wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-29 18:27:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

Certs: fix leak when multiple hardware names in SAN

Browse Source 
Can only be one hardware name in SAN as this indicates the certificate
is for verifying signatures created by hardware module.
This commit is contained in:
Sean Parkinson
2021-06-07 12:02:23 +10:00
parent 898b9d5e24
commit e76ae2b8ac
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
wolfcrypt/src/asn.c
View File

@ -8310,6 +8310,14 @@ static int DecodeAltNames(const byte* input, int sz, DecodedCert* cert)
return ASN_PARSE_E;
}
/* Certiciates issued with this OID in the subject alt name are for
* verifying signatures created on a module.
* RFC 4108 Section 5. */
if (cert->hwType != NULL) {
WOLFSSL_MSG("\tAlready seen Hardware Module Name");
return ASN_PARSE_E;
}
if (GetASNTag(input, &idx, &tag, sz) < 0) {
return ASN_PARSE_E;
}