wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-03 12:44:45 +02:00
Code Issues Packages Projects Releases Wiki Activity

RFC 5280 Appendix A.1 states that the Country Name in a certificate

Browse Source 
shall have a size of 2 octets. Restrict country name length to 2 or 0.
This commit is contained in:
John Safranek
2016-05-18 10:39:18 -07:00
parent b8c0802e3c
commit 03e6f7cca3
2 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
wolfcrypt/src/asn.c
View File

@@ -6712,6 +6712,14 @@ static int SetName(byte* output, word32 outputSz, CertName* name)
int thisLen = strLen; int thisLen = strLen;
int firstSz, secondSz, seqSz, setSz; int firstSz, secondSz, seqSz, setSz;
/* Restrict country code size */
if (i == 0) {
if (strLen >= CTC_COUNTRY_SIZE)
strLen = CTC_COUNTRY_SIZE;
else
strLen = 0;
}
if (strLen == 0) { /* no user data for this item */ if (strLen == 0) { /* no user data for this item */
names[i].used = 0; names[i].used = 0;
continue; continue;

1
wolfssl/wolfcrypt/asn_public.h
View File

@@ -77,6 +77,7 @@ enum Ctc_Encoding {
}; };
enum Ctc_Misc { enum Ctc_Misc {
CTC_COUNTRY_SIZE = 2,
CTC_NAME_SIZE = 64, CTC_NAME_SIZE = 64,
CTC_DATE_SIZE = 32, CTC_DATE_SIZE = 32,
CTC_MAX_ALT_SIZE = 16384, /* may be huge */ CTC_MAX_ALT_SIZE = 16384, /* may be huge */