diff --git a/configure.ac b/configure.ac index 202b3e6e5..cc9cad36a 100644 --- a/configure.ac +++ b/configure.ac @@ -6,7 +6,7 @@ # # -AC_INIT([cyassl],[2.0.9],[http://www.yassl.com]) +AC_INIT([cyassl],[2.1.0],[http://www.yassl.com]) AC_CONFIG_AUX_DIR(config) @@ -199,7 +199,7 @@ AC_ARG_ENABLE(bump, if test "$ENABLED_BUMP" = "yes" then - AM_CFLAGS="$AM_CFLAGS -DLARGE_STATIC_BUFFERS -DCYASSL_CERT_GEN -DCYASSL_KEY_GEN -DHUGE_SESSION_CACHE -DOPENSSL_EXTRA -DFP_MAX_BITS=8192 -DCYASSL_DER_LOAD" + AM_CFLAGS="$AM_CFLAGS -DLARGE_STATIC_BUFFERS -DCYASSL_CERT_GEN -DCYASSL_KEY_GEN -DHUGE_SESSION_CACHE -DOPENSSL_EXTRA -DFP_MAX_BITS=8192 -DCYASSL_DER_LOAD -DCYASSL_ALT_NAMES" fi # fastmath diff --git a/ctaocrypt/src/asn.c b/ctaocrypt/src/asn.c index a65e42ef9..b8c455113 100644 --- a/ctaocrypt/src/asn.c +++ b/ctaocrypt/src/asn.c @@ -2412,6 +2412,10 @@ void CTaoCryptErrorString(int error, char* buffer) XSTRNCPY(buffer, "No password provided by user", max); break; + case ALT_NAME_E : + XSTRNCPY(buffer, "Alt Name problem, too big", max); + break; + default: XSTRNCPY(buffer, "unknown error number", max); @@ -2601,7 +2605,9 @@ void InitCert(Cert* cert) cert->selfSigned = 1; cert->isCA = 0; cert->bodySz = 0; +#ifdef CYASSL_ALT_NAMES cert->altNamesSz = 0; +#endif cert->keyType = RSA_KEY; XMEMSET(cert->serial, 0, CTC_SERIAL_SIZE); @@ -3149,12 +3155,14 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, RNG* rng, else der->extensionsSz = 0; +#ifdef CYASSL_ALT_NAMES if (der->extensionsSz == 0 && cert->altNamesSz) { der->extensionsSz = SetExtensions(der->extensions, cert->altNames, cert->altNamesSz); if (der->extensionsSz == 0) return EXTENSIONS_E; } +#endif der->total = der->versionSz + der->serialSz + der->sigAlgoSz + der->publicKeySz + der->validitySz + der->subjectSz + der->issuerSz + @@ -3340,6 +3348,8 @@ int MakeSelfCert(Cert* cert, byte* buffer, word32 buffSz, RsaKey* key, RNG* rng) } +#ifdef CYASSL_ALT_NAMES + /* Set Alt Names from der cert, return 0 on success */ static int SetAltNamesFromCert(Cert* cert, const byte* der, int derSz) { @@ -3410,6 +3420,8 @@ static int SetAltNamesFromCert(Cert* cert, const byte* der, int derSz) else { cert->altNamesSz = 0; CYASSL_MSG("AltNames extensions too big"); + FreeDecodedCert(&decoded); + return ALT_NAME_E; } } decoded.srcIdx = tmpIdx + length; @@ -3420,6 +3432,8 @@ static int SetAltNamesFromCert(Cert* cert, const byte* der, int derSz) return 0; } +#endif /* CYASSL_ALT_NAMES */ + /* Set cn name from der buffer, return 0 on success */ static int SetNameFromCert(CertName* cn, const byte* der, int derSz) @@ -3518,6 +3532,8 @@ int SetSubject(Cert* cert, const char* subjectFile) } +#ifdef CYASSL_ALT_NAMES + /* Set atl names from file in PEM */ int SetAltNames(Cert* cert, const char* file) { @@ -3527,6 +3543,8 @@ int SetAltNames(Cert* cert, const char* file) return SetAltNamesFromCert(cert, der, derSz); } +#endif /* CYASSL_ALT_NAMES */ + #endif /* NO_FILESYSTEM */ /* Set cert issuer from DER buffer */ @@ -3544,12 +3562,15 @@ int SetSubjectBuffer(Cert* cert, const byte* der, int derSz) } +#ifdef CYASSL_ALT_NAMES + /* Set cert alt names from DER buffer */ int SetAltNamesBuffer(Cert* cert, const byte* der, int derSz) { return SetAltNamesFromCert(cert, der, derSz); } +#endif /* CYASSL_ALT_NAMES */ #endif /* CYASSL_CERT_GEN */ diff --git a/cyassl/ctaocrypt/asn.h b/cyassl/ctaocrypt/asn.h index c3a809a32..21020d5cd 100644 --- a/cyassl/ctaocrypt/asn.h +++ b/cyassl/ctaocrypt/asn.h @@ -127,7 +127,11 @@ enum Misc_ASN { MAX_RSA_E_SZ = 16, /* Max RSA public e size */ MAX_CA_SZ = 32, /* Max encoded CA basic constraint length */ #ifdef CYASSL_CERT_GEN - MAX_EXTENSIONS_SZ = 1 + MAX_LENGTH_SZ + CTC_MAX_ALT_SIZE, + #ifdef CYASSL_ALT_NAMES + MAX_EXTENSIONS_SZ = 1 + MAX_LENGTH_SZ + CTC_MAX_ALT_SIZE, + #else + MAX_EXTENSIONS_SZ = 1 + MAX_LENGTH_SZ + MAX_CA_SZ, + #endif /* Max total extensions, id + len + others */ #endif MAX_PUBLIC_KEY_SZ = MAX_NTRU_ENC_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ * 2 diff --git a/cyassl/ctaocrypt/asn_public.h b/cyassl/ctaocrypt/asn_public.h index 666606244..200470e21 100644 --- a/cyassl/ctaocrypt/asn_public.h +++ b/cyassl/ctaocrypt/asn_public.h @@ -58,9 +58,9 @@ enum Ctc_SigType { #ifdef CYASSL_CERT_GEN enum Ctc_Misc { - CTC_NAME_SIZE = 64, - CTC_MAX_ALT_SIZE = 512, - CTC_SERIAL_SIZE = 8 + CTC_NAME_SIZE = 64, + CTC_MAX_ALT_SIZE = 8192, /* may be huge */ + CTC_SERIAL_SIZE = 8 }; typedef struct CertName { @@ -88,8 +88,10 @@ typedef struct Cert { /* internal use only */ int bodySz; /* pre sign total size */ int keyType; /* public key type of subject */ +#ifdef CYASSL_ALT_NAMES byte altNames[CTC_MAX_ALT_SIZE]; /* altNames copy */ int altNamesSz; /* altNames size in bytes */ +#endif } Cert; @@ -113,7 +115,9 @@ CYASSL_API int MakeSelfCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*, RNG*); CYASSL_API int SetIssuer(Cert*, const char*); CYASSL_API int SetSubject(Cert*, const char*); -CYASSL_API int SetAltNames(Cert*, const char*); +#ifdef CYASSL_ALT_NAMES + CYASSL_API int SetAltNames(Cert*, const char*); +#endif CYASSL_API int SetIssuerBuffer(Cert*, const byte*, int); CYASSL_API int SetSubjectBuffer(Cert*, const byte*, int); CYASSL_API int SetAltNamesBuffer(Cert*, const byte*, int); diff --git a/cyassl/ctaocrypt/error.h b/cyassl/ctaocrypt/error.h index fcc8b48dc..59298bbc6 100644 --- a/cyassl/ctaocrypt/error.h +++ b/cyassl/ctaocrypt/error.h @@ -96,6 +96,7 @@ enum { NOT_COMPILED_IN = -174, /* Feature not compiled in */ UNICODE_SIZE_E = -175, /* Unicode password too big */ NO_PASSWORD = -176, /* no password provided by user */ + ALT_NAME_E = -177, /* alt name size problem, too big */ MIN_CODE_E = -200 /* errors -101 - -199 */ };