From cdfdefe9afd9a480b11a05b823d4881198994d8c Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Sun, 22 May 2022 14:09:14 -0700 Subject: [PATCH] improve checking on UUID getter function --- wolfcrypt/src/asn.c | 36 ++++++++++++++++++++++++------------ wolfssl/wolfcrypt/asn.h | 4 ++++ 2 files changed, 28 insertions(+), 12 deletions(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 0dac03e07..2bb458466 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -21116,20 +21116,32 @@ int wc_GetUUIDFromCert(struct DecodedCert* cert, byte* uuid, word32* uuidSz) int ret = ALT_NAME_E; DNS_entry* id = NULL; - id = wc_GetAltName(cert, ASN_URI_TYPE, id); - if (id != NULL) { - if (uuid == NULL) { - *uuidSz = id->len; - return LENGTH_ONLY_E; - } + do { + id = wc_GetAltName(cert, ASN_URI_TYPE, id); + if (id != NULL) { + /* check if URI string matches expected format for UUID */ + if (id->len != DEFAULT_UUID_SZ) { + continue; /* size not right not a UUID URI */ + } - if ((int)*uuidSz < id->len) { - return BUFFER_E; - } + if (XMEMCMP(id->name, "urn:uuid:", 9) != 0) { + continue; /* beginning text not right for a UUID URI */ + } - XMEMCPY(uuid, id->name, id->len); - ret = 0; /* success */ - } + if (uuid == NULL) { + *uuidSz = id->len; + return LENGTH_ONLY_E; + } + + if ((int)*uuidSz < id->len) { + return BUFFER_E; + } + + XMEMCPY(uuid, id->name, id->len); + ret = 0; /* success */ + break; + } + } while (id != NULL); return ret; } diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index cdb481d81..6c053e8fc 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -1293,6 +1293,10 @@ struct DNS_entry { #endif }; +#ifdef WOLFSSL_FPKI + /* RFC4122 i.e urn:uuid:f81d4fae-7dec-11d0-a765-00a0c91e6bf6 */ + #define DEFAULT_UUID_SZ 45 +#endif typedef struct Base_entry Base_entry;