From ae1072afad102b37d8190b8944d5023b3a9ef5fc Mon Sep 17 00:00:00 2001 From: David Garske Date: Thu, 24 Feb 2022 13:56:08 -0800 Subject: [PATCH] Cleanup mess of `ASN_NAME_MAX`. --- wolfcrypt/src/asn.c | 32 ++++++++++++++++---------------- wolfssl/internal.h | 13 ++++++++++++- wolfssl/test.h | 8 ++------ wolfssl/wolfcrypt/asn.h | 8 ++++---- wolfssl/wolfcrypt/pkcs7.h | 2 +- 5 files changed, 35 insertions(+), 28 deletions(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 055a54109..9cc42cfa4 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -11127,7 +11127,7 @@ static int GetRDN(DecodedCert* cert, char* full, word32* idx, int* nid, if (ret == 0) { /* Check there is space for this in the full name string and * terminating NUL character. */ - if ((typeStrLen + strLen) < (word32)(ASN_NAME_MAX - *idx)) + if ((typeStrLen + strLen) < (word32)(WC_ASN_NAME_MAX - *idx)) { /* Add RDN to full string. */ XMEMCPY(&full[*idx], typeStr, typeStrLen); @@ -11525,7 +11525,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, #endif /* OPENSSL_EXTRA */ } - if ((strLen + copyLen) > (int)(ASN_NAME_MAX - idx)) { + if ((strLen + copyLen) > (int)(WC_ASN_NAME_MAX - idx)) { WOLFSSL_MSG("ASN Name too big, skipping"); tooBig = TRUE; } @@ -11559,14 +11559,14 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, return ASN_PARSE_E; } - if (strLen > (int)(ASN_NAME_MAX - idx)) { + if (strLen > (int)(WC_ASN_NAME_MAX - idx)) { WOLFSSL_MSG("ASN name too big, skipping"); tooBig = TRUE; } if (email) { copyLen = sizeof(WOLFSSL_EMAIL_ADDR) - 1; - if ((copyLen + strLen) > (int)(ASN_NAME_MAX - idx)) { + if ((copyLen + strLen) > (int)(WC_ASN_NAME_MAX - idx)) { WOLFSSL_MSG("ASN name too big, skipping"); tooBig = TRUE; } @@ -11664,7 +11664,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, } } } - if ((copyLen + strLen) > (int)(ASN_NAME_MAX - idx)) + if ((copyLen + strLen) > (int)(WC_ASN_NAME_MAX - idx)) { WOLFSSL_MSG("ASN Name too big, skipping"); tooBig = TRUE; @@ -11707,14 +11707,14 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, if (nameType == ISSUER) { #if (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY)) && \ (defined(HAVE_PKCS7) || defined(WOLFSSL_CERT_EXT)) - dName->rawLen = min(cert->issuerRawLen, ASN_NAME_MAX); + dName->rawLen = min(cert->issuerRawLen, WC_ASN_NAME_MAX); XMEMCPY(dName->raw, cert->issuerRaw, dName->rawLen); #endif cert->issuerName = dName; } else { #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) - dName->rawLen = min(cert->subjectRawLen, ASN_NAME_MAX); + dName->rawLen = min(cert->subjectRawLen, WC_ASN_NAME_MAX); XMEMCPY(dName->raw, cert->subjectRaw, dName->rawLen); #endif cert->subjectName = dName; @@ -11838,14 +11838,14 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, #if (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \ defined(HAVE_LIGHTY)) && \ (defined(HAVE_PKCS7) || defined(WOLFSSL_CERT_EXT)) - dName->rawLen = min(cert->issuerRawLen, ASN_NAME_MAX); + dName->rawLen = min(cert->issuerRawLen, WC_ASN_NAME_MAX); XMEMCPY(dName->raw, cert->issuerRaw, dName->rawLen); #endif cert->issuerName = dName; } else { #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) - dName->rawLen = min(cert->subjectRawLen, ASN_NAME_MAX); + dName->rawLen = min(cert->subjectRawLen, WC_ASN_NAME_MAX); XMEMCPY(dName->raw, cert->subjectRaw, dName->rawLen); #endif cert->subjectName = dName; @@ -20880,8 +20880,8 @@ typedef struct DerCert { byte version[MAX_VERSION_SZ]; /* version encoded */ byte serial[(int)CTC_SERIAL_SIZE + (int)MAX_LENGTH_SZ]; /* serial number encoded */ byte sigAlgo[MAX_ALGO_SZ]; /* signature algo encoded */ - byte issuer[ASN_NAME_MAX]; /* issuer encoded */ - byte subject[ASN_NAME_MAX]; /* subject encoded */ + byte issuer[WC_ASN_NAME_MAX]; /* issuer encoded */ + byte subject[WC_ASN_NAME_MAX]; /* subject encoded */ byte validity[MAX_DATE_SIZE*2 + MAX_SEQ_SZ*2]; /* before and after dates */ byte publicKey[MAX_PUBLIC_KEY_SZ]; /* rsa public key encoded */ byte ca[MAX_CA_SZ]; /* basic constraint CA true size */ @@ -23017,11 +23017,11 @@ int SetNameEx(byte* output, word32 outputSz, CertName* name, void* heap) /* header */ idx = SetSequence(totalBytes, output); totalBytes += idx; - if (totalBytes > ASN_NAME_MAX) { + if (totalBytes > WC_ASN_NAME_MAX) { #ifdef WOLFSSL_SMALL_STACK XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif - WOLFSSL_MSG("Total Bytes is greater than ASN_NAME_MAX"); + WOLFSSL_MSG("Total Bytes is greater than WC_ASN_NAME_MAX"); return BUFFER_E; } @@ -24549,7 +24549,7 @@ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz, #endif { /* Calcuate issuer name encoding size. */ - issuerSz = SetNameEx(NULL, ASN_NAME_MAX, &cert->issuer, cert->heap); + issuerSz = SetNameEx(NULL, WC_ASN_NAME_MAX, &cert->issuer, cert->heap); ret = issuerSz; } } @@ -24565,7 +24565,7 @@ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz, #endif { /* Calcuate subject name encoding size. */ - subjectSz = SetNameEx(NULL, ASN_NAME_MAX, &cert->subject, cert->heap); + subjectSz = SetNameEx(NULL, WC_ASN_NAME_MAX, &cert->subject, cert->heap); ret = subjectSz; } } @@ -25385,7 +25385,7 @@ static int MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz, else #endif { - subjectSz = SetNameEx(NULL, ASN_NAME_MAX, &cert->subject, cert->heap); + subjectSz = SetNameEx(NULL, WC_ASN_NAME_MAX, &cert->subject, cert->heap); ret = subjectSz; } } diff --git a/wolfssl/internal.h b/wolfssl/internal.h index fa0b911f6..63045e0ad 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -3812,7 +3812,18 @@ typedef struct Arrays { } Arrays; #ifndef ASN_NAME_MAX -#define ASN_NAME_MAX 256 + #ifndef NO_ASN + /* use value from asn.h */ + #define ASN_NAME_MAX WC_ASN_NAME_MAX + #else + /* calculate for WOLFSSL_X509 */ + #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ + defined(WOLFSSL_CERT_EXT) + #define ASN_NAME_MAX 330 + #else + #define ASN_NAME_MAX 256 + #endif + #endif #endif #ifndef MAX_DATE_SZ diff --git a/wolfssl/test.h b/wolfssl/test.h index 37cc736f4..d0abe2dfd 100644 --- a/wolfssl/test.h +++ b/wolfssl/test.h @@ -20,10 +20,7 @@ #include #include #include -#if defined(SHOW_CERTS) && \ - (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) - #include /* for domain component NID value */ -#endif +#include #ifdef ATOMIC_USER #include @@ -31,7 +28,6 @@ #include #endif #ifdef HAVE_PK_CALLBACKS - #include #ifndef NO_RSA #include #endif @@ -1053,7 +1049,7 @@ static WC_INLINE void ShowX509Ex(WOLFSSL_X509* x509, const char* hdr, #if defined(SHOW_CERTS) && defined(OPENSSL_EXTRA) { WOLFSSL_BIO* bio; - char buf[256]; /* should be size of ASN_NAME_MAX */ + char buf[WC_ASN_NAME_MAX]; int textSz; /* print out domain component if certificate has it */ diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 18b85542c..a2b207a1f 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -840,13 +840,13 @@ enum ECC_TYPES #define ASN_JOI_ST 0x2 #ifndef WC_ASN_NAME_MAX - #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ + defined(WOLFSSL_CERT_EXT) #define WC_ASN_NAME_MAX 330 #else #define WC_ASN_NAME_MAX 256 #endif #endif -#define ASN_NAME_MAX WC_ASN_NAME_MAX enum Misc_ASN { MAX_SALT_SIZE = 64, /* MAX PKCS Salt length */ @@ -1487,8 +1487,8 @@ struct DecodedCert { char* subjectCN; /* CommonName */ int subjectCNLen; /* CommonName Length */ char subjectCNEnc; /* CommonName Encoding */ - char issuer[ASN_NAME_MAX]; /* full name including common name */ - char subject[ASN_NAME_MAX]; /* full name including common name */ + char issuer[WC_ASN_NAME_MAX]; /* full name including common name */ + char subject[WC_ASN_NAME_MAX];/* full name including common name */ int verify; /* Default to yes, but could be off */ const byte* source; /* byte buffer holder cert, NOT owner */ word32 srcIdx; /* current offset into buffer */ diff --git a/wolfssl/wolfcrypt/pkcs7.h b/wolfssl/wolfcrypt/pkcs7.h index 4f24e8183..8e332e54e 100644 --- a/wolfssl/wolfcrypt/pkcs7.h +++ b/wolfssl/wolfcrypt/pkcs7.h @@ -156,7 +156,7 @@ enum Pkcs7_Misc { MAX_CONTENT_BLOCK_LEN = DES_BLOCK_SIZE, #endif MAX_RECIP_SZ = MAX_VERSION_SZ + - MAX_SEQ_SZ + ASN_NAME_MAX + MAX_SN_SZ + + MAX_SEQ_SZ + WC_ASN_NAME_MAX + MAX_SN_SZ + MAX_SEQ_SZ + MAX_ALGO_SZ + 1 + MAX_ENCRYPTED_KEY_SZ, };