feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #2234 from JacobBarthelmeh/Testing

Browse Source 
add sanity check on buffer index and regression tests
This commit is contained in:
toddouska
2019-05-23 11:32:38 -07:00
committed by GitHub
parent 5b5d03d5ac 88bf5d9676
commit a742cf9bf8
7 changed files with 339 additions and 94 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
configure.ac
View File

@@ -195,6 +195,9 @@ then
# Enable DH const table speedups (eliminates `-lm` math lib dependency)
AM_CFLAGS="$AM_CFLAGS -DHAVE_FFDHE_2048 -DHAVE_FFDHE_3072 -DFP_MAX_BITS=8192"
# Enable multiple attribute additions such as DC
AM_CFLAGS="-DWOLFSSL_MULTI_ATTRIB $AM_CFLAGS"
fi
AM_CONDITIONAL([BUILD_ALL], [test "x$ENABLED_ALL" = "xyes"])

231
src/ssl.c
View File

@@ -16956,43 +16956,30 @@ WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509)
int wolfSSL_X509_NAME_get_index_by_NID(WOLFSSL_X509_NAME* name,
int nid, int pos)
{
int ret = -1;
int value = nid, i;
WOLFSSL_ENTER("wolfSSL_X509_NAME_get_index_by_NID");
if (name == NULL) {
if (name == NULL || pos >= DN_NAMES_MAX + DOMAIN_COMPONENT_MAX) {
return BAD_FUNC_ARG;
}
/* these index values are already stored in DecodedName
use those when available */
if (name->fullName.fullName && name->fullName.fullNameLen > 0) {
name->fullName.dcMode = 0;
switch (nid) {
case ASN_COMMON_NAME:
if (pos != name->fullName.cnIdx)
ret = name->fullName.cnIdx;
break;
case ASN_DOMAIN_COMPONENT:
name->fullName.dcMode = 1;
if (pos < name->fullName.dcNum - 1){
ret = pos + 1;
} else {
ret = -1;
}
break;
default:
WOLFSSL_MSG("NID not yet implemented");
break;
}
if (value == NID_emailAddress) {
value = ASN_EMAIL_NAME;
}
WOLFSSL_LEAVE("wolfSSL_X509_NAME_get_index_by_NID", ret);
i = pos + 1; /* start search after index passed in */
if (i < 0) {
i = 0;
}
(void)pos;
(void)nid;
return ret;
for (;i < name->fullName.locSz &&
i < DN_NAMES_MAX + DOMAIN_COMPONENT_MAX; i++) {
if (name->fullName.loc[i] == value) {
return i;
}
}
return WOLFSSL_FATAL_ERROR;
}
@@ -17033,7 +17020,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509)
WOLFSSL_ENTER("wolfSSL_ASN1_STRING_free");
if (asn1 != NULL) {
if (asn1->length > 0 && asn1->data != NULL) {
if (asn1->length > 0 && asn1->data != NULL && asn1->isDynamic) {
XFREE(asn1->data, NULL, DYNAMIC_TYPE_OPENSSL);
}
XFREE(asn1, NULL, DYNAMIC_TYPE_OPENSSL);
@@ -17088,14 +17075,21 @@ WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509)
}
/* free any existing data before copying */
if (asn1->data != NULL) {
if (asn1->data != NULL && asn1->isDynamic) {
XFREE(asn1->data, NULL, DYNAMIC_TYPE_OPENSSL);
}
/* create new data buffer and copy over */
asn1->data = (char*)XMALLOC(sz, NULL, DYNAMIC_TYPE_OPENSSL);
if (asn1->data == NULL) {
return WOLFSSL_FAILURE;
if (sz > CTC_NAME_SIZE) {
/* create new data buffer and copy over */
asn1->data = (char*)XMALLOC(sz, NULL, DYNAMIC_TYPE_OPENSSL);
if (asn1->data == NULL) {
return WOLFSSL_FAILURE;
}
asn1->isDynamic = 1;
}
else {
XMEMSET(asn1->strData, 0, CTC_NAME_SIZE);
asn1->data = asn1->strData;
}
XMEMCPY(asn1->data, data, sz);
asn1->length = sz;
@@ -30379,6 +30373,7 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
if (out == NULL || name == NULL) {
return BAD_FUNC_ARG;
}
XMEMSET(&cName, 0, sizeof(CertName));
if (CopyX509NameToCertName(name, &cName) != SSL_SUCCESS) {
WOLFSSL_MSG("Error converting x509 name to internal CertName");
@@ -31316,6 +31311,30 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
}
if (fullName) {
int nid = entry->nid;
if (nid == NID_emailAddress) {
nid = (int)ASN_EMAIL_NAME;
}
if (idx >= DN_NAMES_MAX + DOMAIN_COMPONENT_MAX) {
return WOLFSSL_FAILURE;
}
if (idx >= 0) {
name->fullName.loc[idx] = nid;
if (idx == name->fullName.locSz) {
name->fullName.locSz += 1;
}
}
/* place at end */
if (idx < 0 && name->fullName.locSz + 1
< DN_NAMES_MAX + DOMAIN_COMPONENT_MAX) {
name->fullName.loc[name->fullName.locSz] = nid;
name->fullName.locSz += 1;
}
if (RebuildFullNameAdd(&name->fullName, entry->value->data) != 0)
return WOLFSSL_FAILURE;
}
@@ -32452,66 +32471,113 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
return NULL;
}
static WOLFSSL_X509_NAME *get_nameByLoc( WOLFSSL_X509_NAME *name, int loc)
/* looks up the DN given the location "loc". "loc" is the number indicating
* the order that the DN was parsed as, 0 is first DN parsed.
*
* returns the setup WOLFSSL_X509_NAME pointer on success and NULL on fail
*/
static WOLFSSL_X509_NAME *wolfSSL_nameByLoc( WOLFSSL_X509_NAME *name, int loc)
{
switch (loc)
char* pt = NULL;
int sz = 0;
switch (name->fullName.loc[loc])
{
case 0:
name->cnEntry.value->length = name->fullName.cnLen;
name->cnEntry.value->data = &name->fullName.fullName[name->fullName.cnIdx];
case ASN_COMMON_NAME:
sz = name->fullName.cnLen;
pt = &name->fullName.fullName[name->fullName.cnIdx],
name->cnEntry.nid = name->fullName.cnNid;
break;
case 1:
name->cnEntry.value->length = name->fullName.cLen;
name->cnEntry.value->data = &name->fullName.fullName[name->fullName.cIdx];
case ASN_COUNTRY_NAME:
sz = name->fullName.cLen;
pt = &name->fullName.fullName[name->fullName.cIdx],
name->cnEntry.nid = name->fullName.cNid;
break;
case 2:
name->cnEntry.value->length = name->fullName.lLen;
name->cnEntry.value->data = &name->fullName.fullName[name->fullName.lIdx];
case ASN_LOCALITY_NAME:
sz = name->fullName.lLen;
pt = &name->fullName.fullName[name->fullName.lIdx];
name->cnEntry.nid = name->fullName.lNid;
break;
case 3:
name->cnEntry.value->length = name->fullName.stLen;
name->cnEntry.value->data = &name->fullName.fullName[name->fullName.stIdx];
case ASN_STATE_NAME:
sz = name->fullName.stLen;
pt = &name->fullName.fullName[name->fullName.stIdx];
name->cnEntry.nid = name->fullName.stNid;
break;
case 4:
name->cnEntry.value->length = name->fullName.oLen;
name->cnEntry.value->data = &name->fullName.fullName[name->fullName.oIdx];
case ASN_ORG_NAME:
sz = name->fullName.oLen;
pt = &name->fullName.fullName[name->fullName.oIdx];
name->cnEntry.nid = name->fullName.oNid;
break;
case 5:
name->cnEntry.value->length = name->fullName.ouLen;
name->cnEntry.value->data = &name->fullName.fullName[name->fullName.ouIdx];
case ASN_ORGUNIT_NAME:
sz = name->fullName.ouLen;
pt = &name->fullName.fullName[name->fullName.ouIdx];
name->cnEntry.nid = name->fullName.ouNid;
break;
case 6:
name->cnEntry.value->length = name->fullName.emailLen;
name->cnEntry.value->data = &name->fullName.fullName[name->fullName.emailIdx];
case ASN_EMAIL_NAME:
sz = name->fullName.emailLen;
pt = &name->fullName.fullName[name->fullName.emailIdx];
name->cnEntry.nid = name->fullName.emailNid;
break;
case 7:
name->cnEntry.value->length = name->fullName.snLen;
name->cnEntry.value->data = &name->fullName.fullName[name->fullName.snIdx];
case ASN_SUR_NAME:
sz = name->fullName.snLen;
pt = &name->fullName.fullName[name->fullName.snIdx];
name->cnEntry.nid = name->fullName.snNid;
break;
case 8:
name->cnEntry.value->length = name->fullName.uidLen;
name->cnEntry.value->data = &name->fullName.fullName[name->fullName.uidIdx];
case ASN_USER_ID:
sz = name->fullName.uidLen;
pt = &name->fullName.fullName[name->fullName.uidIdx];
name->cnEntry.nid = name->fullName.uidNid;
break;
case 9:
name->cnEntry.value->length = name->fullName.serialLen;
name->cnEntry.value->data = &name->fullName.fullName[name->fullName.serialIdx];
case ASN_SERIAL_NUMBER:
sz = name->fullName.serialLen;
pt = &name->fullName.fullName[name->fullName.serialIdx];
name->cnEntry.nid = name->fullName.serialNid;
break;
#ifdef WOLFSSL_CERT_EXT
case ASN_BUS_CAT:
sz = name->fullName.bcLen;
pt = &name->fullName.fullName[name->fullName.bcIdx];
break;
#endif
case ASN_DOMAIN_COMPONENT:
/* get index of DC i.e. first or second or ... case */
{
int idx = 0, i;
for (i = 0; i < loc; i++) {
if (name->fullName.loc[i] == ASN_DOMAIN_COMPONENT) {
idx++;
}
}
/* check that index is not larger than max buffer size or larger
* than the number of domain components parsed */
if (idx >= DOMAIN_COMPONENT_MAX || idx > name->fullName.dcNum) {
WOLFSSL_MSG("Index was larger then domain buffer");
return NULL;
}
pt = &name->fullName.fullName[name->fullName.dcIdx[idx]],
sz = name->fullName.dcLen[idx];
name->cnEntry.nid = ASN_DOMAIN_COMPONENT;
name->cnEntry.data.type = CTC_UTF8;
}
break;
default:
return NULL;
}
if (name->cnEntry.value->length == 0)
/* -1 to leave room for trailing terminator 0 */
if (sz == 0 || sz >= CTC_NAME_SIZE - 1)
return NULL;
if (wolfSSL_ASN1_STRING_set(name->cnEntry.value, pt, sz) !=
WOLFSSL_SUCCESS) {
WOLFSSL_MSG("Error setting local ASN1 string data");
return NULL;
}
name->cnEntry.value->type = CTC_UTF8;
name->cnEntry.set = 1;
return name;
}
@@ -32525,33 +32591,14 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
return NULL;
}
if (loc < 0 || loc > 9 + name->fullName.dcNum) {
if (loc < 0) {
WOLFSSL_MSG("Bad argument");
return NULL;
}
if (loc >= 0 && loc <= 9){
if (get_nameByLoc(name, loc) != NULL)
if (loc <= DN_NAMES_MAX + name->fullName.dcNum) {
if (wolfSSL_nameByLoc(name, loc) != NULL)
return &name->cnEntry;
}
/* DC component */
if (name->fullName.dcMode){
if (name->fullName.fullName != NULL){
if (loc == name->fullName.dcNum){
name->cnEntry.data.data = &name->fullName.fullName[name->fullName.cIdx];
name->cnEntry.data.length = name->fullName.cLen;
name->cnEntry.nid = ASN_COUNTRY_NAME;
} else {
name->cnEntry.data.data = &name->fullName.fullName[name->fullName.dcIdx[loc]];
name->cnEntry.data.length = name->fullName.dcLen[loc];
name->cnEntry.nid = ASN_DOMAIN_COMPONENT;
}
}
name->cnEntry.data.type = CTC_UTF8;
name->cnEntry.set = 1;
/* common name index case */
} else if (loc == name->fullName.cnIdx && name->x509 != NULL) {
/* get CN shortcut from x509 since it has null terminator */
name->cnEntry.data.data = name->x509->subjectCN;
@@ -32559,11 +32606,11 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
name->cnEntry.data.type = CTC_UTF8;
name->cnEntry.nid = ASN_COMMON_NAME;
name->cnEntry.set = 1;
return &name->cnEntry;
}
else
return NULL;
WOLFSSL_MSG("loc passed in is not in range of parsed DN's");
return &name->cnEntry;
return NULL;
}
#ifndef NO_WOLFSSL_STUB

148
tests/api.c
View File

@@ -22205,6 +22205,153 @@ static void test_wolfSSL_X509_check_ca(void){
#endif
}
static void test_wolfSSL_DC_cert(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) && \
defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_KEY_GEN) && \
defined(WOLFSSL_CERT_EXT)
Cert cert;
RsaKey key;
WC_RNG rng;
byte der[FOURK_BUF];
int certSz;
int ret, idx;
const byte mySerial[8] = {1,2,3,4,5,6,7,8};
const unsigned char* pt;
X509* x509;
X509_NAME* x509name;
X509_NAME_ENTRY* entry;
ASN1_STRING* entryValue;
CertName name;
printf(testingFmt, "wolfSSL Certs with DC");
XMEMSET(&name, 0, sizeof(CertName));
/* set up cert name */
XMEMCPY(name.country, "US", sizeof("US"));
name.countryEnc = CTC_PRINTABLE;
XMEMCPY(name.state, "Oregon", sizeof("Oregon"));
name.stateEnc = CTC_UTF8;
XMEMCPY(name.locality, "Portland", sizeof("Portland"));
name.localityEnc = CTC_UTF8;
XMEMCPY(name.sur, "Test", sizeof("Test"));
name.surEnc = CTC_UTF8;
XMEMCPY(name.org, "wolfSSL", sizeof("wolfSSL"));
name.orgEnc = CTC_UTF8;
XMEMCPY(name.unit, "Development", sizeof("Development"));
name.unitEnc = CTC_UTF8;
XMEMCPY(name.commonName, "www.wolfssl.com", sizeof("www.wolfssl.com"));
name.commonNameEnc = CTC_UTF8;
XMEMCPY(name.serialDev, "wolfSSL12345", sizeof("wolfSSL12345"));
name.serialDevEnc = CTC_PRINTABLE;
#ifdef WOLFSSL_MULTI_ATTRIB
#if CTC_MAX_ATTRIB > 2
{
NameAttrib* n;
n = &name.name[0];
n->id = ASN_DOMAIN_COMPONENT;
n->type = CTC_UTF8;
n->sz = sizeof("com");
XMEMCPY(n->value, "com", sizeof("com"));
n = &name.name[1];
n->id = ASN_DOMAIN_COMPONENT;
n->type = CTC_UTF8;
n->sz = sizeof("wolfssl");
XMEMCPY(n->value, "wolfssl", sizeof("wolfssl"));
}
#endif
#endif /* WOLFSSL_MULTI_ATTRIB */
AssertIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0);
#ifndef HAVE_FIPS
AssertIntEQ(wc_InitRng_ex(&rng, HEAP_HINT, devId), 0);
#else
AssertIntEQ(wc_InitRng(&rng), 0);
#endif
AssertIntEQ(wc_MakeRsaKey(&key, 1024, 3, &rng), 0);
XMEMSET(&cert, 0 , sizeof(Cert));
AssertIntEQ(wc_InitCert(&cert), 0);
XMEMCPY(&cert.subject, &name, sizeof(CertName));
XMEMCPY(cert.serial, mySerial, sizeof(mySerial));
cert.serialSz = (int)sizeof(mySerial);
cert.isCA = 1;
#ifndef NO_SHA256
cert.sigType = CTC_SHA256wRSA;
#else
cert.sigType = CTC_SHAwRSA;
#endif
/* add SKID from the Public Key */
AssertIntEQ(wc_SetSubjectKeyIdFromPublicKey(&cert, &key, NULL), 0);
/* add AKID from the Public Key */
AssertIntEQ(wc_SetAuthKeyIdFromPublicKey(&cert, &key, NULL), 0);
ret = 0;
do {
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
#endif
if (ret >= 0) {
ret = wc_MakeSelfCert(&cert, der, FOURK_BUF, &key, &rng);
}
} while (ret == WC_PENDING_E);
AssertIntGT(ret, 0);
certSz = ret;
/* der holds a certificate with DC's now check X509 parsing of it */
pt = der;
AssertNotNull(x509 = d2i_X509(NULL, &pt, certSz));
AssertNotNull(x509name = X509_get_subject_name(x509));
#ifdef WOLFSSL_MULTI_ATTRIB
AssertIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent,
-1)), 5);
AssertIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent,
idx)), 6);
AssertIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent,
idx)), -1);
#endif /* WOLFSSL_MULTI_ATTRIB */
/* compare DN at index 0 */
AssertNotNull(entry = X509_NAME_get_entry(x509name, 0));
AssertNotNull(entryValue = X509_NAME_ENTRY_get_data(entry));
AssertIntEQ(ASN1_STRING_length(entryValue), 2);
AssertStrEQ((const char*)ASN1_STRING_data(entryValue), "US");
#ifdef WOLFSSL_MULTI_ATTRIB
/* get first and second DC and compare result */
AssertIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent,
-1)), 5);
AssertNotNull(entry = X509_NAME_get_entry(x509name, idx));
AssertNotNull(entryValue = X509_NAME_ENTRY_get_data(entry));
AssertStrEQ((const char *)ASN1_STRING_data(entryValue), "com");
AssertIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent,
idx)), 6);
AssertNotNull(entry = X509_NAME_get_entry(x509name, idx));
AssertNotNull(entryValue = X509_NAME_ENTRY_get_data(entry));
AssertStrEQ((const char *)ASN1_STRING_data(entryValue), "wolfssl");
#endif /* WOLFSSL_MULTI_ATTRIB */
/* try invalid index locations for regression test and sanity check */
AssertNull(entry = X509_NAME_get_entry(x509name, 11));
AssertNull(entry = X509_NAME_get_entry(x509name, 20));
(void)idx;
X509_free(x509);
wc_FreeRsaKey(&key);
wc_FreeRng(&rng);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_get_version(void){
#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_RSA)
WOLFSSL_X509 *x509;
@@ -24547,6 +24694,7 @@ void ApiTest(void)
test_wolfSSL_ASN1_TIME_to_generalizedtime();
test_wolfSSL_i2c_ASN1_INTEGER();
test_wolfSSL_X509_check_ca();
test_wolfSSL_DC_cert();
test_wolfSSL_DES_ncbc();
test_wolfSSL_AES_cbc_encrypt();

29
wolfcrypt/src/asn.c
View File

@@ -4596,6 +4596,9 @@ static int GetName(DecodedCert* cert, int nameType)
DecodedName* dName =
(nameType == ISSUER) ? &cert->issuerName : &cert->subjectName;
int dcnum = 0;
#ifdef OPENSSL_EXTRA
int count = 0;
#endif
#endif /* OPENSSL_EXTRA */
WOLFSSL_MSG("Getting Cert Name");
@@ -4828,6 +4831,10 @@ static int GetName(DecodedCert* cert, int nameType)
#endif
XMEMCPY(&full[idx], &cert->source[cert->srcIdx], strLen);
idx += strLen;
#if defined(OPENSSL_EXTRA)
/* store order that DN was parsed */
dName->loc[count++] = id;
#endif
}
cert->srcIdx += strLen;
@@ -4898,6 +4905,10 @@ static int GetName(DecodedCert* cert, int nameType)
#endif
XMEMCPY(&full[idx], &cert->source[cert->srcIdx], strLen);
idx += strLen;
#if defined(OPENSSL_EXTRA)
/* store order that DN was parsed */
dName->loc[count++] = id;
#endif
}
cert->srcIdx += strLen;
@@ -4979,6 +4990,10 @@ static int GetName(DecodedCert* cert, int nameType)
if (!tooBig) {
XMEMCPY(&full[idx], &cert->source[cert->srcIdx], adv);
idx += adv;
#if defined(OPENSSL_EXTRA)
/* store order that DN was parsed */
dName->loc[count++] = ASN_EMAIL_NAME;
#endif
}
}
@@ -4996,6 +5011,11 @@ static int GetName(DecodedCert* cert, int nameType)
defined(OPENSSL_EXTRA_X509_SMALL)
dName->uidIdx = cert->srcIdx;
dName->uidLen = adv;
#ifdef OPENSSL_EXTRA
/* store order that DN was parsed */
dName->loc[count++] = ASN_USER_ID;
#endif
#endif /* OPENSSL_EXTRA */
break;
@@ -5008,6 +5028,11 @@ static int GetName(DecodedCert* cert, int nameType)
dName->dcLen[dcnum] = adv;
dName->dcNum = dcnum + 1;
dcnum++;
#ifdef OPENSSL_EXTRA
/* store order that DN was parsed */
dName->loc[count++] = ASN_DOMAIN_COMPONENT;
#endif
#endif /* OPENSSL_EXTRA */
break;
@@ -5024,6 +5049,10 @@ static int GetName(DecodedCert* cert, int nameType)
}
}
full[idx++] = 0;
#if defined(OPENSSL_EXTRA)
/* store order that DN was parsed */
dName->locSz = count;
#endif
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
{

2
wolfssl/ssl.h
View File

@@ -202,10 +202,12 @@ struct WOLFSSL_ASN1_TIME {
};
struct WOLFSSL_ASN1_STRING {
char strData[CTC_NAME_SIZE];
int length;
int type; /* type of string i.e. CTC_UTF8 */
char* data;
long flags;
unsigned int isDynamic:1; /* flag for if data pointer dynamic (1 is yes 0 is no) */
};
#define WOLFSSL_MAX_SNAME 40

17
wolfssl/wolfcrypt/asn.h
View File

@@ -214,11 +214,15 @@ enum ECC_TYPES
#define ASN_JOI_ST 0x2
#ifndef WC_ASN_NAME_MAX
#define WC_ASN_NAME_MAX 256
#ifdef OPENSSL_EXTRA
#define WC_ASN_NAME_MAX 300
#else
#define WC_ASN_NAME_MAX 256
#endif
#endif
#define ASN_NAME_MAX WC_ASN_NAME_MAX
enum Misc_ASN {
ASN_NAME_MAX = WC_ASN_NAME_MAX,
MAX_SALT_SIZE = 64, /* MAX PKCS Salt length */
MAX_IV_SIZE = 64, /* MAX PKCS Iv length */
ASN_BOOL_SIZE = 2, /* including type */
@@ -538,6 +542,7 @@ struct Base_entry {
};
#define DOMAIN_COMPONENT_MAX 10
#define DN_NAMES_MAX 9
struct DecodedName {
char* fullName;
@@ -585,6 +590,14 @@ struct DecodedName {
int dcLen[DOMAIN_COMPONENT_MAX];
int dcNum;
int dcMode;
#ifdef OPENSSL_EXTRA
/* hold the location / order with which each of the DN tags was found
*
* example of ASN_DOMAIN_COMPONENT at index 0 if first found and so on.
*/
int loc[DOMAIN_COMPONENT_MAX + DN_NAMES_MAX];
int locSz;
#endif
};
enum SignatureState {

3
wolfssl/wolfcrypt/memory.h
View File

@@ -101,6 +101,9 @@ WOLFSSL_API int wolfSSL_GetAllocators(wolfSSL_Malloc_cb*,
#ifndef SESSION_CERTS
/* default size of chunks of memory to separate into */
#define WOLFMEM_BUCKETS 64,128,256,512,1024,2432,3456,4544,16128
#elif defined (OPENSSL_EXTRA)
/* extra storage in structs for multiple attributes and order */
#define WOLFMEM_BUCKETS 64,128,256,512,1024,2432,3360,4480,25520
#elif defined (WOLFSSL_CERT_EXT)
/* certificate extensions requires 24k for the SSL struct */
#define WOLFMEM_BUCKETS 64,128,256,512,1024,2432,3456,4544,24576