From dfbdcf9400caa8ae35907fab57b91f8a6cad6d91 Mon Sep 17 00:00:00 2001
From: Sean Parkinson <sean@wolfssl.com>
Date: Tue, 5 Oct 2021 16:29:11 +1000
Subject: [PATCH] ASN template: replicate AddAltName change in template code

---
 wolfcrypt/src/asn.c | 90 +++++++++++++++++++++++++++++++++------------
 1 file changed, 67 insertions(+), 23 deletions(-)

diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index 3b701bd5a..b1e1b0e2f 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -10415,9 +10415,26 @@ static int SetDNSEntry(DecodedCert* cert, const char* str, int strLen,
         XMEMCPY(dnsEntry->name, str, strLen);
         dnsEntry->name[strLen] = '\0';
 
+    #if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_ALT_NAMES_NO_REV)
+        dnsEntry->next = NULL;
+        if (*entries == NULL) {
+            /* First on list */
+            *entries = dnsEntry;
+        }
+        else {
+            DNS_entry* temp = *entries;
+
+            /* Find end */
+            for (; (temp->next != NULL); temp = temp->next);
+
+            /* Add to end */
+            temp->next = dnsEntry;
+        }
+    #else
         /* Prepend entry to linked list. */
         dnsEntry->next = *entries;
         *entries = dnsEntry;
+    #endif
     }
 
     return ret;
@@ -13556,6 +13573,31 @@ static int ConfirmNameConstraints(Signer* signer, DecodedCert* cert)
 
 #endif /* IGNORE_NAME_CONSTRAINTS */
 
+#ifndef WOLFSSL_ASN_TEMPLATE
+static void AddAltName(DecodedCert* cert, DNS_entry* dnsEntry)
+{
+#if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_ALT_NAMES_NO_REV)
+    dnsEntry->next = NULL;
+    if (cert->altNames == NULL) {
+        /* First on list */
+        cert->altNames = dnsEntry;
+    }
+    else {
+        DNS_entry* temp = cert->altNames;
+
+        /* Find end */
+        for (; (temp->next != NULL); temp = temp->next);
+
+        /* Add to end */
+        temp->next = dnsEntry;
+    }
+#else
+    dnsEntry->next = cert->altNames;
+    cert->altNames = dnsEntry;
+#endif
+}
+#endif
+
 #ifdef WOLFSSL_ASN_TEMPLATE
 #ifdef WOLFSSL_SEP
 /* ASN.1 template for OtherName of an X.509 certificate.
@@ -13802,29 +13844,6 @@ static const ASNItem altNameASN[] = {
 #define altNameASN_Length (sizeof(altNameASN) / sizeof(ASNItem))
 #endif /* WOLFSSL_ASN_TEMPLATE */
 
-
-static void AddAltName(DecodedCert* cert, DNS_entry* dnsEntry)
-{
-#if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_ALT_NAMES_NO_REV)
-    dnsEntry->next = NULL;
-    if (cert->altNames == NULL) {
-        /* First on list */
-        cert->altNames = dnsEntry;
-    }
-    else {
-        DNS_entry* temp = cert->altNames;
-
-        /* Find end */
-        for (; (temp->next != NULL); temp = temp->next);
-
-        /* Add to end */
-        temp->next = dnsEntry;
-    }
-#else
-    dnsEntry->next = cert->altNames;
-    cert->altNames = dnsEntry;
-#endif
-}
 /* Decode subject alternative names extension.
  *
  * RFC 5280 4.2.1.6.  Subject Alternative Name
@@ -21226,6 +21245,9 @@ int FlattenAltNames(byte* output, word32 outputSz, const DNS_entry* names)
     word32 idx;
     const DNS_entry* curName;
     word32 namesSz = 0;
+#ifdef WOLFSSL_ALT_NAMES_NO_REV
+    word32 i;
+#endif
 
     if (output == NULL)
         return BAD_FUNC_ARG;
@@ -21245,9 +21267,18 @@ int FlattenAltNames(byte* output, word32 outputSz, const DNS_entry* names)
         return BUFFER_E;
 
     idx = SetSequence(namesSz, output);
+#ifdef WOLFSSL_ALT_NAMES_NO_REV
+    namesSz += idx;
+    i = namesSz;
+#endif
 
     curName = names;
     do {
+#ifdef WOLFSSL_ALT_NAMES_NO_REV
+        word32 len = SetLength(curName->len, NULL);
+        idx = i - curName->len - len - 1;
+        i = idx;
+#endif
         output[idx] = ASN_CONTEXT_SPECIFIC | curName->type;
         if (curName->type == ASN_DIR_TYPE) {
             output[idx] |= ASN_CONSTRUCTED;
@@ -21255,10 +21286,15 @@ int FlattenAltNames(byte* output, word32 outputSz, const DNS_entry* names)
         idx++;
         idx += SetLength(curName->len, output + idx);
         XMEMCPY(output + idx, curName->name, curName->len);
+#ifndef WOLFSSL_ALT_NAMES_NO_REV
         idx += curName->len;
+#endif
         curName = curName->next;
     } while (curName != NULL);
 
+#ifdef WOLFSSL_ALT_NAMES_NO_REV
+    idx = namesSz;
+#endif
     return idx;
 }
 
@@ -26816,6 +26852,7 @@ static int DecodeAsymKeyPublic(const byte* input, word32* inOutIdx, word32 inSz,
     int length;
     word32 oid;
 #else
+    word32 len;
     DECL_ASNGETDATA(dataASN, edPubKeyASN_Length);
 #endif
 
@@ -26849,12 +26886,15 @@ static int DecodeAsymKeyPublic(const byte* input, word32* inOutIdx, word32 inSz,
     *pubKeyLen = inSz - *inOutIdx;
     XMEMCPY(pubKey, input + *inOutIdx, *pubKeyLen);
 #else
+    len = inSz - *inOutIdx;
+
     CALLOC_ASNGETDATA(dataASN, edPubKeyASN_Length, ret, NULL);
 
     if (ret == 0) {
         /* Require OID. */
         word32 oidSz;
         const byte* oid = OidFromId(keyType, oidKeyType, &oidSz);
+
         GetASN_ExpBuffer(&dataASN[2], oid, oidSz);
         /* Decode Ed25519 private key. */
         ret = GetASN_Items(edPubKeyASN, dataASN, edPubKeyASN_Length, 1, input,
@@ -26867,6 +26907,10 @@ static int DecodeAsymKeyPublic(const byte* input, word32* inOutIdx, word32 inSz,
     if ((ret == 0) && (dataASN[3].data.ref.length > *pubKeyLen)) {
         ret = ASN_PARSE_E;
     }
+    /* Check that the all the buffer was used. */
+    if ((ret == 0) && (GetASNItem_Length(dataASN[0], input) != len)) {
+        ret = ASN_PARSE_E;
+    }
     if (ret == 0) {
         *pubKeyLen = dataASN[3].data.ref.length;
         XMEMCPY(pubKey, dataASN[3].data.ref.data, *pubKeyLen);