64

- GH #3168

S-P Chan authored on 30/06/2022 01:44:42
Showing 1 changed files
... ...
@@ -632,24 +632,32 @@ static int pv_validity(sip_msg_t* msg, pv_param_t* param, pv_value_t* res)
632 632
 }
633 633
 
634 634
 
635
-static int get_sn(str* res, int* ires, int local, sip_msg_t* msg)
635
+static int get_sn(str* res, int local, sip_msg_t* msg)
636 636
 {
637
-	static char buf[INT2STR_MAX_LEN];
637
+	static char buf[80]; // > log(2^256,10)
638 638
 	X509* cert;
639 639
 	struct tcp_connection* c;
640
-	char* sn;
641
-	int num;
640
+	char* sn = NULL;
641
+	WOLFSSL_BIGNUM* bn = NULL;
642 642
 
643 643
 	if (get_cert(&cert, &c, msg, local) < 0) return -1;
644 644
 
645
-	num = ASN1_INTEGER_get(X509_get_serialNumber(cert));
646
-	sn = int2str(num, &res->len);
645
+	if(!(bn = wolfSSL_BN_new())) goto error;
646
+	if (!wolfSSL_ASN1_INTEGER_to_BN(X509_get_serialNumber(cert), bn)) goto error;
647
+	if (!(sn = wolfSSL_BN_bn2dec(bn)) || strlen(sn) > 80) goto error;
648
+	res->len = strlen(sn);
647 649
 	memcpy(buf, sn, res->len);
648 650
 	res->s = buf;
649
-	if (ires) *ires = num;
651
+
650 652
 	if (!local) X509_free(cert);
651 653
 	tcpconn_put(c);
654
+	wolfSSL_OPENSSL_free(sn);
655
+	wolfSSL_BN_free(bn);
652 656
 	return 0;
657
+ error:
658
+	if (sn) wolfSSL_OPENSSL_free(sn);
659
+	if (bn) wolfSSL_BN_free(bn);
660
+	return -1;
653 661
 }
654 662
 
655 663
 static int sel_sn(str* res, select_t* s, sip_msg_t* msg)
... ...
@@ -664,7 +672,7 @@ static int sel_sn(str* res, select_t* s, sip_msg_t* msg)
664 672
 		return -1;
665 673
 	}
666 674
 
667
-	return get_sn(res, NULL, local, msg);
675
+	return get_sn(res, local, msg);
668 676
 }
669 677
 
670 678
 
... ...
@@ -681,11 +689,11 @@ static int pv_sn(sip_msg_t* msg, pv_param_t* param, pv_value_t* res)
681 689
 		return pv_get_null(msg, param, res);
682 690
 	}
683 691
 	
684
-	if (get_sn(&res->rs, &res->ri, local, msg) < 0) {
692
+	if (get_sn(&res->rs, local, msg) < 0) {
685 693
 		return pv_get_null(msg, param, res);
686 694
 	}
687 695
 	
688
-	res->flags = PV_VAL_STR | PV_VAL_INT;
696
+	res->flags = PV_VAL_STR;
689 697
 	return 0;
690 698
 }
691 699