From 4752aac11d21b7e0ec284d588f70a4d814f38ed6 Mon Sep 17 00:00:00 2001
From: Valerio Setti <vsetti@baylibre.com>
Date: Tue, 10 Jan 2023 16:00:15 +0100
Subject: [PATCH] x509: enhancement and fixes

- enhance mbedtls_x509write_crt_set_serial(): avoid use of useless
  temporary buffer

- fix mbedtls_x509write_crt_der(): add an extra 0x00 byte at the
  beginning of serial if the MSb of serial is 1, as required from
  ASN.1

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
---
 library/x509write_crt.c | 25 +++++++++++++++----------
 1 file changed, 15 insertions(+), 10 deletions(-)

diff --git a/library/x509write_crt.c b/library/x509write_crt.c
index 5cd1e30d4b..4725c5fe77 100644
--- a/library/x509write_crt.c
+++ b/library/x509write_crt.c
@@ -105,7 +105,6 @@ int mbedtls_x509write_crt_set_serial(mbedtls_x509write_cert *ctx,
                                      const mbedtls_mpi *serial)
 {
     int ret;
-    unsigned char tmp[MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN];
     size_t tmp_len;
 
     /* Ensure that the MPI value fits into the buffer */
@@ -116,16 +115,11 @@ int mbedtls_x509write_crt_set_serial(mbedtls_x509write_cert *ctx,
 
     ctx->serial_len = tmp_len;
 
-    ret = mbedtls_mpi_write_binary(serial, tmp,
-                                   MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN);
+    ret = mbedtls_mpi_write_binary(serial, ctx->serial, tmp_len);
     if (ret < 0) {
         return ret;
     }
 
-    /* Copy data to the internal structure skipping leading zeros */
-    memcpy(ctx->serial, &tmp[MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN - tmp_len],
-           tmp_len);
-
     return 0;
 }
 #endif // MBEDTLS_BIGNUM_C && !MBEDTLS_DEPRECATED_REMOVED
@@ -540,14 +534,25 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx,
      *  Serial   ::=  INTEGER
      *
      * Written data is:
-     * - [ctx->serial_len] bytes for the raw serial buffer
+     * - "ctx->serial_len" bytes for the raw serial buffer
+     *   - if MSb of "serial" is 1, then prepend an extra 0x00 byte
      * - 1 byte for the length
      * - 1 byte for the TAG
      */
     MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(&c, buf,
                                                             ctx->serial, ctx->serial_len));
-    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf,
-                                                     ctx->serial_len));
+    if (*c & 0x80) {
+        if (c - buf < 1) {
+            return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL;
+        }
+        *(c--) = 0x0;
+        len++;
+        MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf,
+                                                         ctx->serial_len + 1));
+    } else {
+        MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf,
+                                                         ctx->serial_len));
+    }
     MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf,
                                                      MBEDTLS_ASN1_INTEGER));