Merge pull request #4098 from SparkiDev/san_hw_name_fix

Certs: fix leak when multiple hardware names in SAN
2021-06-11 08:25:28 -07:00
parent 89156908da e76ae2b8ac
commit b28aab4cf9
1 changed files with 8 additions and 0 deletions
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -8584,6 +8584,14 @@ static int DecodeAltNames(const byte* input, int sz, DecodedCert* cert)
                return ASN_PARSE_E;
            }

+            /* Certiciates issued with this OID in the subject alt name are for
+             * verifying signatures created on a module.
+             * RFC 4108 Section 5. */
+            if (cert->hwType != NULL) {
+                WOLFSSL_MSG("\tAlready seen Hardware Module Name");
+                return ASN_PARSE_E;
+            }
+
            if (GetASNTag(input, &idx, &tag, sz) < 0) {
                return ASN_PARSE_E;
            }