addressed review comments

Author: miyazakh

src/crl.c

@@ -138,7 +138,7 @@ static int InitCRL_Entry(CRL_Entry* crle, DecodedCRL* dcrl, const byte* buff,
     crle->totalCerts = dcrl->totalCerts;
     crle->crlNumberSet = dcrl->crlNumberSet;
     if (crle->crlNumberSet) {
-        XMEMCPY(crle->crlNumber, dcrl->crlNumber, CRL_MAX_NUM_HEX_STR_SZ);
+        XMEMCPY(crle->crlNumber, dcrl->crlNumber, sizeof(crle->crlNumber));
     }
     crle->verified = verified;
     if (!verified) {
@@ -597,7 +597,7 @@ static void SetCrlInfo(CRL_Entry* entry, CrlInfo *info)
     info->nextDateFormat = entry->nextDateFormat;
     info->crlNumberSet = entry->crlNumberSet;
     if (info->crlNumberSet)
-        XMEMCPY(info->crlNumber, entry->crlNumber, CRL_MAX_NUM_HEX_STR_SZ);
+        XMEMCPY(info->crlNumber, entry->crlNumber, sizeof(entry->crlNumber));
 }
 
 static void SetCrlInfoFromDecoded(DecodedCRL* entry, CrlInfo *info)
@@ -612,7 +612,7 @@ static void SetCrlInfoFromDecoded(DecodedCRL* entry, CrlInfo *info)
     info->nextDateFormat = entry->nextDateFormat;
     info->crlNumberSet = entry->crlNumberSet;
     if (info->crlNumberSet)
-        XMEMCPY(info->crlNumber, entry->crlNumber, CRL_MAX_NUM_HEX_STR_SZ);
+        XMEMCPY(info->crlNumber, entry->crlNumber, sizeof(entry->crlNumber));
 }
 #endif
 
@@ -622,24 +622,24 @@ static void SetCrlInfoFromDecoded(DecodedCRL* entry, CrlInfo *info)
 static int CompareCRLnumber(CRL_Entry* prev, CRL_Entry* curr)
 {
     int ret = 0;
-    DECL_MP_INT_SIZE_DYN(prev_num, CRL_MAX_NUM_SZ * CHAR_BIT,
-                                   CRL_MAX_NUM_SZ * CHAR_BIT);
-    DECL_MP_INT_SIZE_DYN(curr_num, CRL_MAX_NUM_SZ * CHAR_BIT,
-                                   CRL_MAX_NUM_SZ * CHAR_BIT);
+    DECL_MP_INT_SIZE_DYN(prev_num, CRL_MAX_NUM_SZ_BITS,
+                                   CRL_MAX_NUM_SZ_BITS);
+    DECL_MP_INT_SIZE_DYN(curr_num, CRL_MAX_NUM_SZ_BITS,
+                                   CRL_MAX_NUM_SZ_BITS);
 
-    NEW_MP_INT_SIZE(prev_num, CRL_MAX_NUM_SZ * CHAR_BIT, NULL,
+    NEW_MP_INT_SIZE(prev_num, CRL_MAX_NUM_SZ_BITS, NULL,
                                    DYNAMIC_TYPE_TMP_BUFFER);
-    NEW_MP_INT_SIZE(curr_num, CRL_MAX_NUM_SZ * CHAR_BIT, NULL,
+    NEW_MP_INT_SIZE(curr_num, CRL_MAX_NUM_SZ_BITS, NULL,
                                    DYNAMIC_TYPE_TMP_BUFFER);
 #ifdef MP_INT_SIZE_CHECK_NULL
     if ((prev_num == NULL) || (curr_num == NULL)) {
         ret = MEMORY_E;
     }
 #endif
 
-    if (ret == 0 && ((INIT_MP_INT_SIZE(prev_num, CRL_MAX_NUM_SZ * CHAR_BIT)
+    if (ret == 0 && ((INIT_MP_INT_SIZE(prev_num, CRL_MAX_NUM_SZ_BITS)
                 != MP_OKAY) || (INIT_MP_INT_SIZE(curr_num,
-                CRL_MAX_NUM_SZ * CHAR_BIT)) != MP_OKAY)) {
+                CRL_MAX_NUM_SZ_BITS)) != MP_OKAY)) {
         ret = MP_INIT_E;
     }
 

tests/api.c

@@ -31627,7 +31627,7 @@ static void updateCrlCb(CrlInfo* old, CrlInfo* cnew)
     AssertIntEQ(crl1Info.nextDateMaxLen, old->nextDateMaxLen);
     AssertIntEQ(crl1Info.nextDateFormat, old->nextDateFormat);
     AssertIntEQ(XMEMCMP(
-        crl1Info.crlNumber, old->crlNumber, CRL_MAX_NUM_HEX_STR_SZ), 0);
+        crl1Info.crlNumber, old->crlNumber, sizeof(old->crlNumber)), 0);
     AssertIntEQ(XMEMCMP(
         crl1Info.issuerHash, old->issuerHash, old->issuerHashLen), 0);
     AssertIntEQ(XMEMCMP(
@@ -31642,7 +31642,7 @@ static void updateCrlCb(CrlInfo* old, CrlInfo* cnew)
     AssertIntEQ(crlRevInfo.nextDateMaxLen, cnew->nextDateMaxLen);
     AssertIntEQ(crlRevInfo.nextDateFormat, cnew->nextDateFormat);
     AssertIntEQ(XMEMCMP(
-        crlRevInfo.crlNumber, cnew->crlNumber, CRL_MAX_NUM_HEX_STR_SZ), 0);
+        crlRevInfo.crlNumber, cnew->crlNumber, sizeof(cnew->crlNumber)), 0);
     AssertIntEQ(XMEMCMP(
         crlRevInfo.issuerHash, cnew->issuerHash, cnew->issuerHashLen), 0);
     AssertIntEQ(XMEMCMP(

wolfcrypt/src/asn.c

@@ -40856,22 +40856,13 @@ static int ParseCRL_Extensions(DecodedCRL* dcrl, const byte* buf,
                         ret = BUFFER_E;
                     /* Check CRL number size
                      * if it exceeds CRL_MAX_NUM_SZ(octets)
+                     * and CRL_MAX_NUM_HEX_STR_SZ(hex string)
                      */
-                    if (mp_unsigned_bin_size(m) > CRL_MAX_NUM_SZ) {
+                    if (((needed = mp_unsigned_bin_size(m)) > CRL_MAX_NUM_SZ) ||
+                        ((needed * 2 + 1) > CRL_MAX_NUM_HEX_STR_SZ)) {
                         WOLFSSL_MSG("CRL number exceeds limitation.");
                         ret = BUFFER_E;
                     }
-                    /* Determine required size for hexadecimal string encoding */
-                    if (ret == MP_OKAY &&
-                        (mp_radix_size(m, MP_RADIX_HEX, &needed) != MP_OKAY)) {
-                        WOLFSSL_MSG("mp_radix_size failure");
-                        ret = BUFFER_E;
-                    }
-                    if (ret == MP_OKAY && needed > CRL_MAX_NUM_HEX_STR_SZ) {
-                        WOLFSSL_MSG("CRL number hex string"
-                                        " exceeds buffer limitation");
-                        ret = BUFFER_E;
-                    }
                     if (ret == MP_OKAY && mp_toradix(m, (char*)dcrl->crlNumber,
                                 MP_RADIX_HEX) != MP_OKAY)
                         ret = BUFFER_E;
@@ -40991,22 +40982,13 @@ static int ParseCRL_Extensions(DecodedCRL* dcrl, const byte* buf, word32 idx,
                     }
                     /* Check CRL number size
                      * if it exceeds CRL_MAX_NUM_SZ(octets)
+                     * and CRL_MAX_NUM_HEX_STR_SZ(hex string)
                      */
-                    if (mp_unsigned_bin_size(m) > CRL_MAX_NUM_SZ) {
+                    if (((needed = mp_unsigned_bin_size(m)) > CRL_MAX_NUM_SZ) ||
+                        ((needed * 2 + 1) > CRL_MAX_NUM_HEX_STR_SZ)) {
                         WOLFSSL_MSG("CRL number exceeds limitation.");
                         ret = BUFFER_E;
                     }
-                    /* Determine required size for hexadecimal string encoding */
-                    if (ret == MP_OKAY &&
-                        (mp_radix_size(m, MP_RADIX_HEX, &needed) != MP_OKAY)) {
-                        WOLFSSL_MSG("mp_radix_size failure");
-                        ret = BUFFER_E;
-                    }
-                    if (ret == MP_OKAY && needed > CRL_MAX_NUM_HEX_STR_SZ) {
-                        WOLFSSL_MSG("CRL number hex string"
-                                        " exceeds buffer limitation");
-                        ret = BUFFER_E;
-                    }
                     if (ret == 0 && mp_toradix(m, (char*)dcrl->crlNumber,
                                  MP_RADIX_HEX) != MP_OKAY)
                         ret = BUFFER_E;

wolfssl/ssl.h

@@ -3795,7 +3795,7 @@ typedef int  (*CbCrlIO)(WOLFSSL_CRL* crl, const char* url, int urlSz);
 
 #ifdef HAVE_CRL_UPDATE_CB
 typedef struct CrlInfo {
-    byte crlNumber[CRL_MAX_NUM_HEX_STR_SZ];
+    char crlNumber[CRL_MAX_NUM_HEX_STR_SZ];
     byte *issuerHash;
     word32 issuerHashLen;
     byte *lastDate;

wolfssl/wolfcrypt/asn.h

@@ -2694,6 +2694,7 @@ struct RevokedCert {
 #endif                    /* octets long */
 
 #define CRL_MAX_NUM_HEX_STR_SZ (CRL_MAX_NUM_SZ * 2 + 1)
+#define CRL_MAX_NUM_SZ_BITS    (CRL_MAX_NUM_SZ * CHAR_BIT)
 
 typedef struct DecodedCRL DecodedCRL;
 
@@ -2707,7 +2708,7 @@ struct DecodedCRL {
     word32  sigParamsLength;         /* length of signature parameters   */
 #endif
     byte*   signature;               /* pointer into raw source, not owned */
-    byte    crlNumber[CRL_MAX_NUM_HEX_STR_SZ];      /* CRL number extension */
+    char    crlNumber[CRL_MAX_NUM_HEX_STR_SZ];      /* CRL number extension */
     byte    issuerHash[SIGNER_DIGEST_SIZE]; /* issuer name hash          */
     byte    crlHash[SIGNER_DIGEST_SIZE]; /* raw crl data hash            */
     byte    lastDate[MAX_DATE_SIZE]; /* last date updated  */