wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 18:57:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

Cleanup mess of ASN_NAME_MAX.

Browse Source
This commit is contained in:
David Garske
2022-02-24 13:56:08 -08:00
parent a2381ba954
commit ae1072afad
5 changed files with 35 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
wolfcrypt/src/asn.c
View File

@ -11127,7 +11127,7 @@ static int GetRDN(DecodedCert* cert, char* full, word32* idx, int* nid,
if (ret == 0) {
/* Check there is space for this in the full name string and
* terminating NUL character. */
if ((typeStrLen + strLen) < (word32)(ASN_NAME_MAX - *idx))
if ((typeStrLen + strLen) < (word32)(WC_ASN_NAME_MAX - *idx))
{
/* Add RDN to full string. */
XMEMCPY(&full[*idx], typeStr, typeStrLen);
@ -11525,7 +11525,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
#endif /* OPENSSL_EXTRA */
}
if ((strLen + copyLen) > (int)(ASN_NAME_MAX - idx)) {
if ((strLen + copyLen) > (int)(WC_ASN_NAME_MAX - idx)) {
WOLFSSL_MSG("ASN Name too big, skipping");
tooBig = TRUE;
}
@ -11559,14 +11559,14 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
return ASN_PARSE_E;
}
if (strLen > (int)(ASN_NAME_MAX - idx)) {
if (strLen > (int)(WC_ASN_NAME_MAX - idx)) {
WOLFSSL_MSG("ASN name too big, skipping");
tooBig = TRUE;
}
if (email) {
copyLen = sizeof(WOLFSSL_EMAIL_ADDR) - 1;
if ((copyLen + strLen) > (int)(ASN_NAME_MAX - idx)) {
if ((copyLen + strLen) > (int)(WC_ASN_NAME_MAX - idx)) {
WOLFSSL_MSG("ASN name too big, skipping");
tooBig = TRUE;
}
@ -11664,7 +11664,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
}
}
}
if ((copyLen + strLen) > (int)(ASN_NAME_MAX - idx))
if ((copyLen + strLen) > (int)(WC_ASN_NAME_MAX - idx))
{
WOLFSSL_MSG("ASN Name too big, skipping");
tooBig = TRUE;
@ -11707,14 +11707,14 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
if (nameType == ISSUER) {
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY)) && \
(defined(HAVE_PKCS7) || defined(WOLFSSL_CERT_EXT))
dName->rawLen = min(cert->issuerRawLen, ASN_NAME_MAX);
dName->rawLen = min(cert->issuerRawLen, WC_ASN_NAME_MAX);
XMEMCPY(dName->raw, cert->issuerRaw, dName->rawLen);
#endif
cert->issuerName = dName;
}
else {
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX)
dName->rawLen = min(cert->subjectRawLen, ASN_NAME_MAX);
dName->rawLen = min(cert->subjectRawLen, WC_ASN_NAME_MAX);
XMEMCPY(dName->raw, cert->subjectRaw, dName->rawLen);
#endif
cert->subjectName = dName;
@ -11838,14 +11838,14 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
defined(HAVE_LIGHTY)) && \
(defined(HAVE_PKCS7) || defined(WOLFSSL_CERT_EXT))
dName->rawLen = min(cert->issuerRawLen, ASN_NAME_MAX);
dName->rawLen = min(cert->issuerRawLen, WC_ASN_NAME_MAX);
XMEMCPY(dName->raw, cert->issuerRaw, dName->rawLen);
#endif
cert->issuerName = dName;
}
else {
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX)
dName->rawLen = min(cert->subjectRawLen, ASN_NAME_MAX);
dName->rawLen = min(cert->subjectRawLen, WC_ASN_NAME_MAX);
XMEMCPY(dName->raw, cert->subjectRaw, dName->rawLen);
#endif
cert->subjectName = dName;
@ -20880,8 +20880,8 @@ typedef struct DerCert {
byte version[MAX_VERSION_SZ]; /* version encoded */
byte serial[(int)CTC_SERIAL_SIZE + (int)MAX_LENGTH_SZ]; /* serial number encoded */
byte sigAlgo[MAX_ALGO_SZ]; /* signature algo encoded */
byte issuer[ASN_NAME_MAX]; /* issuer encoded */
byte subject[ASN_NAME_MAX]; /* subject encoded */
byte issuer[WC_ASN_NAME_MAX]; /* issuer encoded */
byte subject[WC_ASN_NAME_MAX]; /* subject encoded */
byte validity[MAX_DATE_SIZE*2 + MAX_SEQ_SZ*2]; /* before and after dates */
byte publicKey[MAX_PUBLIC_KEY_SZ]; /* rsa public key encoded */
byte ca[MAX_CA_SZ]; /* basic constraint CA true size */
@ -23017,11 +23017,11 @@ int SetNameEx(byte* output, word32 outputSz, CertName* name, void* heap)
/* header */
idx = SetSequence(totalBytes, output);
totalBytes += idx;
if (totalBytes > ASN_NAME_MAX) {
if (totalBytes > WC_ASN_NAME_MAX) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
WOLFSSL_MSG("Total Bytes is greater than ASN_NAME_MAX");
WOLFSSL_MSG("Total Bytes is greater than WC_ASN_NAME_MAX");
return BUFFER_E;
}
@ -24549,7 +24549,7 @@ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz,
#endif
{
/* Calcuate issuer name encoding size. */
issuerSz = SetNameEx(NULL, ASN_NAME_MAX, &cert->issuer, cert->heap);
issuerSz = SetNameEx(NULL, WC_ASN_NAME_MAX, &cert->issuer, cert->heap);
ret = issuerSz;
}
}
@ -24565,7 +24565,7 @@ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz,
#endif
{
/* Calcuate subject name encoding size. */
subjectSz = SetNameEx(NULL, ASN_NAME_MAX, &cert->subject, cert->heap);
subjectSz = SetNameEx(NULL, WC_ASN_NAME_MAX, &cert->subject, cert->heap);
ret = subjectSz;
}
}
@ -25385,7 +25385,7 @@ static int MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz,
else
#endif
{
subjectSz = SetNameEx(NULL, ASN_NAME_MAX, &cert->subject, cert->heap);
subjectSz = SetNameEx(NULL, WC_ASN_NAME_MAX, &cert->subject, cert->heap);
ret = subjectSz;
}
}

13
wolfssl/internal.h
View File

@ -3812,7 +3812,18 @@ typedef struct Arrays {
} Arrays;
#ifndef ASN_NAME_MAX
#define ASN_NAME_MAX 256
#ifndef NO_ASN
/* use value from asn.h */
#define ASN_NAME_MAX WC_ASN_NAME_MAX
#else
/* calculate for WOLFSSL_X509 */
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
defined(WOLFSSL_CERT_EXT)
#define ASN_NAME_MAX 330
#else
#define ASN_NAME_MAX 256
#endif
#endif
#endif
#ifndef MAX_DATE_SZ

8
wolfssl/test.h
View File

@ -20,10 +20,7 @@
#include <wolfssl/wolfcrypt/random.h>
#include <wolfssl/wolfcrypt/mem_track.h>
#include <wolfssl/wolfio.h>
#if defined(SHOW_CERTS) && \
(defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
#include <wolfssl/wolfcrypt/asn.h> /* for domain component NID value */
#endif
#include <wolfssl/wolfcrypt/asn.h>
#ifdef ATOMIC_USER
#include <wolfssl/wolfcrypt/aes.h>
@ -31,7 +28,6 @@
#include <wolfssl/wolfcrypt/hmac.h>
#endif
#ifdef HAVE_PK_CALLBACKS
#include <wolfssl/wolfcrypt/asn.h>
#ifndef NO_RSA
#include <wolfssl/wolfcrypt/rsa.h>
#endif
@ -1053,7 +1049,7 @@ static WC_INLINE void ShowX509Ex(WOLFSSL_X509* x509, const char* hdr,
#if defined(SHOW_CERTS) && defined(OPENSSL_EXTRA)
{
WOLFSSL_BIO* bio;
char buf[256]; /* should be size of ASN_NAME_MAX */
char buf[WC_ASN_NAME_MAX];
int textSz;
/* print out domain component if certificate has it */

8
wolfssl/wolfcrypt/asn.h
View File

@ -840,13 +840,13 @@ enum ECC_TYPES
#define ASN_JOI_ST 0x2
#ifndef WC_ASN_NAME_MAX
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
defined(WOLFSSL_CERT_EXT)
#define WC_ASN_NAME_MAX 330
#else
#define WC_ASN_NAME_MAX 256
#endif
#endif
#define ASN_NAME_MAX WC_ASN_NAME_MAX
enum Misc_ASN {
MAX_SALT_SIZE = 64, /* MAX PKCS Salt length */
@ -1487,8 +1487,8 @@ struct DecodedCert {
char* subjectCN; /* CommonName */
int subjectCNLen; /* CommonName Length */
char subjectCNEnc; /* CommonName Encoding */
char issuer[ASN_NAME_MAX]; /* full name including common name */
char subject[ASN_NAME_MAX]; /* full name including common name */
char issuer[WC_ASN_NAME_MAX]; /* full name including common name */
char subject[WC_ASN_NAME_MAX];/* full name including common name */
int verify; /* Default to yes, but could be off */
const byte* source; /* byte buffer holder cert, NOT owner */
word32 srcIdx; /* current offset into buffer */

2
wolfssl/wolfcrypt/pkcs7.h
View File

@ -156,7 +156,7 @@ enum Pkcs7_Misc {
MAX_CONTENT_BLOCK_LEN = DES_BLOCK_SIZE,
#endif
MAX_RECIP_SZ = MAX_VERSION_SZ +
MAX_SEQ_SZ + ASN_NAME_MAX + MAX_SN_SZ +
MAX_SEQ_SZ + WC_ASN_NAME_MAX + MAX_SN_SZ +
MAX_SEQ_SZ + MAX_ALGO_SZ + 1 + MAX_ENCRYPTED_KEY_SZ,
};