feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

1. SetName() should return error if country code isn't 2 bytes.

Browse Source 
2. MakeCert() was not checking return codes correctly for the SetFoo()
    functions.
3. Added error code for invalid country code length.
This commit is contained in:
John Safranek
2016-05-18 15:04:40 -07:00
parent 03e6f7cca3
commit 5c8daa0ac6
3 changed files with 29 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
wolfcrypt/src/asn.c
View File

@@ -6712,19 +6712,19 @@ static int SetName(byte* output, word32 outputSz, CertName* name)
int thisLen = strLen; int thisLen = strLen;
int firstSz, secondSz, seqSz, setSz; int firstSz, secondSz, seqSz, setSz;
/* Restrict country code size */
if (i == 0) {
if (strLen >= CTC_COUNTRY_SIZE)
strLen = CTC_COUNTRY_SIZE;
else
strLen = 0;
}
if (strLen == 0) { /* no user data for this item */ if (strLen == 0) { /* no user data for this item */
names[i].used = 0; names[i].used = 0;
continue; continue;
} }
/* Restrict country code size */
if (i == 0 && strLen != CTC_COUNTRY_SIZE) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ASN_COUNTRY_SIZE_E;
}
secondSz = SetLength(strLen, secondLen); secondSz = SetLength(strLen, secondLen);
thisLen += secondSz; thisLen += secondSz;
if (email) { if (email) {
@@ -6858,7 +6858,7 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
/* signature algo */ /* signature algo */
der->sigAlgoSz = SetAlgoID(cert->sigType, der->sigAlgo, oidSigType, 0); der->sigAlgoSz = SetAlgoID(cert->sigType, der->sigAlgo, oidSigType, 0);
if (der->sigAlgoSz == 0) if (der->sigAlgoSz <= 0)
return ALGO_ID_E; return ALGO_ID_E;
/* public key */ /* public key */
@@ -6907,7 +6907,7 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
/* date validity copy ? */ /* date validity copy ? */
if (cert->beforeDateSz && cert->afterDateSz) { if (cert->beforeDateSz && cert->afterDateSz) {
der->validitySz = CopyValidity(der->validity, cert); der->validitySz = CopyValidity(der->validity, cert);
if (der->validitySz == 0) if (der->validitySz <= 0)
return DATE_E; return DATE_E;
} }
#endif #endif
@@ -6915,19 +6915,19 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
/* date validity */ /* date validity */
if (der->validitySz == 0) { if (der->validitySz == 0) {
der->validitySz = SetValidity(der->validity, cert->daysValid); der->validitySz = SetValidity(der->validity, cert->daysValid);
if (der->validitySz == 0) if (der->validitySz <= 0)
return DATE_E; return DATE_E;
} }
/* subject name */ /* subject name */
der->subjectSz = SetName(der->subject, sizeof(der->subject), &cert->subject); der->subjectSz = SetName(der->subject, sizeof(der->subject), &cert->subject);
if (der->subjectSz == 0) if (der->subjectSz <= 0)
return SUBJECT_E; return SUBJECT_E;
/* issuer name */ /* issuer name */
der->issuerSz = SetName(der->issuer, sizeof(der->issuer), cert->selfSigned ? der->issuerSz = SetName(der->issuer, sizeof(der->issuer), cert->selfSigned ?
&cert->subject : &cert->issuer); &cert->subject : &cert->issuer);
if (der->issuerSz == 0) if (der->issuerSz <= 0)
return ISSUER_E; return ISSUER_E;
/* set the extensions */ /* set the extensions */
@@ -6936,7 +6936,7 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
/* CA */ /* CA */
if (cert->isCA) { if (cert->isCA) {
der->caSz = SetCa(der->ca, sizeof(der->ca)); der->caSz = SetCa(der->ca, sizeof(der->ca));
if (der->caSz == 0) if (der->caSz <= 0)
return CA_TRUE_E; return CA_TRUE_E;
der->extensionsSz += der->caSz; der->extensionsSz += der->caSz;
@@ -6949,7 +6949,7 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
if (cert->altNamesSz) { if (cert->altNamesSz) {
der->altNamesSz = SetAltNames(der->altNames, sizeof(der->altNames), der->altNamesSz = SetAltNames(der->altNames, sizeof(der->altNames),
cert->altNames, cert->altNamesSz); cert->altNames, cert->altNamesSz);
if (der->altNamesSz == 0) if (der->altNamesSz <= 0)
return ALT_NAME_E; return ALT_NAME_E;
der->extensionsSz += der->altNamesSz; der->extensionsSz += der->altNamesSz;
@@ -6967,7 +6967,7 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
der->skidSz = SetSKID(der->skid, sizeof(der->skid), der->skidSz = SetSKID(der->skid, sizeof(der->skid),
cert->skid, cert->skidSz); cert->skid, cert->skidSz);
if (der->skidSz == 0) if (der->skidSz <= 0)
return SKID_E; return SKID_E;
der->extensionsSz += der->skidSz; der->extensionsSz += der->skidSz;
@@ -6983,7 +6983,7 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
der->akidSz = SetAKID(der->akid, sizeof(der->akid), der->akidSz = SetAKID(der->akid, sizeof(der->akid),
cert->akid, cert->akidSz); cert->akid, cert->akidSz);
if (der->akidSz == 0) if (der->akidSz <= 0)
return AKID_E; return AKID_E;
der->extensionsSz += der->akidSz; der->extensionsSz += der->akidSz;
@@ -6995,7 +6995,7 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
if (cert->keyUsage != 0){ if (cert->keyUsage != 0){
der->keyUsageSz = SetKeyUsage(der->keyUsage, sizeof(der->keyUsage), der->keyUsageSz = SetKeyUsage(der->keyUsage, sizeof(der->keyUsage),
cert->keyUsage); cert->keyUsage);
if (der->keyUsageSz == 0) if (der->keyUsageSz <= 0)
return KEYUSAGE_E; return KEYUSAGE_E;
der->extensionsSz += der->keyUsageSz; der->extensionsSz += der->keyUsageSz;
@@ -7009,7 +7009,7 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
sizeof(der->certPolicies), sizeof(der->certPolicies),
cert->certPolicies, cert->certPolicies,
cert->certPoliciesNb); cert->certPoliciesNb);
if (der->certPoliciesSz == 0) if (der->certPoliciesSz <= 0)
return CERTPOLICIES_E; return CERTPOLICIES_E;
der->extensionsSz += der->certPoliciesSz; der->extensionsSz += der->certPoliciesSz;
@@ -7025,7 +7025,7 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
der->extensionsSz = SetExtensionsHeader(der->extensions, der->extensionsSz = SetExtensionsHeader(der->extensions,
sizeof(der->extensions), sizeof(der->extensions),
der->extensionsSz); der->extensionsSz);
if (der->extensionsSz == 0) if (der->extensionsSz <= 0)
return EXTENSIONS_E; return EXTENSIONS_E;
/* put CA */ /* put CA */
@@ -7043,7 +7043,7 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
ret = SetExtensions(der->extensions, sizeof(der->extensions), ret = SetExtensions(der->extensions, sizeof(der->extensions),
&der->extensionsSz, &der->extensionsSz,
der->altNames, der->altNamesSz); der->altNames, der->altNamesSz);
if (ret == 0) if (ret <= 0)
return EXTENSIONS_E; return EXTENSIONS_E;
} }
#endif #endif
@@ -7054,7 +7054,7 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
ret = SetExtensions(der->extensions, sizeof(der->extensions), ret = SetExtensions(der->extensions, sizeof(der->extensions),
&der->extensionsSz, &der->extensionsSz,
der->skid, der->skidSz); der->skid, der->skidSz);
if (ret == 0) if (ret <= 0)
return EXTENSIONS_E; return EXTENSIONS_E;
} }
@@ -7063,7 +7063,7 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
ret = SetExtensions(der->extensions, sizeof(der->extensions), ret = SetExtensions(der->extensions, sizeof(der->extensions),
&der->extensionsSz, &der->extensionsSz,
der->akid, der->akidSz); der->akid, der->akidSz);
if (ret == 0) if (ret <= 0)
return EXTENSIONS_E; return EXTENSIONS_E;
} }
@@ -7072,7 +7072,7 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
ret = SetExtensions(der->extensions, sizeof(der->extensions), ret = SetExtensions(der->extensions, sizeof(der->extensions),
&der->extensionsSz, &der->extensionsSz,
der->keyUsage, der->keyUsageSz); der->keyUsage, der->keyUsageSz);
if (ret == 0) if (ret <= 0)
return EXTENSIONS_E; return EXTENSIONS_E;
} }
@@ -7081,7 +7081,7 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
ret = SetExtensions(der->extensions, sizeof(der->extensions), ret = SetExtensions(der->extensions, sizeof(der->extensions),
&der->extensionsSz, &der->extensionsSz,
der->certPolicies, der->certPoliciesSz); der->certPolicies, der->certPoliciesSz);
if (ret == 0) if (ret <= 0)
return EXTENSIONS_E; return EXTENSIONS_E;
} }
#endif /* WOLFSSL_CERT_EXT */ #endif /* WOLFSSL_CERT_EXT */

3
wolfcrypt/src/error.c
View File

@@ -380,6 +380,9 @@ const char* wc_GetErrorString(int error)
case WC_KEY_SIZE_E: case WC_KEY_SIZE_E:
return "Key size error, either too small or large"; return "Key size error, either too small or large";
case ASN_COUNTRY_SIZE_E:
return "Country code size error, either too small or large";
default: default:
return "unknown error number"; return "unknown error number";

1
wolfssl/wolfcrypt/error-crypt.h
View File

@@ -170,6 +170,7 @@ enum {
WC_PENDING_E = -233, /* wolfCrypt operation pending (would block) */ WC_PENDING_E = -233, /* wolfCrypt operation pending (would block) */
WC_KEY_SIZE_E = -234, /* Key size error, either too small or large */ WC_KEY_SIZE_E = -234, /* Key size error, either too small or large */
ASN_COUNTRY_SIZE_E = -235, /* ASN Cert Gen, invalid country code size */
MIN_CODE_E = -300 /* errors -101 - -299 */ MIN_CODE_E = -300 /* errors -101 - -299 */