ASN template: replicate AddAltName change in template code

2025-07-29 18:27:29 +02:00 · 2021-10-05 16:29:11 +10:00
parent 0bee624ee5
commit dfbdcf9400
1 changed files with 67 additions and 23 deletions
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@ -10415,9 +10415,26 @@ static int SetDNSEntry(DecodedCert* cert, const char* str, int strLen,
        XMEMCPY(dnsEntry->name, str, strLen);
        dnsEntry->name[strLen] = '\0';

+    #if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_ALT_NAMES_NO_REV)
+        dnsEntry->next = NULL;
+        if (*entries == NULL) {
+            /* First on list */
+            *entries = dnsEntry;
+        }
+        else {
+            DNS_entry* temp = *entries;
+
+            /* Find end */
+            for (; (temp->next != NULL); temp = temp->next);
+
+            /* Add to end */
+            temp->next = dnsEntry;
+        }
+    #else
        /* Prepend entry to linked list. */
        dnsEntry->next = *entries;
        *entries = dnsEntry;
+    #endif
    }

    return ret;
@ -13556,6 +13573,31 @@ static int ConfirmNameConstraints(Signer* signer, DecodedCert* cert)

 #endif /* IGNORE_NAME_CONSTRAINTS */

+#ifndef WOLFSSL_ASN_TEMPLATE
+static void AddAltName(DecodedCert* cert, DNS_entry* dnsEntry)
+{
+#if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_ALT_NAMES_NO_REV)
+    dnsEntry->next = NULL;
+    if (cert->altNames == NULL) {
+        /* First on list */
+        cert->altNames = dnsEntry;
+    }
+    else {
+        DNS_entry* temp = cert->altNames;
+
+        /* Find end */
+        for (; (temp->next != NULL); temp = temp->next);
+
+        /* Add to end */
+        temp->next = dnsEntry;
+    }
+#else
+    dnsEntry->next = cert->altNames;
+    cert->altNames = dnsEntry;
+#endif
+}
+#endif
+
 #ifdef WOLFSSL_ASN_TEMPLATE
 #ifdef WOLFSSL_SEP
 /* ASN.1 template for OtherName of an X.509 certificate.
@ -13802,29 +13844,6 @@ static const ASNItem altNameASN[] = {
 #define altNameASN_Length (sizeof(altNameASN) / sizeof(ASNItem))
 #endif /* WOLFSSL_ASN_TEMPLATE */

-
-static void AddAltName(DecodedCert* cert, DNS_entry* dnsEntry)
-{
-#if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_ALT_NAMES_NO_REV)
-    dnsEntry->next = NULL;
-    if (cert->altNames == NULL) {
-        /* First on list */
-        cert->altNames = dnsEntry;
-    }
-    else {
-        DNS_entry* temp = cert->altNames;
-
-        /* Find end */
-        for (; (temp->next != NULL); temp = temp->next);
-
-        /* Add to end */
-        temp->next = dnsEntry;
-    }
-#else
-    dnsEntry->next = cert->altNames;
-    cert->altNames = dnsEntry;
-#endif
-}
 /* Decode subject alternative names extension.
 *
 * RFC 5280 4.2.1.6.  Subject Alternative Name
@ -21226,6 +21245,9 @@ int FlattenAltNames(byte* output, word32 outputSz, const DNS_entry* names)
    word32 idx;
    const DNS_entry* curName;
    word32 namesSz = 0;
+#ifdef WOLFSSL_ALT_NAMES_NO_REV
+    word32 i;
+#endif

    if (output == NULL)
        return BAD_FUNC_ARG;
@ -21245,9 +21267,18 @@ int FlattenAltNames(byte* output, word32 outputSz, const DNS_entry* names)
        return BUFFER_E;

    idx = SetSequence(namesSz, output);
+#ifdef WOLFSSL_ALT_NAMES_NO_REV
+    namesSz += idx;
+    i = namesSz;
+#endif

    curName = names;
    do {
+#ifdef WOLFSSL_ALT_NAMES_NO_REV
+        word32 len = SetLength(curName->len, NULL);
+        idx = i - curName->len - len - 1;
+        i = idx;
+#endif
        output[idx] = ASN_CONTEXT_SPECIFIC | curName->type;
        if (curName->type == ASN_DIR_TYPE) {
            output[idx] |= ASN_CONSTRUCTED;
@ -21255,10 +21286,15 @@ int FlattenAltNames(byte* output, word32 outputSz, const DNS_entry* names)
        idx++;
        idx += SetLength(curName->len, output + idx);
        XMEMCPY(output + idx, curName->name, curName->len);
+#ifndef WOLFSSL_ALT_NAMES_NO_REV
        idx += curName->len;
+#endif
        curName = curName->next;
    } while (curName != NULL);

+#ifdef WOLFSSL_ALT_NAMES_NO_REV
+    idx = namesSz;
+#endif
    return idx;
 }

@ -26816,6 +26852,7 @@ static int DecodeAsymKeyPublic(const byte* input, word32* inOutIdx, word32 inSz,
    int length;
    word32 oid;
 #else
+    word32 len;
    DECL_ASNGETDATA(dataASN, edPubKeyASN_Length);
 #endif

@ -26849,12 +26886,15 @@ static int DecodeAsymKeyPublic(const byte* input, word32* inOutIdx, word32 inSz,
    *pubKeyLen = inSz - *inOutIdx;
    XMEMCPY(pubKey, input + *inOutIdx, *pubKeyLen);
 #else
+    len = inSz - *inOutIdx;
+
    CALLOC_ASNGETDATA(dataASN, edPubKeyASN_Length, ret, NULL);

    if (ret == 0) {
        /* Require OID. */
        word32 oidSz;
        const byte* oid = OidFromId(keyType, oidKeyType, &oidSz);
+
        GetASN_ExpBuffer(&dataASN[2], oid, oidSz);
        /* Decode Ed25519 private key. */
        ret = GetASN_Items(edPubKeyASN, dataASN, edPubKeyASN_Length, 1, input,
@ -26867,6 +26907,10 @@ static int DecodeAsymKeyPublic(const byte* input, word32* inOutIdx, word32 inSz,
    if ((ret == 0) && (dataASN[3].data.ref.length > *pubKeyLen)) {
        ret = ASN_PARSE_E;
    }
+    /* Check that the all the buffer was used. */
+    if ((ret == 0) && (GetASNItem_Length(dataASN[0], input) != len)) {
+        ret = ASN_PARSE_E;
+    }
    if (ret == 0) {
        *pubKeyLen = dataASN[3].data.ref.length;
        XMEMCPY(pubKey, dataASN[3].data.ref.data, *pubKeyLen);