set initial NID value and account for null character on string

2020-07-12 19:54:50 -06:00
parent 2aaeb2a2df
commit eec5f4a109
2 changed files with 22 additions and 11 deletions
--- a/src/ssl.c
+++ b/src/ssl.c
@ -20410,7 +20410,7 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b)
        }

        if (dataSz < 0) {
-            sz = (int)XSTRLEN((const char*)data) + 1; /* +1 for null */
+            sz = (int)XSTRLEN((const char*)data);
        }
        else {
            sz = dataSz;
@ -20426,9 +20426,9 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b)
            asn1->data = NULL;
        }

-        if (sz > CTC_NAME_SIZE) {
-            /* create new data buffer and copy over */
-            asn1->data = (char*)XMALLOC(sz, NULL, DYNAMIC_TYPE_OPENSSL);
+        if (sz + 1 > CTC_NAME_SIZE) {
+            /* create new data buffer and copy over  +1 for null */
+            asn1->data = (char*)XMALLOC(sz + 1, NULL, DYNAMIC_TYPE_OPENSSL);
            if (asn1->data == NULL) {
                return WOLFSSL_FAILURE;
            }
@ -37917,6 +37917,12 @@ err:
    }


+    /* Creates a new entry given the NID, type, and data
+     * "dataSz" is number of bytes in data, if set to -1 then XSTRLEN is used
+     * "out" can be used to store the new entry data in an existing structure
+     *       if NULL then a new WOLFSSL_X509_NAME_ENTRY structure is created
+     * returns a pointer to WOLFSSL_X509_NAME_ENTRY on success and NULL on fail
+     */
    WOLFSSL_X509_NAME_ENTRY* wolfSSL_X509_NAME_ENTRY_create_by_NID(
            WOLFSSL_X509_NAME_ENTRY** out, int nid, int type,
            const unsigned char* data, int dataSz)
@ -38139,7 +38145,8 @@ err:
    {
        int ret;
        WOLFSSL_X509_NAME_ENTRY* entry;
-        entry = wolfSSL_X509_NAME_ENTRY_create_by_NID(NULL, nid, type, bytes, len);
+        entry = wolfSSL_X509_NAME_ENTRY_create_by_NID(NULL, nid, type, bytes,
+                len);
        if (entry == NULL)
            return WOLFSSL_FAILURE;
        ret = wolfSSL_X509_NAME_add_entry(name, entry, loc, set);
@ -47382,8 +47389,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_AutoPrivateKey(WOLFSSL_EVP_PKEY** pkey,
 }
 #endif

-#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
-    defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ)
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 /* unlike wolfSSL_X509_NAME_dup this does not malloc a duplicate, only deep
 * copy. "to" is expected to be a fresh blank name, if not pointers could be
 * lost */
@ -47543,7 +47549,7 @@ int wolfSSL_X509_set_version(WOLFSSL_X509* x509, long v)
    return WOLFSSL_SUCCESS;
 }

-#endif /* OPENSSL_EXTRA && !NO_CERTS && WOLFSSL_CERT_GEN && WOLFSSL_CERT_REQ */
+#endif /* (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) && WOLFSSL_CERT_GEN */

 #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
    defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ)
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@ -5551,7 +5551,7 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
    byte   tag;
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
    WOLFSSL_X509_NAME* dName;
-    int    nid;
+    int    nid = NID_undef;
 #endif /* OPENSSL_EXTRA */

    WOLFSSL_MSG("Getting Cert Name");
@ -12508,6 +12508,7 @@ static int wc_EncodeName(EncodedName* name, const char* nameStr, char nameType,

        /* Restrict country code size */
        if (ASN_COUNTRY_NAME == type && strLen != CTC_COUNTRY_SIZE) {
+            WOLFSSL_MSG("Country code size error");
            return ASN_COUNTRY_SIZE_E;
        }

@ -12640,9 +12641,10 @@ int SetName(byte* output, word32 outputSz, CertName* name)
                          GetCertNameId(i));
        if (ret < 0) {
        #ifdef WOLFSSL_SMALL_STACK
-                XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+            XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER);
        #endif
-                return BUFFER_E;
+            WOLFSSL_MSG("EncodeName failed");
+            return BUFFER_E;
        }
        totalBytes += ret;
    }
@ -12656,6 +12658,7 @@ int SetName(byte* output, word32 outputSz, CertName* name)
            #ifdef WOLFSSL_SMALL_STACK
                XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER);
            #endif
+                WOLFSSL_MSG("EncodeName on multiple attributes failed\n");
                return BUFFER_E;
            }
            totalBytes += ret;
@ -12673,6 +12676,7 @@ int SetName(byte* output, word32 outputSz, CertName* name)
 #ifdef WOLFSSL_SMALL_STACK
        XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
+        WOLFSSL_MSG("Total Bytes is greater than ASN_NAME_MAX");
        return BUFFER_E;
    }

@ -12689,6 +12693,7 @@ int SetName(byte* output, word32 outputSz, CertName* name)
                    #ifdef WOLFSSL_SMALL_STACK
                        XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER);
                    #endif
+                        WOLFSSL_MSG("Not enough space left for DC value");
                        return BUFFER_E;
                    }