RFC 5280 Appendix A.1 states that the Country Name in a certificate

shall have a size of 2 octets. Restrict country name length to 2 or 0.
2016-05-18 10:39:18 -07:00
parent b8c0802e3c
commit 03e6f7cca3
2 changed files with 9 additions and 0 deletions
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -6712,6 +6712,14 @@ static int SetName(byte* output, word32 outputSz, CertName* name)
            int thisLen = strLen;
            int firstSz, secondSz, seqSz, setSz;

+            /* Restrict country code size */
+            if (i == 0) {
+                if (strLen >= CTC_COUNTRY_SIZE)
+                    strLen = CTC_COUNTRY_SIZE;
+                else
+                    strLen = 0;
+            }
+
            if (strLen == 0) { /* no user data for this item */
                names[i].used = 0;
                continue;
--- a/wolfssl/wolfcrypt/asn_public.h
+++ b/wolfssl/wolfcrypt/asn_public.h
@@ -77,6 +77,7 @@ enum Ctc_Encoding {
 };

 enum Ctc_Misc {
+    CTC_COUNTRY_SIZE  =     2,
    CTC_NAME_SIZE     =    64,
    CTC_DATE_SIZE     =    32,
    CTC_MAX_ALT_SIZE  = 16384,   /* may be huge */