make SetAltNames optional since need bigger buffer with -DCYASSL_ALT_NAMES

configure.ac

@@ -6,7 +6,7 @@
 #
 #
 
-AC_INIT([cyassl],[2.0.9],[http://www.yassl.com])
+AC_INIT([cyassl],[2.1.0],[http://www.yassl.com])
 
 AC_CONFIG_AUX_DIR(config)
 
@@ -199,7 +199,7 @@ AC_ARG_ENABLE(bump,
 
 if test "$ENABLED_BUMP" = "yes"
 then
-    AM_CFLAGS="$AM_CFLAGS -DLARGE_STATIC_BUFFERS -DCYASSL_CERT_GEN -DCYASSL_KEY_GEN -DHUGE_SESSION_CACHE -DOPENSSL_EXTRA -DFP_MAX_BITS=8192 -DCYASSL_DER_LOAD"
+    AM_CFLAGS="$AM_CFLAGS -DLARGE_STATIC_BUFFERS -DCYASSL_CERT_GEN -DCYASSL_KEY_GEN -DHUGE_SESSION_CACHE -DOPENSSL_EXTRA -DFP_MAX_BITS=8192 -DCYASSL_DER_LOAD -DCYASSL_ALT_NAMES"
 fi
 
 # fastmath

ctaocrypt/src/asn.c

@@ -2412,6 +2412,10 @@ void CTaoCryptErrorString(int error, char* buffer)
         XSTRNCPY(buffer, "No password provided by user", max);
         break;
 
+    case ALT_NAME_E :
+        XSTRNCPY(buffer, "Alt Name problem, too big", max);
+        break;
+
     default:
         XSTRNCPY(buffer, "unknown error number", max);
 
@@ -2601,7 +2605,9 @@ void InitCert(Cert* cert)
     cert->selfSigned = 1;
     cert->isCA       = 0;
     cert->bodySz     = 0;
+#ifdef CYASSL_ALT_NAMES
     cert->altNamesSz = 0;
+#endif
     cert->keyType    = RSA_KEY;
     XMEMSET(cert->serial, 0, CTC_SERIAL_SIZE);
 
@@ -3149,12 +3155,14 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, RNG* rng,
     else
         der->extensionsSz = 0;
 
+#ifdef CYASSL_ALT_NAMES
     if (der->extensionsSz == 0 && cert->altNamesSz) {
         der->extensionsSz = SetExtensions(der->extensions, cert->altNames,
                                           cert->altNamesSz);
         if (der->extensionsSz == 0)
             return EXTENSIONS_E;
     }
+#endif
 
     der->total = der->versionSz + der->serialSz + der->sigAlgoSz +
         der->publicKeySz + der->validitySz + der->subjectSz + der->issuerSz +
@@ -3340,6 +3348,8 @@ int MakeSelfCert(Cert* cert, byte* buffer, word32 buffSz, RsaKey* key, RNG* rng)
 }
 
 
+#ifdef CYASSL_ALT_NAMES 
+
 /* Set Alt Names from der cert, return 0 on success */
 static int SetAltNamesFromCert(Cert* cert, const byte* der, int derSz)
 {
@@ -3410,6 +3420,8 @@ static int SetAltNamesFromCert(Cert* cert, const byte* der, int derSz)
                 else {
                     cert->altNamesSz = 0;
                     CYASSL_MSG("AltNames extensions too big");
+                    FreeDecodedCert(&decoded);
+                    return ALT_NAME_E;
                 }
             }
             decoded.srcIdx = tmpIdx + length;
@@ -3420,6 +3432,8 @@ static int SetAltNamesFromCert(Cert* cert, const byte* der, int derSz)
     return 0;
 }
 
+#endif /* CYASSL_ALT_NAMES */
+
 
 /* Set cn name from der buffer, return 0 on success */
 static int SetNameFromCert(CertName* cn, const byte* der, int derSz)
@@ -3518,6 +3532,8 @@ int SetSubject(Cert* cert, const char* subjectFile)
 }
 
 
+#ifdef CYASSL_ALT_NAMES
+
 /* Set atl names from file in PEM */
 int SetAltNames(Cert* cert, const char* file)
 {
@@ -3527,6 +3543,8 @@ int SetAltNames(Cert* cert, const char* file)
     return SetAltNamesFromCert(cert, der, derSz);
 }
 
+#endif /* CYASSL_ALT_NAMES */
+
 #endif /* NO_FILESYSTEM */
 
 /* Set cert issuer from DER buffer */
@@ -3544,12 +3562,15 @@ int SetSubjectBuffer(Cert* cert, const byte* der, int derSz)
 }
 
 
+#ifdef CYASSL_ALT_NAMES
+
 /* Set cert alt names from DER buffer */
 int SetAltNamesBuffer(Cert* cert, const byte* der, int derSz)
 {
     return SetAltNamesFromCert(cert, der, derSz);
 }
 
+#endif /* CYASSL_ALT_NAMES */
 
 #endif /* CYASSL_CERT_GEN */
 

cyassl/ctaocrypt/asn.h

@@ -127,7 +127,11 @@ enum Misc_ASN {
     MAX_RSA_E_SZ        =  16,     /* Max RSA public e size */
     MAX_CA_SZ           =  32,     /* Max encoded CA basic constraint length */
 #ifdef CYASSL_CERT_GEN
-    MAX_EXTENSIONS_SZ   = 1 + MAX_LENGTH_SZ + CTC_MAX_ALT_SIZE,
+    #ifdef CYASSL_ALT_NAMES
+        MAX_EXTENSIONS_SZ   = 1 + MAX_LENGTH_SZ + CTC_MAX_ALT_SIZE,
+    #else
+        MAX_EXTENSIONS_SZ   = 1 + MAX_LENGTH_SZ + MAX_CA_SZ,
+    #endif
                                    /* Max total extensions, id + len + others */
 #endif
     MAX_PUBLIC_KEY_SZ   = MAX_NTRU_ENC_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ * 2

cyassl/ctaocrypt/asn_public.h

@@ -58,9 +58,9 @@ enum Ctc_SigType {
 #ifdef CYASSL_CERT_GEN
 
 enum Ctc_Misc {
-    CTC_NAME_SIZE    =  64,
-    CTC_MAX_ALT_SIZE = 512,
-    CTC_SERIAL_SIZE  =   8
+    CTC_NAME_SIZE    =   64,
+    CTC_MAX_ALT_SIZE = 8192,    /* may be huge */
+    CTC_SERIAL_SIZE  =    8
 };
 
 typedef struct CertName {
@@ -88,8 +88,10 @@ typedef struct Cert {
     /* internal use only */
     int      bodySz;                    /* pre sign total size */
     int      keyType;                   /* public key type of subject */
+#ifdef CYASSL_ALT_NAMES
     byte     altNames[CTC_MAX_ALT_SIZE]; /* altNames copy */
     int      altNamesSz;                 /* altNames size in bytes */
+#endif
 } Cert;
 
 
@@ -113,7 +115,9 @@ CYASSL_API int  MakeSelfCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*,
                              RNG*);
 CYASSL_API int  SetIssuer(Cert*, const char*);
 CYASSL_API int  SetSubject(Cert*, const char*);
-CYASSL_API int  SetAltNames(Cert*, const char*);
+#ifdef CYASSL_ALT_NAMES
+    CYASSL_API int  SetAltNames(Cert*, const char*);
+#endif
 CYASSL_API int  SetIssuerBuffer(Cert*, const byte*, int);
 CYASSL_API int  SetSubjectBuffer(Cert*, const byte*, int);
 CYASSL_API int  SetAltNamesBuffer(Cert*, const byte*, int);

cyassl/ctaocrypt/error.h

@@ -96,6 +96,7 @@ enum {
     NOT_COMPILED_IN    = -174,  /* Feature not compiled in */
     UNICODE_SIZE_E     = -175,  /* Unicode password too big */
     NO_PASSWORD        = -176,  /* no password provided by user */
+    ALT_NAME_E         = -177,  /* alt name size problem, too big */
 
     MIN_CODE_E         = -200   /* errors -101 - -199 */
 };