forked from wolfSSL/wolfssl
Merge pull request #421 from ejohnstown/limit-country-code
Limit Country Name size
This commit is contained in:
toddouska
@@ -6717,6 +6717,14 @@ static int SetName(byte* output, word32 outputSz, CertName* name)
|
|||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Restrict country code size */
|
||||||
|
if (i == 0 && strLen != CTC_COUNTRY_SIZE) {
|
||||||
|
#ifdef WOLFSSL_SMALL_STACK
|
||||||
|
XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
|
#endif
|
||||||
|
return ASN_COUNTRY_SIZE_E;
|
||||||
|
}
|
||||||
|
|
||||||
secondSz = SetLength(strLen, secondLen);
|
secondSz = SetLength(strLen, secondLen);
|
||||||
thisLen += secondSz;
|
thisLen += secondSz;
|
||||||
if (email) {
|
if (email) {
|
||||||
@@ -6850,7 +6858,7 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
|
|||||||
|
|
||||||
/* signature algo */
|
/* signature algo */
|
||||||
der->sigAlgoSz = SetAlgoID(cert->sigType, der->sigAlgo, oidSigType, 0);
|
der->sigAlgoSz = SetAlgoID(cert->sigType, der->sigAlgo, oidSigType, 0);
|
||||||
if (der->sigAlgoSz == 0)
|
if (der->sigAlgoSz <= 0)
|
||||||
return ALGO_ID_E;
|
return ALGO_ID_E;
|
||||||
|
|
||||||
/* public key */
|
/* public key */
|
||||||
@@ -6899,7 +6907,7 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
|
|||||||
/* date validity copy ? */
|
/* date validity copy ? */
|
||||||
if (cert->beforeDateSz && cert->afterDateSz) {
|
if (cert->beforeDateSz && cert->afterDateSz) {
|
||||||
der->validitySz = CopyValidity(der->validity, cert);
|
der->validitySz = CopyValidity(der->validity, cert);
|
||||||
if (der->validitySz == 0)
|
if (der->validitySz <= 0)
|
||||||
return DATE_E;
|
return DATE_E;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
@@ -6907,19 +6915,19 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
|
|||||||
/* date validity */
|
/* date validity */
|
||||||
if (der->validitySz == 0) {
|
if (der->validitySz == 0) {
|
||||||
der->validitySz = SetValidity(der->validity, cert->daysValid);
|
der->validitySz = SetValidity(der->validity, cert->daysValid);
|
||||||
if (der->validitySz == 0)
|
if (der->validitySz <= 0)
|
||||||
return DATE_E;
|
return DATE_E;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* subject name */
|
/* subject name */
|
||||||
der->subjectSz = SetName(der->subject, sizeof(der->subject), &cert->subject);
|
der->subjectSz = SetName(der->subject, sizeof(der->subject), &cert->subject);
|
||||||
if (der->subjectSz == 0)
|
if (der->subjectSz <= 0)
|
||||||
return SUBJECT_E;
|
return SUBJECT_E;
|
||||||
|
|
||||||
/* issuer name */
|
/* issuer name */
|
||||||
der->issuerSz = SetName(der->issuer, sizeof(der->issuer), cert->selfSigned ?
|
der->issuerSz = SetName(der->issuer, sizeof(der->issuer), cert->selfSigned ?
|
||||||
&cert->subject : &cert->issuer);
|
&cert->subject : &cert->issuer);
|
||||||
if (der->issuerSz == 0)
|
if (der->issuerSz <= 0)
|
||||||
return ISSUER_E;
|
return ISSUER_E;
|
||||||
|
|
||||||
/* set the extensions */
|
/* set the extensions */
|
||||||
@@ -6928,7 +6936,7 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
|
|||||||
/* CA */
|
/* CA */
|
||||||
if (cert->isCA) {
|
if (cert->isCA) {
|
||||||
der->caSz = SetCa(der->ca, sizeof(der->ca));
|
der->caSz = SetCa(der->ca, sizeof(der->ca));
|
||||||
if (der->caSz == 0)
|
if (der->caSz <= 0)
|
||||||
return CA_TRUE_E;
|
return CA_TRUE_E;
|
||||||
|
|
||||||
der->extensionsSz += der->caSz;
|
der->extensionsSz += der->caSz;
|
||||||
@@ -6941,7 +6949,7 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
|
|||||||
if (cert->altNamesSz) {
|
if (cert->altNamesSz) {
|
||||||
der->altNamesSz = SetAltNames(der->altNames, sizeof(der->altNames),
|
der->altNamesSz = SetAltNames(der->altNames, sizeof(der->altNames),
|
||||||
cert->altNames, cert->altNamesSz);
|
cert->altNames, cert->altNamesSz);
|
||||||
if (der->altNamesSz == 0)
|
if (der->altNamesSz <= 0)
|
||||||
return ALT_NAME_E;
|
return ALT_NAME_E;
|
||||||
|
|
||||||
der->extensionsSz += der->altNamesSz;
|
der->extensionsSz += der->altNamesSz;
|
||||||
@@ -6959,7 +6967,7 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
|
|||||||
|
|
||||||
der->skidSz = SetSKID(der->skid, sizeof(der->skid),
|
der->skidSz = SetSKID(der->skid, sizeof(der->skid),
|
||||||
cert->skid, cert->skidSz);
|
cert->skid, cert->skidSz);
|
||||||
if (der->skidSz == 0)
|
if (der->skidSz <= 0)
|
||||||
return SKID_E;
|
return SKID_E;
|
||||||
|
|
||||||
der->extensionsSz += der->skidSz;
|
der->extensionsSz += der->skidSz;
|
||||||
@@ -6975,7 +6983,7 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
|
|||||||
|
|
||||||
der->akidSz = SetAKID(der->akid, sizeof(der->akid),
|
der->akidSz = SetAKID(der->akid, sizeof(der->akid),
|
||||||
cert->akid, cert->akidSz);
|
cert->akid, cert->akidSz);
|
||||||
if (der->akidSz == 0)
|
if (der->akidSz <= 0)
|
||||||
return AKID_E;
|
return AKID_E;
|
||||||
|
|
||||||
der->extensionsSz += der->akidSz;
|
der->extensionsSz += der->akidSz;
|
||||||
@@ -6987,7 +6995,7 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
|
|||||||
if (cert->keyUsage != 0){
|
if (cert->keyUsage != 0){
|
||||||
der->keyUsageSz = SetKeyUsage(der->keyUsage, sizeof(der->keyUsage),
|
der->keyUsageSz = SetKeyUsage(der->keyUsage, sizeof(der->keyUsage),
|
||||||
cert->keyUsage);
|
cert->keyUsage);
|
||||||
if (der->keyUsageSz == 0)
|
if (der->keyUsageSz <= 0)
|
||||||
return KEYUSAGE_E;
|
return KEYUSAGE_E;
|
||||||
|
|
||||||
der->extensionsSz += der->keyUsageSz;
|
der->extensionsSz += der->keyUsageSz;
|
||||||
@@ -7001,7 +7009,7 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
|
|||||||
sizeof(der->certPolicies),
|
sizeof(der->certPolicies),
|
||||||
cert->certPolicies,
|
cert->certPolicies,
|
||||||
cert->certPoliciesNb);
|
cert->certPoliciesNb);
|
||||||
if (der->certPoliciesSz == 0)
|
if (der->certPoliciesSz <= 0)
|
||||||
return CERTPOLICIES_E;
|
return CERTPOLICIES_E;
|
||||||
|
|
||||||
der->extensionsSz += der->certPoliciesSz;
|
der->extensionsSz += der->certPoliciesSz;
|
||||||
@@ -7017,7 +7025,7 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
|
|||||||
der->extensionsSz = SetExtensionsHeader(der->extensions,
|
der->extensionsSz = SetExtensionsHeader(der->extensions,
|
||||||
sizeof(der->extensions),
|
sizeof(der->extensions),
|
||||||
der->extensionsSz);
|
der->extensionsSz);
|
||||||
if (der->extensionsSz == 0)
|
if (der->extensionsSz <= 0)
|
||||||
return EXTENSIONS_E;
|
return EXTENSIONS_E;
|
||||||
|
|
||||||
/* put CA */
|
/* put CA */
|
||||||
@@ -7035,7 +7043,7 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
|
|||||||
ret = SetExtensions(der->extensions, sizeof(der->extensions),
|
ret = SetExtensions(der->extensions, sizeof(der->extensions),
|
||||||
&der->extensionsSz,
|
&der->extensionsSz,
|
||||||
der->altNames, der->altNamesSz);
|
der->altNames, der->altNamesSz);
|
||||||
if (ret == 0)
|
if (ret <= 0)
|
||||||
return EXTENSIONS_E;
|
return EXTENSIONS_E;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
@@ -7046,7 +7054,7 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
|
|||||||
ret = SetExtensions(der->extensions, sizeof(der->extensions),
|
ret = SetExtensions(der->extensions, sizeof(der->extensions),
|
||||||
&der->extensionsSz,
|
&der->extensionsSz,
|
||||||
der->skid, der->skidSz);
|
der->skid, der->skidSz);
|
||||||
if (ret == 0)
|
if (ret <= 0)
|
||||||
return EXTENSIONS_E;
|
return EXTENSIONS_E;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -7055,7 +7063,7 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
|
|||||||
ret = SetExtensions(der->extensions, sizeof(der->extensions),
|
ret = SetExtensions(der->extensions, sizeof(der->extensions),
|
||||||
&der->extensionsSz,
|
&der->extensionsSz,
|
||||||
der->akid, der->akidSz);
|
der->akid, der->akidSz);
|
||||||
if (ret == 0)
|
if (ret <= 0)
|
||||||
return EXTENSIONS_E;
|
return EXTENSIONS_E;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -7064,7 +7072,7 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
|
|||||||
ret = SetExtensions(der->extensions, sizeof(der->extensions),
|
ret = SetExtensions(der->extensions, sizeof(der->extensions),
|
||||||
&der->extensionsSz,
|
&der->extensionsSz,
|
||||||
der->keyUsage, der->keyUsageSz);
|
der->keyUsage, der->keyUsageSz);
|
||||||
if (ret == 0)
|
if (ret <= 0)
|
||||||
return EXTENSIONS_E;
|
return EXTENSIONS_E;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -7073,7 +7081,7 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
|
|||||||
ret = SetExtensions(der->extensions, sizeof(der->extensions),
|
ret = SetExtensions(der->extensions, sizeof(der->extensions),
|
||||||
&der->extensionsSz,
|
&der->extensionsSz,
|
||||||
der->certPolicies, der->certPoliciesSz);
|
der->certPolicies, der->certPoliciesSz);
|
||||||
if (ret == 0)
|
if (ret <= 0)
|
||||||
return EXTENSIONS_E;
|
return EXTENSIONS_E;
|
||||||
}
|
}
|
||||||
#endif /* WOLFSSL_CERT_EXT */
|
#endif /* WOLFSSL_CERT_EXT */
|
||||||
@@ -7405,7 +7413,7 @@ static int EncodeCertReq(Cert* cert, DerCert* der,
|
|||||||
|
|
||||||
/* subject name */
|
/* subject name */
|
||||||
der->subjectSz = SetName(der->subject, sizeof(der->subject), &cert->subject);
|
der->subjectSz = SetName(der->subject, sizeof(der->subject), &cert->subject);
|
||||||
if (der->subjectSz == 0)
|
if (der->subjectSz <= 0)
|
||||||
return SUBJECT_E;
|
return SUBJECT_E;
|
||||||
|
|
||||||
/* public key */
|
/* public key */
|
||||||
@@ -7434,7 +7442,7 @@ static int EncodeCertReq(Cert* cert, DerCert* der,
|
|||||||
/* CA */
|
/* CA */
|
||||||
if (cert->isCA) {
|
if (cert->isCA) {
|
||||||
der->caSz = SetCa(der->ca, sizeof(der->ca));
|
der->caSz = SetCa(der->ca, sizeof(der->ca));
|
||||||
if (der->caSz == 0)
|
if (der->caSz <= 0)
|
||||||
return CA_TRUE_E;
|
return CA_TRUE_E;
|
||||||
|
|
||||||
der->extensionsSz += der->caSz;
|
der->extensionsSz += der->caSz;
|
||||||
@@ -7451,7 +7459,7 @@ static int EncodeCertReq(Cert* cert, DerCert* der,
|
|||||||
|
|
||||||
der->skidSz = SetSKID(der->skid, sizeof(der->skid),
|
der->skidSz = SetSKID(der->skid, sizeof(der->skid),
|
||||||
cert->skid, cert->skidSz);
|
cert->skid, cert->skidSz);
|
||||||
if (der->skidSz == 0)
|
if (der->skidSz <= 0)
|
||||||
return SKID_E;
|
return SKID_E;
|
||||||
|
|
||||||
der->extensionsSz += der->skidSz;
|
der->extensionsSz += der->skidSz;
|
||||||
@@ -7463,7 +7471,7 @@ static int EncodeCertReq(Cert* cert, DerCert* der,
|
|||||||
if (cert->keyUsage != 0){
|
if (cert->keyUsage != 0){
|
||||||
der->keyUsageSz = SetKeyUsage(der->keyUsage, sizeof(der->keyUsage),
|
der->keyUsageSz = SetKeyUsage(der->keyUsage, sizeof(der->keyUsage),
|
||||||
cert->keyUsage);
|
cert->keyUsage);
|
||||||
if (der->keyUsageSz == 0)
|
if (der->keyUsageSz <= 0)
|
||||||
return KEYUSAGE_E;
|
return KEYUSAGE_E;
|
||||||
|
|
||||||
der->extensionsSz += der->keyUsageSz;
|
der->extensionsSz += der->keyUsageSz;
|
||||||
@@ -7478,7 +7486,7 @@ static int EncodeCertReq(Cert* cert, DerCert* der,
|
|||||||
|
|
||||||
/* put the start of sequence (ID, Size) */
|
/* put the start of sequence (ID, Size) */
|
||||||
der->extensionsSz = SetSequence(der->extensionsSz, der->extensions);
|
der->extensionsSz = SetSequence(der->extensionsSz, der->extensions);
|
||||||
if (der->extensionsSz == 0)
|
if (der->extensionsSz <= 0)
|
||||||
return EXTENSIONS_E;
|
return EXTENSIONS_E;
|
||||||
|
|
||||||
/* put CA */
|
/* put CA */
|
||||||
@@ -7486,7 +7494,7 @@ static int EncodeCertReq(Cert* cert, DerCert* der,
|
|||||||
ret = SetExtensions(der->extensions, sizeof(der->extensions),
|
ret = SetExtensions(der->extensions, sizeof(der->extensions),
|
||||||
&der->extensionsSz,
|
&der->extensionsSz,
|
||||||
der->ca, der->caSz);
|
der->ca, der->caSz);
|
||||||
if (ret == 0)
|
if (ret <= 0)
|
||||||
return EXTENSIONS_E;
|
return EXTENSIONS_E;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -7496,7 +7504,7 @@ static int EncodeCertReq(Cert* cert, DerCert* der,
|
|||||||
ret = SetExtensions(der->extensions, sizeof(der->extensions),
|
ret = SetExtensions(der->extensions, sizeof(der->extensions),
|
||||||
&der->extensionsSz,
|
&der->extensionsSz,
|
||||||
der->skid, der->skidSz);
|
der->skid, der->skidSz);
|
||||||
if (ret == 0)
|
if (ret <= 0)
|
||||||
return EXTENSIONS_E;
|
return EXTENSIONS_E;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -7505,7 +7513,7 @@ static int EncodeCertReq(Cert* cert, DerCert* der,
|
|||||||
ret = SetExtensions(der->extensions, sizeof(der->extensions),
|
ret = SetExtensions(der->extensions, sizeof(der->extensions),
|
||||||
&der->extensionsSz,
|
&der->extensionsSz,
|
||||||
der->akid, der->akidSz);
|
der->akid, der->akidSz);
|
||||||
if (ret == 0)
|
if (ret <= 0)
|
||||||
return EXTENSIONS_E;
|
return EXTENSIONS_E;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -7514,7 +7522,7 @@ static int EncodeCertReq(Cert* cert, DerCert* der,
|
|||||||
ret = SetExtensions(der->extensions, sizeof(der->extensions),
|
ret = SetExtensions(der->extensions, sizeof(der->extensions),
|
||||||
&der->extensionsSz,
|
&der->extensionsSz,
|
||||||
der->keyUsage, der->keyUsageSz);
|
der->keyUsage, der->keyUsageSz);
|
||||||
if (ret == 0)
|
if (ret <= 0)
|
||||||
return EXTENSIONS_E;
|
return EXTENSIONS_E;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -7523,7 +7531,7 @@ static int EncodeCertReq(Cert* cert, DerCert* der,
|
|||||||
|
|
||||||
der->attribSz = SetReqAttrib(der->attrib,
|
der->attribSz = SetReqAttrib(der->attrib,
|
||||||
cert->challengePw, der->extensionsSz);
|
cert->challengePw, der->extensionsSz);
|
||||||
if (der->attribSz == 0)
|
if (der->attribSz <= 0)
|
||||||
return REQ_ATTRIBUTE_E;
|
return REQ_ATTRIBUTE_E;
|
||||||
|
|
||||||
der->total = der->versionSz + der->subjectSz + der->publicKeySz +
|
der->total = der->versionSz + der->subjectSz + der->publicKeySz +
|
||||||
|
|||||||
@@ -380,6 +380,9 @@ const char* wc_GetErrorString(int error)
|
|||||||
case WC_KEY_SIZE_E:
|
case WC_KEY_SIZE_E:
|
||||||
return "Key size error, either too small or large";
|
return "Key size error, either too small or large";
|
||||||
|
|
||||||
|
case ASN_COUNTRY_SIZE_E:
|
||||||
|
return "Country code size error, either too small or large";
|
||||||
|
|
||||||
default:
|
default:
|
||||||
return "unknown error number";
|
return "unknown error number";
|
||||||
|
|
||||||
|
|||||||
@@ -77,6 +77,7 @@ enum Ctc_Encoding {
|
|||||||
};
|
};
|
||||||
|
|
||||||
enum Ctc_Misc {
|
enum Ctc_Misc {
|
||||||
|
CTC_COUNTRY_SIZE = 2,
|
||||||
CTC_NAME_SIZE = 64,
|
CTC_NAME_SIZE = 64,
|
||||||
CTC_DATE_SIZE = 32,
|
CTC_DATE_SIZE = 32,
|
||||||
CTC_MAX_ALT_SIZE = 16384, /* may be huge */
|
CTC_MAX_ALT_SIZE = 16384, /* may be huge */
|
||||||
|
|||||||
@@ -170,6 +170,7 @@ enum {
|
|||||||
WC_PENDING_E = -233, /* wolfCrypt operation pending (would block) */
|
WC_PENDING_E = -233, /* wolfCrypt operation pending (would block) */
|
||||||
|
|
||||||
WC_KEY_SIZE_E = -234, /* Key size error, either too small or large */
|
WC_KEY_SIZE_E = -234, /* Key size error, either too small or large */
|
||||||
|
ASN_COUNTRY_SIZE_E = -235, /* ASN Cert Gen, invalid country code size */
|
||||||
|
|
||||||
MIN_CODE_E = -300 /* errors -101 - -299 */
|
MIN_CODE_E = -300 /* errors -101 - -299 */
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user