| commit | 9643575d92440b8efc91cb60b7f0270e23f5fae8 | [log] [tgz] |
|---|---|---|
| author | David Horstmann <david.horstmann@arm.com> | Wed Apr 26 11:50:14 2023 +0100 |
| committer | David Horstmann <david.horstmann@arm.com> | Wed Apr 26 11:50:14 2023 +0100 |
| tree | bc44742533f8e050cb7993f0a3008c00f3e70c47 | |
| parent | 861e5d2742ddcdd68ab89e8177aa85381eb12ff0 [diff] [blame] |
Limit OIDs to 128 components The longest OID known by oid-info.com is 34 components[1], so 128 should be plenty and will limit the potential for attacks. [1] http://oid-info.com/get/1.3.6.1.4.1.1248.1.1.2.1.3.21.69.112.115.111.110.32.83.116.121.108.117.115.32.80.114.111.32.52.57.48.48 Signed-off-by: David Horstmann <david.horstmann@arm.com>
diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h index b2f5dd1..1d73506 100644 --- a/include/mbedtls/oid.h +++ b/include/mbedtls/oid.h
@@ -64,6 +64,11 @@ #define MBEDTLS_OID_X509_EXT_NS_CERT_TYPE (1 << 16) /* + * Maximum number of OID components allowed + */ +#define MBEDTLS_OID_MAX_COMPONENTS 128 + +/* * Top level OID tuples */ #define MBEDTLS_OID_ISO_MEMBER_BODIES "\x2a" /* {iso(1) member-body(2)} */