Fix for wc_SetAltNamesBuffer broken in PR #2728. The SetAltNames was changed in PR 2728 to rebuild the SAN OID, so only the flattened list of DNS entries is required. Fix is in SetAltNamesFromDcert to use already has a parsed DecodedCert and flatten the alt names DNS_Entry list. ZD 11381

2025-08-03 12:44:45 +02:00 · 2020-12-16 12:28:28 -08:00
parent 5f30727b32
commit 51c3f87811
1 changed files with 8 additions and 61 deletions
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -14822,67 +14822,14 @@ int wc_SetExtKeyUsageOID(Cert *cert, const char *in, word32 sz, byte idx,
 static int SetAltNamesFromDcert(Cert* cert, DecodedCert* decoded)
 {
    int ret = 0;
    byte tag;
-    if (decoded->extensions) {
+    cert->altNamesSz = 0;
-        int    length;
+    if (decoded->altNames) {
-        word32 maxExtensionsIdx;
+        ret = FlattenAltNames(cert->altNames,
-
+            sizeof(cert->altNames), decoded->altNames);
-        decoded->srcIdx = decoded->extensionsIdx;
+        if (ret >= 0) {
-        if (GetASNTag(decoded->source, &decoded->srcIdx, &tag, decoded->maxIdx)
+            cert->altNamesSz = ret;
-                != 0) {
+            ret = 0;
            return ASN_PARSE_E;
        }
        if (tag != ASN_EXTENSIONS) {
            ret = ASN_PARSE_E;
        }
        else if (GetLength(decoded->source, &decoded->srcIdx, &length,
                                                         decoded->maxIdx) < 0) {
            ret = ASN_PARSE_E;
        }
        else if (GetSequence(decoded->source, &decoded->srcIdx, &length,
                                                         decoded->maxIdx) < 0) {
            ret = ASN_PARSE_E;
        }
        else {
            maxExtensionsIdx = decoded->srcIdx + length;
            while (decoded->srcIdx < maxExtensionsIdx) {
                word32 oid;
                word32 startIdx = decoded->srcIdx;
                word32 tmpIdx;
                if (GetSequence(decoded->source, &decoded->srcIdx, &length,
                            decoded->maxIdx) < 0) {
                    ret = ASN_PARSE_E;
                    break;
                }
                tmpIdx = decoded->srcIdx;
                decoded->srcIdx = startIdx;
                if (GetAlgoId(decoded->source, &decoded->srcIdx, &oid,
                              oidCertExtType, decoded->maxIdx) < 0) {
                    ret = ASN_PARSE_E;
                    break;
                }
                if (oid == ALT_NAMES_OID) {
                    cert->altNamesSz = length + (tmpIdx - startIdx);
                    if (cert->altNamesSz < (int)sizeof(cert->altNames))
                        XMEMCPY(cert->altNames, &decoded->source[startIdx],
                                cert->altNamesSz);
                    else {
                        cert->altNamesSz = 0;
                        WOLFSSL_MSG("AltNames extensions too big");
                        ret = ALT_NAME_E;
                        break;
                    }
                }
                decoded->srcIdx = tmpIdx + length;
            }
        }
    }
@@ -15294,7 +15241,7 @@ int wc_SetAltNamesBuffer(Cert* cert, const byte* der, int derSz)
    int ret = 0;
    if (cert == NULL) {
-     ret = BAD_FUNC_ARG;
+       ret = BAD_FUNC_ARG;
    }
    else {
        /* Check if decodedCert is cached */