diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 4ae80e8e7..96253e637 100755 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -7814,83 +7814,39 @@ int wc_InitCert(Cert* cert) return BAD_FUNC_ARG; } + XMEMSET(cert, 0, sizeof(Cert)); + cert->version = 2; /* version 3 is hex 2 */ cert->sigType = CTC_SHAwRSA; cert->daysValid = 500; cert->selfSigned = 1; - cert->isCA = 0; - cert->bodySz = 0; -#ifdef WOLFSSL_ALT_NAMES - cert->altNamesSz = 0; - cert->beforeDateSz = 0; - cert->afterDateSz = 0; -#endif -#ifdef WOLFSSL_CERT_EXT - cert->skidSz = 0; - cert->akidSz = 0; - cert->keyUsage = 0; - cert->extKeyUsage = 0; - cert->certPoliciesNb = 0; - XMEMSET(cert->akid, 0, CTC_MAX_AKID_SIZE); - XMEMSET(cert->skid, 0, CTC_MAX_SKID_SIZE); - XMEMSET(cert->certPolicies, 0, CTC_MAX_CERTPOL_NB*CTC_MAX_CERTPOL_SZ); -#endif cert->keyType = RSA_KEY; - XMEMSET(cert->serial, 0, CTC_SERIAL_SIZE); - cert->serialSz = 0; - cert->issuer.country[0] = '\0'; cert->issuer.countryEnc = CTC_PRINTABLE; - cert->issuer.state[0] = '\0'; cert->issuer.stateEnc = CTC_UTF8; - cert->issuer.locality[0] = '\0'; cert->issuer.localityEnc = CTC_UTF8; - cert->issuer.sur[0] = '\0'; cert->issuer.surEnc = CTC_UTF8; - cert->issuer.org[0] = '\0'; cert->issuer.orgEnc = CTC_UTF8; - cert->issuer.unit[0] = '\0'; cert->issuer.unitEnc = CTC_UTF8; - cert->issuer.commonName[0] = '\0'; cert->issuer.commonNameEnc = CTC_UTF8; - cert->issuer.email[0] = '\0'; - cert->subject.country[0] = '\0'; cert->subject.countryEnc = CTC_PRINTABLE; - cert->subject.state[0] = '\0'; cert->subject.stateEnc = CTC_UTF8; - cert->subject.locality[0] = '\0'; cert->subject.localityEnc = CTC_UTF8; - cert->subject.sur[0] = '\0'; cert->subject.surEnc = CTC_UTF8; - cert->subject.org[0] = '\0'; cert->subject.orgEnc = CTC_UTF8; - cert->subject.unit[0] = '\0'; cert->subject.unitEnc = CTC_UTF8; - cert->subject.commonName[0] = '\0'; cert->subject.commonNameEnc = CTC_UTF8; - cert->subject.email[0] = '\0'; #ifdef WOLFSSL_MULTI_ATTRIB for (i = 0; i < CTC_MAX_ATTRIB; i++) { - cert->issuer.name[i].sz = 0; - cert->issuer.name[i].id = 0; - cert->issuer.name[i].type = CTC_UTF8; - cert->issuer.name[i].value[0] = '\0'; - - cert->subject.name[i].sz = 0; - cert->subject.name[i].id = 0; + cert->issuer.name[i].type = CTC_UTF8; cert->subject.name[i].type = CTC_UTF8; - cert->subject.name[i].value[0] = '\0'; } #endif /* WOLFSSL_MULTI_ATTRIB */ -#ifdef WOLFSSL_CERT_REQ - cert->challengePw[0] ='\0'; -#endif + #ifdef WOLFSSL_HEAP_TEST cert->heap = (void*)WOLFSSL_HEAP_TEST; -#else - cert->heap = NULL; #endif (void)i; @@ -8908,7 +8864,7 @@ static int SetAltNames(byte *out, word32 outSz, byte *input, word32 length) * * returns length on success */ -static int _EncodeName(EncodedName* name, const char* nameStr, char nameType, +static int wc_EncodeName(EncodedName* name, const char* nameStr, char nameType, byte type) { word32 idx = 0; @@ -9059,7 +9015,7 @@ int SetName(byte* output, word32 outputSz, CertName* name) int ret; const char* nameStr = GetOneName(name, i); - ret = _EncodeName(&names[i], nameStr, GetNameType(name, i), + ret = wc_EncodeName(&names[i], nameStr, GetNameType(name, i), GetNameId(i)); if (ret < 0) { #ifdef WOLFSSL_SMALL_STACK @@ -9073,7 +9029,7 @@ int SetName(byte* output, word32 outputSz, CertName* name) for (i = 0; i < CTC_MAX_ATTRIB; i++) { if (name->name[i].sz > 0) { int ret; - ret = _EncodeName(&addNames[i], name->name[i].value, + ret = wc_EncodeName(&addNames[i], name->name[i].value, name->name[i].type, name->name[i].id); if (ret < 0) { #ifdef WOLFSSL_SMALL_STACK @@ -10640,7 +10596,7 @@ int wc_SetExtKeyUsageOID(Cert *cert, const char *in, word32 sz, byte idx, byte oid[MAX_OID_SZ]; word32 oidSz = MAX_OID_SZ; - if (idx >= CTC_MAX_EKU_NB || sz >= CTX_MAX_EKU_OID_SZ) { + if (idx >= CTC_MAX_EKU_NB || sz >= CTC_MAX_EKU_OID_SZ) { WOLFSSL_MSG("Either idx or sz was too large"); return BAD_FUNC_ARG; } diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 3e23a8ea6..fc5368803 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -9966,6 +9966,15 @@ int rsa_test(void) "emailProtection,timeStamping,OCSPSigning") != 0) { ERROR_OUT(-5645, exit_rsa); } + #ifdef WOLFSSL_EKU_OID + { + const char unique[] = "2.16.840.1.111111.100.1.10.1"; + if (wc_SetExtKeyUsageOID(&req, unique, sizeof(unique), 0, + HEAP_HINT) != 0) { + ERROR_OUT(-5652, exit_rsa); + } + } + #endif /* WOLFSSL_EKU_OID */ #endif /* WOLFSSL_CERT_EXT */ derSz = wc_MakeCertReq(&req, der, FOURK_BUF, &key, NULL); diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 355bede32..54c2c5757 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -194,7 +194,8 @@ enum Misc_ASN { #ifdef WOLFSSL_CERT_EXT MAX_KID_SZ = 45, /* Max encoded KID length (SHA-256 case) */ MAX_KEYUSAGE_SZ = 18, /* Max encoded Key Usage length */ - MAX_EXTKEYUSAGE_SZ = 12 + (6 * (8 + 2)), /* Max encoded ExtKeyUsage + MAX_EXTKEYUSAGE_SZ = 12 + (6 * (8 + 2)) + + CTC_MAX_EKU_OID_SZ, /* Max encoded ExtKeyUsage (SEQ/LEN + OBJID + OCTSTR/LEN + SEQ + (6 * (SEQ + OID))) */ MAX_CERTPOL_NB = CTC_MAX_CERTPOL_NB,/* Max number of Cert Policy */ MAX_CERTPOL_SZ = CTC_MAX_CERTPOL_SZ, diff --git a/wolfssl/wolfcrypt/asn_public.h b/wolfssl/wolfcrypt/asn_public.h index 0101a65be..fbc03fcc0 100644 --- a/wolfssl/wolfcrypt/asn_public.h +++ b/wolfssl/wolfcrypt/asn_public.h @@ -117,9 +117,12 @@ enum Ctc_Misc { #ifndef CTC_MAX_EKU_NB #define CTC_MAX_EKU_NB 1 #endif - #ifndef CTX_MAX_EKU_OID_SZ - #define CTX_MAX_EKU_OID_SZ 30 + #ifndef CTC_MAX_EKU_OID_SZ + #define CTC_MAX_EKU_OID_SZ 30 #endif +#else + #undef CTC_MAX_EKU_OID_SZ + #define CTC_MAX_EKU_OID_SZ 0 #endif @@ -191,7 +194,7 @@ typedef struct Cert { byte extKeyUsage; /* Extended Key Usage */ #ifdef WOLFSSL_EKU_OID /* Extended Key Usage OIDs */ - byte extKeyUsageOID[CTC_MAX_EKU_NB][CTX_MAX_EKU_OID_SZ]; + byte extKeyUsageOID[CTC_MAX_EKU_NB][CTC_MAX_EKU_OID_SZ]; byte extKeyUsageOIDSz[CTC_MAX_EKU_NB]; #endif char certPolicies[CTC_MAX_CERTPOL_NB][CTC_MAX_CERTPOL_SZ];