forked from wolfSSL/wolfssl
remove snprintf
use strtok thread safe version add output size for sanity checks in some functions
This commit is contained in:
Ludovic FLAMENT
@@ -4219,6 +4219,39 @@ static int DecodeNameConstraints(byte* input, int sz, DecodedCert* cert)
|
|||||||
#endif /* IGNORE_NAME_CONSTRAINTS */
|
#endif /* IGNORE_NAME_CONSTRAINTS */
|
||||||
|
|
||||||
#ifdef WOLFSSL_CERT_EXT
|
#ifdef WOLFSSL_CERT_EXT
|
||||||
|
|
||||||
|
static int Word32ToString(char* d, word32 number)
|
||||||
|
{
|
||||||
|
int i = 0;
|
||||||
|
|
||||||
|
if (d != NULL) {
|
||||||
|
word32 order = 1000000000;
|
||||||
|
word32 digit;
|
||||||
|
|
||||||
|
if (number == 0) {
|
||||||
|
d[i++] = '0';
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
while (order) {
|
||||||
|
digit = number / order;
|
||||||
|
if (i > 0 || digit != 0) {
|
||||||
|
d[i++] = (char)digit + '0';
|
||||||
|
}
|
||||||
|
if (digit != 0)
|
||||||
|
number %= digit * order;
|
||||||
|
if (order > 1)
|
||||||
|
order /= 10;
|
||||||
|
else
|
||||||
|
order = 0;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
d[i] = 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
return i;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
/* Decode ITU-T X.690 OID format to a string representation
|
/* Decode ITU-T X.690 OID format to a string representation
|
||||||
* return string length */
|
* return string length */
|
||||||
static int DecodePolicyOID(char *out, word32 outSz, byte *in, word32 inSz)
|
static int DecodePolicyOID(char *out, word32 outSz, byte *in, word32 inSz)
|
||||||
@@ -4232,8 +4265,9 @@ static int DecodePolicyOID(char *out, word32 outSz, byte *in, word32 inSz)
|
|||||||
/* first two byte must be interpreted as : 40 * int1 + int2 */
|
/* first two byte must be interpreted as : 40 * int1 + int2 */
|
||||||
val = (word16)in[idx++];
|
val = (word16)in[idx++];
|
||||||
|
|
||||||
XSNPRINTF(out, outSz, "%d.%d", val / 40, val % 40);
|
w_bytes = Word32ToString(out, val / 40);
|
||||||
w_bytes += XSTRLEN(out);
|
out[w_bytes++] = '.';
|
||||||
|
w_bytes += Word32ToString(out+w_bytes, val % 40);
|
||||||
|
|
||||||
while (idx < inSz) {
|
while (idx < inSz) {
|
||||||
/* init value */
|
/* init value */
|
||||||
@@ -4263,8 +4297,8 @@ static int DecodePolicyOID(char *out, word32 outSz, byte *in, word32 inSz)
|
|||||||
idx += nb_bytes;
|
idx += nb_bytes;
|
||||||
}
|
}
|
||||||
|
|
||||||
XSNPRINTF(out+XSTRLEN(out), outSz, ".%d", val);
|
out[w_bytes++] = '.';
|
||||||
w_bytes = XSTRLEN(out);
|
w_bytes += Word32ToString(out+w_bytes, val);
|
||||||
}
|
}
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
@@ -4794,6 +4828,9 @@ WOLFSSL_LOCAL int SetMyVersion(word32 version, byte* output, int header)
|
|||||||
{
|
{
|
||||||
int i = 0;
|
int i = 0;
|
||||||
|
|
||||||
|
if (output == NULL)
|
||||||
|
return BAD_FUNC_ARG;
|
||||||
|
|
||||||
if (header) {
|
if (header) {
|
||||||
output[i++] = ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED;
|
output[i++] = ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED;
|
||||||
output[i++] = ASN_BIT_STRING;
|
output[i++] = ASN_BIT_STRING;
|
||||||
@@ -4812,6 +4849,9 @@ WOLFSSL_LOCAL int SetSerialNumber(const byte* sn, word32 snSz, byte* output)
|
|||||||
|
|
||||||
WOLFSSL_ENTER("SetSerialNumber");
|
WOLFSSL_ENTER("SetSerialNumber");
|
||||||
|
|
||||||
|
if (sn == NULL || output == NULL)
|
||||||
|
return BAD_FUNC_ARG;
|
||||||
|
|
||||||
if (snSz <= EXTERNAL_SERIAL_SIZE) {
|
if (snSz <= EXTERNAL_SERIAL_SIZE) {
|
||||||
output[0] = ASN_INTEGER;
|
output[0] = ASN_INTEGER;
|
||||||
/* The serial number is always positive. When encoding the
|
/* The serial number is always positive. When encoding the
|
||||||
@@ -5856,38 +5896,47 @@ static byte GetNameId(int idx)
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
/* encode all extensions, return total bytes written */
|
/* encode all extensions, return total bytes written */
|
||||||
static int SetExtensions(byte* output, int *IdxInOut,
|
static int SetExtensions(byte* out, word32 outSz, int *IdxInOut,
|
||||||
const byte* ext, int extSz)
|
const byte* ext, int extSz)
|
||||||
{
|
{
|
||||||
if (output == NULL || IdxInOut == NULL || ext == NULL)
|
if (out == NULL || IdxInOut == NULL || ext == NULL)
|
||||||
return BAD_FUNC_ARG;
|
return BAD_FUNC_ARG;
|
||||||
|
|
||||||
XMEMCPY(&output[*IdxInOut], ext, extSz); /* extensions */
|
if (outSz < (word32)(*IdxInOut+extSz))
|
||||||
|
return BUFFER_E;
|
||||||
|
|
||||||
|
XMEMCPY(&out[*IdxInOut], ext, extSz); /* extensions */
|
||||||
*IdxInOut += extSz;
|
*IdxInOut += extSz;
|
||||||
|
|
||||||
return *IdxInOut;
|
return *IdxInOut;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* encode extensions header, return total bytes written */
|
/* encode extensions header, return total bytes written */
|
||||||
static int SetExtensionsHeader(byte* output, int extSz)
|
static int SetExtensionsHeader(byte* out, word32 outSz, int extSz)
|
||||||
{
|
{
|
||||||
byte sequence[MAX_SEQ_SZ];
|
byte sequence[MAX_SEQ_SZ];
|
||||||
byte len[MAX_LENGTH_SZ];
|
byte len[MAX_LENGTH_SZ];
|
||||||
int seqSz, lenSz, idx = 0;
|
int seqSz, lenSz, idx = 0;
|
||||||
|
|
||||||
if (output == NULL)
|
if (out == NULL)
|
||||||
return BAD_FUNC_ARG;
|
return BAD_FUNC_ARG;
|
||||||
|
|
||||||
|
if (outSz < 3)
|
||||||
|
return BUFFER_E;
|
||||||
|
|
||||||
seqSz = SetSequence(extSz, sequence);
|
seqSz = SetSequence(extSz, sequence);
|
||||||
|
|
||||||
/* encode extensions length provided */
|
/* encode extensions length provided */
|
||||||
lenSz = SetLength(extSz+seqSz, len);
|
lenSz = SetLength(extSz+seqSz, len);
|
||||||
|
|
||||||
output[idx++] = ASN_EXTENSIONS; /* extensions id */
|
if (outSz < (word32)(lenSz+seqSz+1))
|
||||||
XMEMCPY(&output[idx], len, lenSz); /* length */
|
return BUFFER_E;
|
||||||
|
|
||||||
|
out[idx++] = ASN_EXTENSIONS; /* extensions id */
|
||||||
|
XMEMCPY(&out[idx], len, lenSz); /* length */
|
||||||
idx += lenSz;
|
idx += lenSz;
|
||||||
|
|
||||||
XMEMCPY(&output[idx], sequence, seqSz); /* sequence */
|
XMEMCPY(&out[idx], sequence, seqSz); /* sequence */
|
||||||
idx += seqSz;
|
idx += seqSz;
|
||||||
|
|
||||||
return idx;
|
return idx;
|
||||||
@@ -5895,12 +5944,18 @@ static int SetExtensionsHeader(byte* output, int extSz)
|
|||||||
|
|
||||||
|
|
||||||
/* encode CA basic constraint true, return total bytes written */
|
/* encode CA basic constraint true, return total bytes written */
|
||||||
static int SetCa(byte* output)
|
static int SetCa(byte* out, word32 outSz)
|
||||||
{
|
{
|
||||||
static const byte ca[] = { 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04,
|
static const byte ca[] = { 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04,
|
||||||
0x05, 0x30, 0x03, 0x01, 0x01, 0xff };
|
0x05, 0x30, 0x03, 0x01, 0x01, 0xff };
|
||||||
|
|
||||||
XMEMCPY(output, ca, sizeof(ca));
|
if (out == NULL)
|
||||||
|
return BAD_FUNC_ARG;
|
||||||
|
|
||||||
|
if (outSz < sizeof(ca))
|
||||||
|
return BUFFER_E;
|
||||||
|
|
||||||
|
XMEMCPY(out, ca, sizeof(ca));
|
||||||
|
|
||||||
return (int)sizeof(ca);
|
return (int)sizeof(ca);
|
||||||
}
|
}
|
||||||
@@ -5908,7 +5963,7 @@ static int SetCa(byte* output)
|
|||||||
|
|
||||||
#ifdef WOLFSSL_CERT_EXT
|
#ifdef WOLFSSL_CERT_EXT
|
||||||
/* encode OID and associated value, return total bytes written */
|
/* encode OID and associated value, return total bytes written */
|
||||||
static int SetOidValue(byte* out, const byte *oid, word32 oidSz,
|
static int SetOidValue(byte* out, word32 outSz, const byte *oid, word32 oidSz,
|
||||||
byte *in, word32 inSz)
|
byte *in, word32 inSz)
|
||||||
{
|
{
|
||||||
int idx = 0;
|
int idx = 0;
|
||||||
@@ -5916,9 +5971,15 @@ static int SetOidValue(byte* out, const byte *oid, word32 oidSz,
|
|||||||
if (out == NULL || oid == NULL || in == NULL)
|
if (out == NULL || oid == NULL || in == NULL)
|
||||||
return BAD_FUNC_ARG;
|
return BAD_FUNC_ARG;
|
||||||
|
|
||||||
|
if (outSz < 3)
|
||||||
|
return BUFFER_E;
|
||||||
|
|
||||||
/* sequence, + 1 => byte to put value size */
|
/* sequence, + 1 => byte to put value size */
|
||||||
idx = SetSequence(inSz + oidSz + 1, out);
|
idx = SetSequence(inSz + oidSz + 1, out);
|
||||||
|
|
||||||
|
if (outSz < idx + inSz + oidSz + 1)
|
||||||
|
return BUFFER_E;
|
||||||
|
|
||||||
XMEMCPY(out+idx, oid, oidSz);
|
XMEMCPY(out+idx, oid, oidSz);
|
||||||
idx += oidSz;
|
idx += oidSz;
|
||||||
out[idx++] = (byte)inSz;
|
out[idx++] = (byte)inSz;
|
||||||
@@ -5929,7 +5990,7 @@ static int SetOidValue(byte* out, const byte *oid, word32 oidSz,
|
|||||||
|
|
||||||
/* encode Subject Key Identifier, return total bytes written
|
/* encode Subject Key Identifier, return total bytes written
|
||||||
* RFC5280 : non-critical */
|
* RFC5280 : non-critical */
|
||||||
static int SetSKID(byte* output, byte *input, word32 length)
|
static int SetSKID(byte* output, word32 outSz, byte *input, word32 length)
|
||||||
{
|
{
|
||||||
byte skid_len[MAX_LENGTH_SZ];
|
byte skid_len[MAX_LENGTH_SZ];
|
||||||
byte skid_enc_len[MAX_LENGTH_SZ];
|
byte skid_enc_len[MAX_LENGTH_SZ];
|
||||||
@@ -5945,10 +6006,16 @@ static int SetSKID(byte* output, byte *input, word32 length)
|
|||||||
/* length of encoded value */
|
/* length of encoded value */
|
||||||
skid_enc_lenSz = SetLength(length + skid_lenSz + 1, skid_enc_len);
|
skid_enc_lenSz = SetLength(length + skid_lenSz + 1, skid_enc_len);
|
||||||
|
|
||||||
|
if (outSz < 3)
|
||||||
|
return BUFFER_E;
|
||||||
|
|
||||||
/* sequence, + 1 => byte to put type size */
|
/* sequence, + 1 => byte to put type size */
|
||||||
idx = SetSequence(length + sizeof(skid_oid) + skid_lenSz + skid_enc_lenSz+1,
|
idx = SetSequence(length + sizeof(skid_oid) + skid_lenSz + skid_enc_lenSz+1,
|
||||||
output);
|
output);
|
||||||
|
|
||||||
|
if (outSz < length + sizeof(skid_oid) + skid_lenSz + skid_enc_lenSz + 1)
|
||||||
|
return BUFFER_E;
|
||||||
|
|
||||||
/* put oid */
|
/* put oid */
|
||||||
XMEMCPY(output+idx, skid_oid, sizeof(skid_oid));
|
XMEMCPY(output+idx, skid_oid, sizeof(skid_oid));
|
||||||
idx += sizeof(skid_oid);
|
idx += sizeof(skid_oid);
|
||||||
@@ -5973,7 +6040,7 @@ static int SetSKID(byte* output, byte *input, word32 length)
|
|||||||
|
|
||||||
/* encode Authority Key Identifier, return total bytes written
|
/* encode Authority Key Identifier, return total bytes written
|
||||||
* RFC5280 : non-critical */
|
* RFC5280 : non-critical */
|
||||||
static int SetAKID(byte* output, byte *input, word32 length)
|
static int SetAKID(byte* output, word32 outSz, byte *input, word32 length)
|
||||||
{
|
{
|
||||||
byte *enc_val;
|
byte *enc_val;
|
||||||
int ret, enc_valSz;
|
int ret, enc_valSz;
|
||||||
@@ -5989,13 +6056,15 @@ static int SetAKID(byte* output, byte *input, word32 length)
|
|||||||
return MEMORY_E;
|
return MEMORY_E;
|
||||||
|
|
||||||
/* sequence for ContentSpec & value */
|
/* sequence for ContentSpec & value */
|
||||||
enc_valSz = SetOidValue(enc_val, akid_cs, sizeof(akid_cs), input, length);
|
enc_valSz = SetOidValue(enc_val, length+3+sizeof(akid_cs),
|
||||||
|
akid_cs, sizeof(akid_cs), input, length);
|
||||||
if (enc_valSz == 0) {
|
if (enc_valSz == 0) {
|
||||||
XFREE(enc_val, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
XFREE(enc_val, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
ret = SetOidValue(output, akid_oid, sizeof(akid_oid), enc_val, enc_valSz);
|
ret = SetOidValue(output, outSz, akid_oid,
|
||||||
|
sizeof(akid_oid), enc_val, enc_valSz);
|
||||||
|
|
||||||
XFREE(enc_val, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
XFREE(enc_val, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
return ret;
|
return ret;
|
||||||
@@ -6003,7 +6072,7 @@ static int SetAKID(byte* output, byte *input, word32 length)
|
|||||||
|
|
||||||
/* encode Key Usage, return total bytes written
|
/* encode Key Usage, return total bytes written
|
||||||
* RFC5280 : critical */
|
* RFC5280 : critical */
|
||||||
static int SetKeyUsage(byte* output, word16 input)
|
static int SetKeyUsage(byte* output, word32 outSz, word16 input)
|
||||||
{
|
{
|
||||||
byte ku[5];
|
byte ku[5];
|
||||||
int unusedBits = 0;
|
int unusedBits = 0;
|
||||||
@@ -6040,7 +6109,7 @@ static int SetKeyUsage(byte* output, word16 input)
|
|||||||
if (input > 255)
|
if (input > 255)
|
||||||
ku[4] = (byte)((input >> 8) & 0xff);
|
ku[4] = (byte)((input >> 8) & 0xff);
|
||||||
|
|
||||||
return SetOidValue(output, keyusage_oid, sizeof(keyusage_oid),
|
return SetOidValue(output, outSz, keyusage_oid, sizeof(keyusage_oid),
|
||||||
ku, (int)ku[1]+2);
|
ku, (int)ku[1]+2);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -6048,7 +6117,7 @@ static int SetKeyUsage(byte* output, word16 input)
|
|||||||
static int EncodePolicyOID(byte *out, word32 *outSz, const char *in)
|
static int EncodePolicyOID(byte *out, word32 *outSz, const char *in)
|
||||||
{
|
{
|
||||||
word32 val, idx = 0, nb_val;
|
word32 val, idx = 0, nb_val;
|
||||||
char *token, *str;
|
char *token, *str, *ptr;
|
||||||
word32 len;
|
word32 len;
|
||||||
|
|
||||||
if (out == NULL || outSz == NULL || *outSz < 2 || in == NULL)
|
if (out == NULL || outSz == NULL || *outSz < 2 || in == NULL)
|
||||||
@@ -6066,7 +6135,7 @@ static int EncodePolicyOID(byte *out, word32 *outSz, const char *in)
|
|||||||
nb_val = 0;
|
nb_val = 0;
|
||||||
|
|
||||||
/* parse value, and set corresponding Policy OID value */
|
/* parse value, and set corresponding Policy OID value */
|
||||||
token = strtok(str, ".");
|
token = XSTRTOK(str, ".", &ptr);
|
||||||
while (token != NULL)
|
while (token != NULL)
|
||||||
{
|
{
|
||||||
val = (word32)atoi(token);
|
val = (word32)atoi(token);
|
||||||
@@ -6115,7 +6184,7 @@ static int EncodePolicyOID(byte *out, word32 *outSz, const char *in)
|
|||||||
out[idx++] = oid[i--];
|
out[idx++] = oid[i--];
|
||||||
}
|
}
|
||||||
|
|
||||||
token = strtok (NULL, ".");
|
token = XSTRTOK(NULL, ".", &ptr);
|
||||||
nb_val++;
|
nb_val++;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -6130,6 +6199,7 @@ static int EncodePolicyOID(byte *out, word32 *outSz, const char *in)
|
|||||||
* input must be an array of values with a NULL terminated for the latest
|
* input must be an array of values with a NULL terminated for the latest
|
||||||
* RFC5280 : non-critical */
|
* RFC5280 : non-critical */
|
||||||
static int SetCertificatePolicies(byte *output,
|
static int SetCertificatePolicies(byte *output,
|
||||||
|
word32 outputSz,
|
||||||
char input[MAX_CERTPOL_NB][MAX_CERTPOL_SZ],
|
char input[MAX_CERTPOL_NB][MAX_CERTPOL_SZ],
|
||||||
word16 nb_certpol)
|
word16 nb_certpol)
|
||||||
{
|
{
|
||||||
@@ -6155,7 +6225,8 @@ static int SetCertificatePolicies(byte *output,
|
|||||||
return ret;
|
return ret;
|
||||||
|
|
||||||
/* compute sequence value for the oid */
|
/* compute sequence value for the oid */
|
||||||
ret = SetOidValue(der_oid[i], oid_oid, sizeof(oid_oid), oid, oidSz);
|
ret = SetOidValue(der_oid[i], MAX_OID_SZ, oid_oid,
|
||||||
|
sizeof(oid_oid), oid, oidSz);
|
||||||
if (ret <= 0)
|
if (ret <= 0)
|
||||||
return ret;
|
return ret;
|
||||||
else
|
else
|
||||||
@@ -6174,25 +6245,31 @@ static int SetCertificatePolicies(byte *output,
|
|||||||
return ret;
|
return ret;
|
||||||
|
|
||||||
/* add Policy OID to compute final value */
|
/* add Policy OID to compute final value */
|
||||||
return SetOidValue(output, certpol_oid, sizeof(certpol_oid),
|
return SetOidValue(output, outputSz, certpol_oid, sizeof(certpol_oid),
|
||||||
out, outSz);
|
out, outSz);
|
||||||
}
|
}
|
||||||
#endif /* WOLFSSL_CERT_EXT */
|
#endif /* WOLFSSL_CERT_EXT */
|
||||||
|
|
||||||
#ifdef WOLFSSL_ALT_NAMES
|
#ifdef WOLFSSL_ALT_NAMES
|
||||||
/* encode Alternative Names, return total bytes written */
|
/* encode Alternative Names, return total bytes written */
|
||||||
static int SetAltNames(byte *output, byte *input, word32 length)
|
static int SetAltNames(byte *out, word32 outSz, byte *input, word32 length)
|
||||||
{
|
{
|
||||||
|
if (out == NULL || input == NULL)
|
||||||
|
return BAD_FUNC_ARG;
|
||||||
|
|
||||||
|
if (outSz < length)
|
||||||
|
return BUFFER_E;
|
||||||
|
|
||||||
/* Alternative Names come from certificate or computed by
|
/* Alternative Names come from certificate or computed by
|
||||||
* external function, so already encoded. Just copy value */
|
* external function, so already encoded. Just copy value */
|
||||||
XMEMCPY(output, input, length);
|
XMEMCPY(out, input, length);
|
||||||
return length;
|
return length;
|
||||||
}
|
}
|
||||||
#endif /* WOLFSL_ALT_NAMES */
|
#endif /* WOLFSL_ALT_NAMES */
|
||||||
|
|
||||||
|
|
||||||
/* encode CertName into output, return total bytes written */
|
/* encode CertName into output, return total bytes written */
|
||||||
static int SetName(byte* output, CertName* name)
|
static int SetName(byte* output, word32 outputSz, CertName* name)
|
||||||
{
|
{
|
||||||
int totalBytes = 0, i, idx;
|
int totalBytes = 0, i, idx;
|
||||||
#ifdef WOLFSSL_SMALL_STACK
|
#ifdef WOLFSSL_SMALL_STACK
|
||||||
@@ -6201,6 +6278,12 @@ static int SetName(byte* output, CertName* name)
|
|||||||
EncodedName names[NAME_ENTRIES];
|
EncodedName names[NAME_ENTRIES];
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
if (output == NULL || name == NULL)
|
||||||
|
return BAD_FUNC_ARG;
|
||||||
|
|
||||||
|
if (outputSz < 3)
|
||||||
|
return BUFFER_E;
|
||||||
|
|
||||||
#ifdef WOLFSSL_SMALL_STACK
|
#ifdef WOLFSSL_SMALL_STACK
|
||||||
names = (EncodedName*)XMALLOC(sizeof(EncodedName) * NAME_ENTRIES, NULL,
|
names = (EncodedName*)XMALLOC(sizeof(EncodedName) * NAME_ENTRIES, NULL,
|
||||||
DYNAMIC_TYPE_TMP_BUFFER);
|
DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
@@ -6312,6 +6395,13 @@ static int SetName(byte* output, CertName* name)
|
|||||||
|
|
||||||
for (i = 0; i < NAME_ENTRIES; i++) {
|
for (i = 0; i < NAME_ENTRIES; i++) {
|
||||||
if (names[i].used) {
|
if (names[i].used) {
|
||||||
|
if (outputSz < (word32)(idx+names[i].totalLen)) {
|
||||||
|
#ifdef WOLFSSL_SMALL_STACK
|
||||||
|
XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
|
#endif
|
||||||
|
return BUFFER_E;
|
||||||
|
}
|
||||||
|
|
||||||
XMEMCPY(output + idx, names[i].encoded, names[i].totalLen);
|
XMEMCPY(output + idx, names[i].encoded, names[i].totalLen);
|
||||||
idx += names[i].totalLen;
|
idx += names[i].totalLen;
|
||||||
}
|
}
|
||||||
@@ -6334,6 +6424,9 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
|
|||||||
(void)ntruKey;
|
(void)ntruKey;
|
||||||
(void)ntruSz;
|
(void)ntruSz;
|
||||||
|
|
||||||
|
if (cert == NULL || der == NULL || rng == NULL)
|
||||||
|
return BAD_FUNC_ARG;
|
||||||
|
|
||||||
/* init */
|
/* init */
|
||||||
XMEMSET(der, 0, sizeof(DerCert));
|
XMEMSET(der, 0, sizeof(DerCert));
|
||||||
|
|
||||||
@@ -6412,12 +6505,12 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* subject name */
|
/* subject name */
|
||||||
der->subjectSz = SetName(der->subject, &cert->subject);
|
der->subjectSz = SetName(der->subject, sizeof(der->subject), &cert->subject);
|
||||||
if (der->subjectSz == 0)
|
if (der->subjectSz == 0)
|
||||||
return SUBJECT_E;
|
return SUBJECT_E;
|
||||||
|
|
||||||
/* issuer name */
|
/* issuer name */
|
||||||
der->issuerSz = SetName(der->issuer, cert->selfSigned ?
|
der->issuerSz = SetName(der->issuer, sizeof(der->issuer), cert->selfSigned ?
|
||||||
&cert->subject : &cert->issuer);
|
&cert->subject : &cert->issuer);
|
||||||
if (der->issuerSz == 0)
|
if (der->issuerSz == 0)
|
||||||
return ISSUER_E;
|
return ISSUER_E;
|
||||||
@@ -6427,7 +6520,7 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
|
|||||||
|
|
||||||
/* CA */
|
/* CA */
|
||||||
if (cert->isCA) {
|
if (cert->isCA) {
|
||||||
der->caSz = SetCa(der->ca);
|
der->caSz = SetCa(der->ca, sizeof(der->ca));
|
||||||
if (der->caSz == 0)
|
if (der->caSz == 0)
|
||||||
return CA_TRUE_E;
|
return CA_TRUE_E;
|
||||||
|
|
||||||
@@ -6439,7 +6532,7 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
|
|||||||
#ifdef WOLFSSL_ALT_NAMES
|
#ifdef WOLFSSL_ALT_NAMES
|
||||||
/* Alternative Name */
|
/* Alternative Name */
|
||||||
if (cert->altNamesSz) {
|
if (cert->altNamesSz) {
|
||||||
der->altNamesSz = SetAltNames(der->altNames,
|
der->altNamesSz = SetAltNames(der->altNames, sizeof(der->altNames),
|
||||||
cert->altNames, cert->altNamesSz);
|
cert->altNames, cert->altNamesSz);
|
||||||
if (der->altNamesSz == 0)
|
if (der->altNamesSz == 0)
|
||||||
return ALT_NAME_E;
|
return ALT_NAME_E;
|
||||||
@@ -6457,7 +6550,8 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
|
|||||||
if (cert->skidSz > (int)sizeof(der->skid))
|
if (cert->skidSz > (int)sizeof(der->skid))
|
||||||
return SKID_E;
|
return SKID_E;
|
||||||
|
|
||||||
der->skidSz = SetSKID(der->skid, cert->skid, cert->skidSz);
|
der->skidSz = SetSKID(der->skid, sizeof(der->skid),
|
||||||
|
cert->skid, cert->skidSz);
|
||||||
if (der->skidSz == 0)
|
if (der->skidSz == 0)
|
||||||
return SKID_E;
|
return SKID_E;
|
||||||
|
|
||||||
@@ -6472,7 +6566,8 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
|
|||||||
if (cert->akidSz > (int)sizeof(der->akid))
|
if (cert->akidSz > (int)sizeof(der->akid))
|
||||||
return AKID_E;
|
return AKID_E;
|
||||||
|
|
||||||
der->akidSz = SetAKID(der->akid, cert->akid, cert->akidSz);
|
der->akidSz = SetAKID(der->akid, sizeof(der->akid),
|
||||||
|
cert->akid, cert->akidSz);
|
||||||
if (der->akidSz == 0)
|
if (der->akidSz == 0)
|
||||||
return AKID_E;
|
return AKID_E;
|
||||||
|
|
||||||
@@ -6483,7 +6578,8 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
|
|||||||
|
|
||||||
/* Key Usage */
|
/* Key Usage */
|
||||||
if (cert->keyUsage != 0){
|
if (cert->keyUsage != 0){
|
||||||
der->keyUsageSz = SetKeyUsage(der->keyUsage, cert->keyUsage);
|
der->keyUsageSz = SetKeyUsage(der->keyUsage, sizeof(der->keyUsage),
|
||||||
|
cert->keyUsage);
|
||||||
if (der->keyUsageSz == 0)
|
if (der->keyUsageSz == 0)
|
||||||
return KEYUSAGE_E;
|
return KEYUSAGE_E;
|
||||||
|
|
||||||
@@ -6495,6 +6591,7 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
|
|||||||
/* Certificate Policies */
|
/* Certificate Policies */
|
||||||
if (cert->certPoliciesNb != 0) {
|
if (cert->certPoliciesNb != 0) {
|
||||||
der->certPoliciesSz = SetCertificatePolicies(der->certPolicies,
|
der->certPoliciesSz = SetCertificatePolicies(der->certPolicies,
|
||||||
|
sizeof(der->certPolicies),
|
||||||
cert->certPolicies,
|
cert->certPolicies,
|
||||||
cert->certPoliciesNb);
|
cert->certPoliciesNb);
|
||||||
if (der->certPoliciesSz == 0)
|
if (der->certPoliciesSz == 0)
|
||||||
@@ -6511,13 +6608,15 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
|
|||||||
|
|
||||||
/* put the start of extensions sequence (ID, Size) */
|
/* put the start of extensions sequence (ID, Size) */
|
||||||
der->extensionsSz = SetExtensionsHeader(der->extensions,
|
der->extensionsSz = SetExtensionsHeader(der->extensions,
|
||||||
|
sizeof(der->extensions),
|
||||||
der->extensionsSz);
|
der->extensionsSz);
|
||||||
if (der->extensionsSz == 0)
|
if (der->extensionsSz == 0)
|
||||||
return EXTENSIONS_E;
|
return EXTENSIONS_E;
|
||||||
|
|
||||||
/* put CA */
|
/* put CA */
|
||||||
if (der->caSz) {
|
if (der->caSz) {
|
||||||
ret = SetExtensions(der->extensions, &der->extensionsSz,
|
ret = SetExtensions(der->extensions, sizeof(der->extensions),
|
||||||
|
&der->extensionsSz,
|
||||||
der->ca, der->caSz);
|
der->ca, der->caSz);
|
||||||
if (ret == 0)
|
if (ret == 0)
|
||||||
return EXTENSIONS_E;
|
return EXTENSIONS_E;
|
||||||
@@ -6526,7 +6625,8 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
|
|||||||
#ifdef WOLFSSL_ALT_NAMES
|
#ifdef WOLFSSL_ALT_NAMES
|
||||||
/* put Alternative Names */
|
/* put Alternative Names */
|
||||||
if (der->altNamesSz) {
|
if (der->altNamesSz) {
|
||||||
ret = SetExtensions(der->extensions, &der->extensionsSz,
|
ret = SetExtensions(der->extensions, sizeof(der->extensions),
|
||||||
|
&der->extensionsSz,
|
||||||
der->altNames, der->altNamesSz);
|
der->altNames, der->altNamesSz);
|
||||||
if (ret == 0)
|
if (ret == 0)
|
||||||
return EXTENSIONS_E;
|
return EXTENSIONS_E;
|
||||||
@@ -6536,7 +6636,8 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
|
|||||||
#ifdef WOLFSSL_CERT_EXT
|
#ifdef WOLFSSL_CERT_EXT
|
||||||
/* put SKID */
|
/* put SKID */
|
||||||
if (der->skidSz) {
|
if (der->skidSz) {
|
||||||
ret = SetExtensions(der->extensions, &der->extensionsSz,
|
ret = SetExtensions(der->extensions, sizeof(der->extensions),
|
||||||
|
&der->extensionsSz,
|
||||||
der->skid, der->skidSz);
|
der->skid, der->skidSz);
|
||||||
if (ret == 0)
|
if (ret == 0)
|
||||||
return EXTENSIONS_E;
|
return EXTENSIONS_E;
|
||||||
@@ -6544,7 +6645,8 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
|
|||||||
|
|
||||||
/* put AKID */
|
/* put AKID */
|
||||||
if (der->akidSz) {
|
if (der->akidSz) {
|
||||||
ret = SetExtensions(der->extensions, &der->extensionsSz,
|
ret = SetExtensions(der->extensions, sizeof(der->extensions),
|
||||||
|
&der->extensionsSz,
|
||||||
der->akid, der->akidSz);
|
der->akid, der->akidSz);
|
||||||
if (ret == 0)
|
if (ret == 0)
|
||||||
return EXTENSIONS_E;
|
return EXTENSIONS_E;
|
||||||
@@ -6552,7 +6654,8 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
|
|||||||
|
|
||||||
/* put KeyUsage */
|
/* put KeyUsage */
|
||||||
if (der->keyUsageSz) {
|
if (der->keyUsageSz) {
|
||||||
ret = SetExtensions(der->extensions, &der->extensionsSz,
|
ret = SetExtensions(der->extensions, sizeof(der->extensions),
|
||||||
|
&der->extensionsSz,
|
||||||
der->keyUsage, der->keyUsageSz);
|
der->keyUsage, der->keyUsageSz);
|
||||||
if (ret == 0)
|
if (ret == 0)
|
||||||
return EXTENSIONS_E;
|
return EXTENSIONS_E;
|
||||||
@@ -6560,7 +6663,8 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
|
|||||||
|
|
||||||
/* put Certificate Policies */
|
/* put Certificate Policies */
|
||||||
if (der->certPoliciesSz) {
|
if (der->certPoliciesSz) {
|
||||||
ret = SetExtensions(der->extensions, &der->extensionsSz,
|
ret = SetExtensions(der->extensions, sizeof(der->extensions),
|
||||||
|
&der->extensionsSz,
|
||||||
der->certPolicies, der->certPoliciesSz);
|
der->certPolicies, der->certPoliciesSz);
|
||||||
if (ret == 0)
|
if (ret == 0)
|
||||||
return EXTENSIONS_E;
|
return EXTENSIONS_E;
|
||||||
@@ -6883,6 +6987,9 @@ static int EncodeCertReq(Cert* cert, DerCert* der,
|
|||||||
{
|
{
|
||||||
(void)eccKey;
|
(void)eccKey;
|
||||||
|
|
||||||
|
if (cert == NULL || der == NULL)
|
||||||
|
return BAD_FUNC_ARG;
|
||||||
|
|
||||||
/* init */
|
/* init */
|
||||||
XMEMSET(der, 0, sizeof(DerCert));
|
XMEMSET(der, 0, sizeof(DerCert));
|
||||||
|
|
||||||
@@ -6890,7 +6997,7 @@ static int EncodeCertReq(Cert* cert, DerCert* der,
|
|||||||
der->versionSz = SetMyVersion(cert->version, der->version, FALSE);
|
der->versionSz = SetMyVersion(cert->version, der->version, FALSE);
|
||||||
|
|
||||||
/* subject name */
|
/* subject name */
|
||||||
der->subjectSz = SetName(der->subject, &cert->subject);
|
der->subjectSz = SetName(der->subject, sizeof(der->subject), &cert->subject);
|
||||||
if (der->subjectSz == 0)
|
if (der->subjectSz == 0)
|
||||||
return SUBJECT_E;
|
return SUBJECT_E;
|
||||||
|
|
||||||
@@ -6919,7 +7026,7 @@ static int EncodeCertReq(Cert* cert, DerCert* der,
|
|||||||
|
|
||||||
/* CA */
|
/* CA */
|
||||||
if (cert->isCA) {
|
if (cert->isCA) {
|
||||||
der->caSz = SetCa(der->ca);
|
der->caSz = SetCa(der->ca, sizeof(der->ca));
|
||||||
if (der->caSz == 0)
|
if (der->caSz == 0)
|
||||||
return CA_TRUE_E;
|
return CA_TRUE_E;
|
||||||
|
|
||||||
@@ -6935,7 +7042,8 @@ static int EncodeCertReq(Cert* cert, DerCert* der,
|
|||||||
if (cert->skidSz > (int)sizeof(der->skid))
|
if (cert->skidSz > (int)sizeof(der->skid))
|
||||||
return SKID_E;
|
return SKID_E;
|
||||||
|
|
||||||
der->skidSz = SetSKID(der->skid, cert->skid, cert->skidSz);
|
der->skidSz = SetSKID(der->skid, sizeof(der->skid),
|
||||||
|
cert->skid, cert->skidSz);
|
||||||
if (der->skidSz == 0)
|
if (der->skidSz == 0)
|
||||||
return SKID_E;
|
return SKID_E;
|
||||||
|
|
||||||
@@ -6946,7 +7054,8 @@ static int EncodeCertReq(Cert* cert, DerCert* der,
|
|||||||
|
|
||||||
/* Key Usage */
|
/* Key Usage */
|
||||||
if (cert->keyUsage != 0){
|
if (cert->keyUsage != 0){
|
||||||
der->keyUsageSz = SetKeyUsage(der->keyUsage, cert->keyUsage);
|
der->keyUsageSz = SetKeyUsage(der->keyUsage, sizeof(der->keyUsage),
|
||||||
|
cert->keyUsage);
|
||||||
if (der->keyUsageSz == 0)
|
if (der->keyUsageSz == 0)
|
||||||
return KEYUSAGE_E;
|
return KEYUSAGE_E;
|
||||||
|
|
||||||
@@ -6967,7 +7076,8 @@ static int EncodeCertReq(Cert* cert, DerCert* der,
|
|||||||
|
|
||||||
/* put CA */
|
/* put CA */
|
||||||
if (der->caSz) {
|
if (der->caSz) {
|
||||||
ret = SetExtensions(der->extensions, &der->extensionsSz,
|
ret = SetExtensions(der->extensions, sizeof(der->extensions),
|
||||||
|
&der->extensionsSz,
|
||||||
der->ca, der->caSz);
|
der->ca, der->caSz);
|
||||||
if (ret == 0)
|
if (ret == 0)
|
||||||
return EXTENSIONS_E;
|
return EXTENSIONS_E;
|
||||||
@@ -6976,7 +7086,8 @@ static int EncodeCertReq(Cert* cert, DerCert* der,
|
|||||||
#ifdef WOLFSSL_CERT_EXT
|
#ifdef WOLFSSL_CERT_EXT
|
||||||
/* put SKID */
|
/* put SKID */
|
||||||
if (der->skidSz) {
|
if (der->skidSz) {
|
||||||
ret = SetExtensions(der->extensions, &der->extensionsSz,
|
ret = SetExtensions(der->extensions, sizeof(der->extensions),
|
||||||
|
&der->extensionsSz,
|
||||||
der->skid, der->skidSz);
|
der->skid, der->skidSz);
|
||||||
if (ret == 0)
|
if (ret == 0)
|
||||||
return EXTENSIONS_E;
|
return EXTENSIONS_E;
|
||||||
@@ -6984,7 +7095,8 @@ static int EncodeCertReq(Cert* cert, DerCert* der,
|
|||||||
|
|
||||||
/* put AKID */
|
/* put AKID */
|
||||||
if (der->akidSz) {
|
if (der->akidSz) {
|
||||||
ret = SetExtensions(der->extensions, &der->extensionsSz,
|
ret = SetExtensions(der->extensions, sizeof(der->extensions),
|
||||||
|
&der->extensionsSz,
|
||||||
der->akid, der->akidSz);
|
der->akid, der->akidSz);
|
||||||
if (ret == 0)
|
if (ret == 0)
|
||||||
return EXTENSIONS_E;
|
return EXTENSIONS_E;
|
||||||
@@ -6992,7 +7104,8 @@ static int EncodeCertReq(Cert* cert, DerCert* der,
|
|||||||
|
|
||||||
/* put KeyUsage */
|
/* put KeyUsage */
|
||||||
if (der->keyUsageSz) {
|
if (der->keyUsageSz) {
|
||||||
ret = SetExtensions(der->extensions, &der->extensionsSz,
|
ret = SetExtensions(der->extensions, sizeof(der->extensions),
|
||||||
|
&der->extensionsSz,
|
||||||
der->keyUsage, der->keyUsageSz);
|
der->keyUsage, der->keyUsageSz);
|
||||||
if (ret == 0)
|
if (ret == 0)
|
||||||
return EXTENSIONS_E;
|
return EXTENSIONS_E;
|
||||||
@@ -7411,7 +7524,7 @@ int wc_SetAuthKeyId(Cert *cert, const char* file)
|
|||||||
/* Set KeyUsage from human readale string */
|
/* Set KeyUsage from human readale string */
|
||||||
int wc_SetKeyUsage(Cert *cert, const char *value)
|
int wc_SetKeyUsage(Cert *cert, const char *value)
|
||||||
{
|
{
|
||||||
char *token, *str;
|
char *token, *str, *ptr;
|
||||||
word32 len;
|
word32 len;
|
||||||
|
|
||||||
if (cert == NULL || value == NULL)
|
if (cert == NULL || value == NULL)
|
||||||
@@ -7427,7 +7540,7 @@ int wc_SetKeyUsage(Cert *cert, const char *value)
|
|||||||
XSTRNCPY(str, value, XSTRLEN(value));
|
XSTRNCPY(str, value, XSTRLEN(value));
|
||||||
|
|
||||||
/* parse value, and set corresponding Key Usage value */
|
/* parse value, and set corresponding Key Usage value */
|
||||||
token = strtok(str, ",");
|
token = XSTRTOK(str, ",", &ptr);
|
||||||
while (token != NULL)
|
while (token != NULL)
|
||||||
{
|
{
|
||||||
len = (word32)XSTRLEN(token);
|
len = (word32)XSTRLEN(token);
|
||||||
@@ -7454,7 +7567,7 @@ int wc_SetKeyUsage(Cert *cert, const char *value)
|
|||||||
else
|
else
|
||||||
return KEYUSAGE_E;
|
return KEYUSAGE_E;
|
||||||
|
|
||||||
token = strtok(NULL, ",");
|
token = XSTRTOK(NULL, ",", &ptr);
|
||||||
}
|
}
|
||||||
|
|
||||||
XFREE(str, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
XFREE(str, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
|
|||||||
@@ -190,18 +190,11 @@
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef WOLFSSL_CERT_EXT
|
#ifdef WOLFSSL_CERT_EXT
|
||||||
/* need snprintf for now, but breaks NO_FILESYSTEM w/ stdio.h
|
/* use only Thread Safe version of strtok */
|
||||||
* TODO: will be fixed shortly */
|
#ifndef USE_WINDOWS_API
|
||||||
#ifndef SNPRINTF_USER
|
#define XSTRTOK strtok_r
|
||||||
#ifdef NO_FILESYSTEM
|
#else
|
||||||
#error "cert gen extensions don't support no filesystem for now"
|
#define XSTRTOK strtok_s
|
||||||
#endif
|
|
||||||
#include <stdio.h> /* for snprintf */
|
|
||||||
#ifndef USE_WINDOWS_API
|
|
||||||
#define XSNPRINTF snprintf
|
|
||||||
#else
|
|
||||||
#define XSNPRINTF _snprintf
|
|
||||||
#endif
|
|
||||||
#endif
|
#endif
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user