diff --git a/src/ssl.c b/src/ssl.c index 5901b6efb..de5d18e08 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -20410,7 +20410,7 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b) } if (dataSz < 0) { - sz = (int)XSTRLEN((const char*)data) + 1; /* +1 for null */ + sz = (int)XSTRLEN((const char*)data); } else { sz = dataSz; @@ -20426,9 +20426,9 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b) asn1->data = NULL; } - if (sz > CTC_NAME_SIZE) { - /* create new data buffer and copy over */ - asn1->data = (char*)XMALLOC(sz, NULL, DYNAMIC_TYPE_OPENSSL); + if (sz + 1 > CTC_NAME_SIZE) { + /* create new data buffer and copy over +1 for null */ + asn1->data = (char*)XMALLOC(sz + 1, NULL, DYNAMIC_TYPE_OPENSSL); if (asn1->data == NULL) { return WOLFSSL_FAILURE; } @@ -37917,6 +37917,12 @@ err: } + /* Creates a new entry given the NID, type, and data + * "dataSz" is number of bytes in data, if set to -1 then XSTRLEN is used + * "out" can be used to store the new entry data in an existing structure + * if NULL then a new WOLFSSL_X509_NAME_ENTRY structure is created + * returns a pointer to WOLFSSL_X509_NAME_ENTRY on success and NULL on fail + */ WOLFSSL_X509_NAME_ENTRY* wolfSSL_X509_NAME_ENTRY_create_by_NID( WOLFSSL_X509_NAME_ENTRY** out, int nid, int type, const unsigned char* data, int dataSz) @@ -38139,7 +38145,8 @@ err: { int ret; WOLFSSL_X509_NAME_ENTRY* entry; - entry = wolfSSL_X509_NAME_ENTRY_create_by_NID(NULL, nid, type, bytes, len); + entry = wolfSSL_X509_NAME_ENTRY_create_by_NID(NULL, nid, type, bytes, + len); if (entry == NULL) return WOLFSSL_FAILURE; ret = wolfSSL_X509_NAME_add_entry(name, entry, loc, set); @@ -47382,8 +47389,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_AutoPrivateKey(WOLFSSL_EVP_PKEY** pkey, } #endif -#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ - defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) /* unlike wolfSSL_X509_NAME_dup this does not malloc a duplicate, only deep * copy. "to" is expected to be a fresh blank name, if not pointers could be * lost */ @@ -47543,7 +47549,7 @@ int wolfSSL_X509_set_version(WOLFSSL_X509* x509, long v) return WOLFSSL_SUCCESS; } -#endif /* OPENSSL_EXTRA && !NO_CERTS && WOLFSSL_CERT_GEN && WOLFSSL_CERT_REQ */ +#endif /* (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) && WOLFSSL_CERT_GEN */ #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 553ec68b4..b677f85bc 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -5551,7 +5551,7 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx) byte tag; #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) WOLFSSL_X509_NAME* dName; - int nid; + int nid = NID_undef; #endif /* OPENSSL_EXTRA */ WOLFSSL_MSG("Getting Cert Name"); @@ -12508,6 +12508,7 @@ static int wc_EncodeName(EncodedName* name, const char* nameStr, char nameType, /* Restrict country code size */ if (ASN_COUNTRY_NAME == type && strLen != CTC_COUNTRY_SIZE) { + WOLFSSL_MSG("Country code size error"); return ASN_COUNTRY_SIZE_E; } @@ -12640,9 +12641,10 @@ int SetName(byte* output, word32 outputSz, CertName* name) GetCertNameId(i)); if (ret < 0) { #ifdef WOLFSSL_SMALL_STACK - XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif - return BUFFER_E; + WOLFSSL_MSG("EncodeName failed"); + return BUFFER_E; } totalBytes += ret; } @@ -12656,6 +12658,7 @@ int SetName(byte* output, word32 outputSz, CertName* name) #ifdef WOLFSSL_SMALL_STACK XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif + WOLFSSL_MSG("EncodeName on multiple attributes failed\n"); return BUFFER_E; } totalBytes += ret; @@ -12673,6 +12676,7 @@ int SetName(byte* output, word32 outputSz, CertName* name) #ifdef WOLFSSL_SMALL_STACK XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif + WOLFSSL_MSG("Total Bytes is greater than ASN_NAME_MAX"); return BUFFER_E; } @@ -12689,6 +12693,7 @@ int SetName(byte* output, word32 outputSz, CertName* name) #ifdef WOLFSSL_SMALL_STACK XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif + WOLFSSL_MSG("Not enough space left for DC value"); return BUFFER_E; }