mirror of https://github.com/wolfSSL/wolfssl
update OID check for domain component
This commit is contained in:
parent
e2a16190a6
commit
857bbe65b5
|
@ -14936,8 +14936,8 @@ static void ExternalFreeX509(WOLFSSL_X509* x509)
|
|||
textSz = name->fullName.dcLen;
|
||||
break;
|
||||
default:
|
||||
WOLFSSL_MSG("Unknown NID value");
|
||||
return -1;
|
||||
WOLFSSL_MSG("Entry type not found");
|
||||
return SSL_FATAL_ERROR;
|
||||
}
|
||||
|
||||
/* if buf is NULL return size of buffer needed (minus null char) */
|
||||
|
|
|
@ -3895,17 +3895,6 @@ static int GetName(DecodedCert* cert, int nameType)
|
|||
dName->snLen = strLen;
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
}
|
||||
else if (id == ASN_DOMAIN_COMPONENT) {
|
||||
if (!tooBig) {
|
||||
XMEMCPY(&full[idx], "/domainComponent=", 17);
|
||||
idx += 17;
|
||||
copy = TRUE;
|
||||
}
|
||||
#ifdef OPENSSL_EXTRA
|
||||
dName->dcIdx = cert->srcIdx;
|
||||
dName->dcLen = strLen;
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
}
|
||||
if (copy && !tooBig) {
|
||||
XMEMCPY(&full[idx], &cert->source[cert->srcIdx], strLen);
|
||||
idx += strLen;
|
||||
|
@ -3916,14 +3905,18 @@ static int GetName(DecodedCert* cert, int nameType)
|
|||
else {
|
||||
/* skip */
|
||||
byte email = FALSE;
|
||||
byte uid = FALSE;
|
||||
byte pilot = FALSE;
|
||||
byte id = 0;
|
||||
int adv;
|
||||
|
||||
if (joint[0] == 0x2a && joint[1] == 0x86) /* email id hdr */
|
||||
email = TRUE;
|
||||
|
||||
if (joint[0] == 0x9 && joint[1] == 0x92) /* uid id hdr */
|
||||
uid = TRUE;
|
||||
if (joint[0] == 0x9 && joint[1] == 0x92) { /* uid id hdr */
|
||||
/* last value of OID is the type of pilot attribute */
|
||||
id = cert->source[cert->srcIdx + oidSz - 1];
|
||||
pilot = TRUE;
|
||||
}
|
||||
|
||||
cert->srcIdx += oidSz + 1;
|
||||
|
||||
|
@ -3986,22 +3979,38 @@ static int GetName(DecodedCert* cert, int nameType)
|
|||
}
|
||||
}
|
||||
|
||||
if (uid) {
|
||||
if (pilot) {
|
||||
if ( (5 + adv) > (int)(ASN_NAME_MAX - idx)) {
|
||||
WOLFSSL_MSG("ASN name too big, skipping");
|
||||
tooBig = TRUE;
|
||||
}
|
||||
if (!tooBig) {
|
||||
switch (id) {
|
||||
case ASN_USER_ID:
|
||||
XMEMCPY(&full[idx], "/UID=", 5);
|
||||
idx += 5;
|
||||
|
||||
XMEMCPY(&full[idx], &cert->source[cert->srcIdx], adv);
|
||||
idx += adv;
|
||||
}
|
||||
#ifdef OPENSSL_EXTRA
|
||||
dName->uidIdx = cert->srcIdx;
|
||||
dName->uidLen = adv;
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
break;
|
||||
|
||||
case ASN_DOMAIN_COMPONENT:
|
||||
XMEMCPY(&full[idx], "/DC=", 4);
|
||||
idx += 4;
|
||||
#ifdef OPENSSL_EXTRA
|
||||
dName->dcIdx = cert->srcIdx;
|
||||
dName->dcLen = adv;
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
break;
|
||||
|
||||
default:
|
||||
WOLFSSL_MSG("Unknown pilot attribute type");
|
||||
return ASN_PARSE_E;
|
||||
}
|
||||
XMEMCPY(&full[idx], &cert->source[cert->srcIdx], adv);
|
||||
idx += adv;
|
||||
}
|
||||
}
|
||||
|
||||
cert->srcIdx += adv;
|
||||
|
@ -4033,6 +4042,8 @@ static int GetName(DecodedCert* cert, int nameType)
|
|||
totalLen += dName->uidLen + 5;
|
||||
if (dName->serialLen != 0)
|
||||
totalLen += dName->serialLen + 14;
|
||||
if (dName->dcLen != 0)
|
||||
totalLen += dName->dcLen + 4;
|
||||
|
||||
dName->fullName = (char*)XMALLOC(totalLen + 1, cert->heap,
|
||||
DYNAMIC_TYPE_X509);
|
||||
|
@ -4111,6 +4122,15 @@ static int GetName(DecodedCert* cert, int nameType)
|
|||
dName->emailIdx = idx;
|
||||
idx += dName->emailLen;
|
||||
}
|
||||
if (dName->dcLen != 0) {
|
||||
dName->entryCount++;
|
||||
XMEMCPY(&dName->fullName[idx], "/DC=", 4);
|
||||
idx += 4;
|
||||
XMEMCPY(&dName->fullName[idx],
|
||||
&cert->source[dName->dcIdx], dName->dcLen);
|
||||
dName->dcIdx = idx;
|
||||
idx += dName->dcLen;
|
||||
}
|
||||
if (dName->uidLen != 0) {
|
||||
dName->entryCount++;
|
||||
XMEMCPY(&dName->fullName[idx], "/UID=", 5);
|
||||
|
|
|
@ -556,19 +556,7 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY;
|
|||
#define SSL_dup_CA_list wolfSSL_dup_CA_list
|
||||
|
||||
|
||||
#define NID_commonName 0x03 /* matchs ASN_COMMON_NAME in asn.h */
|
||||
#define NID_domainComponent 0x10
|
||||
/* matchs ASN_DOMAIN_COMPONENT in asn.h */
|
||||
|
||||
/* matchs ASN_..._NAME in asn.h */
|
||||
#define NID_commonName 0x03 /* CN */
|
||||
#define NID_surname 0x04, /* SN */
|
||||
#define NID_serialNumber 0x05, /* serialNumber */
|
||||
#define NID_countryName 0x06, /* C */
|
||||
#define NID_localityName 0x07, /* L */
|
||||
#define NID_stateOrProvinceName 0x08, /* ST */
|
||||
#define NID_organizationName 0x0a, /* O */
|
||||
#define NID_organizationalUnitName 0x0b, /* OU */
|
||||
|
||||
/* NIDs */
|
||||
enum {
|
||||
|
@ -779,6 +767,18 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING;
|
|||
#define NID_policy_constraints 150
|
||||
#define NID_inhibit_any_policy 168 /* 2.5.29.54 */
|
||||
#define NID_tlsfeature 92 /* id-pe 24 */
|
||||
#define NID_commonName 0x03 /* matchs ASN_COMMON_NAME in asn.h */
|
||||
#define NID_domainComponent 0x19
|
||||
/* matchs ASN_DOMAIN_COMPONENT in asn.h */
|
||||
|
||||
/* matchs ASN_..._NAME in asn.h */
|
||||
#define NID_surname 0x04, /* SN */
|
||||
#define NID_serialNumber 0x05, /* serialNumber */
|
||||
#define NID_countryName 0x06, /* C */
|
||||
#define NID_localityName 0x07, /* L */
|
||||
#define NID_stateOrProvinceName 0x08, /* ST */
|
||||
#define NID_organizationName 0x0a, /* O */
|
||||
#define NID_organizationalUnitName 0x0b, /* OU */
|
||||
|
||||
|
||||
#define SSL_CTX_set_msg_callback wolfSSL_CTX_set_msg_callback
|
||||
|
@ -786,24 +786,6 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING;
|
|||
#define SSL_CTX_set_msg_callback_arg wolfSSL_CTX_set_msg_callback_arg
|
||||
#define SSL_set_msg_callback_arg wolfSSL_set_msg_callback_arg
|
||||
|
||||
/* certificate extension NIDs */
|
||||
#define NID_basic_constraints 133
|
||||
#define NID_key_usage 129 /* 2.5.29.15 */
|
||||
#define NID_ext_key_usage 151 /* 2.5.29.37 */
|
||||
#define NID_subject_key_identifier 128
|
||||
#define NID_authority_key_identifier 149
|
||||
#define NID_private_key_usage_period 130 /* 2.5.29.16 */
|
||||
#define NID_subject_alt_name 131
|
||||
#define NID_issuer_alt_name 132
|
||||
#define NID_info_access 69
|
||||
#define NID_sinfo_access 79 /* id-pe 11 */
|
||||
#define NID_name_constraints 144 /* 2.5.29.30 */
|
||||
#define NID_certificate_policies 146
|
||||
#define NID_policy_mappings 147
|
||||
#define NID_policy_constraints 150
|
||||
#define NID_inhibit_any_policy 168 /* 2.5.29.54 */
|
||||
#define NID_tlsfeature 92 /* id-pe 24 */
|
||||
|
||||
|
||||
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \
|
||||
defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_EXTRA)
|
||||
|
|
|
@ -10,6 +10,10 @@
|
|||
#include <wolfssl/wolfcrypt/types.h>
|
||||
#include <wolfssl/wolfcrypt/error-crypt.h>
|
||||
#include <wolfssl/wolfcrypt/random.h>
|
||||
#include <wolfssl/wolfcrypt/mem_track.h>
|
||||
#if defined(OPENSSL_EXTRA) && defined(SHOW_CERTS)
|
||||
#include <wolfssl/openssl/ssl.h> /* for domain component NID value */
|
||||
#endif
|
||||
|
||||
#ifdef ATOMIC_USER
|
||||
#include <wolfssl/wolfcrypt/aes.h>
|
||||
|
@ -124,7 +128,6 @@
|
|||
#ifdef HAVE_CAVIUM
|
||||
#include <wolfssl/wolfcrypt/port/cavium/cavium_nitrox.h>
|
||||
#endif
|
||||
|
||||
#ifdef _MSC_VER
|
||||
/* disable conversion warning */
|
||||
/* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */
|
||||
|
@ -522,12 +525,25 @@ static INLINE void ShowX509(WOLFSSL_X509* x509, const char* hdr)
|
|||
#if defined(OPENSSL_EXTRA) && defined(SHOW_CERTS)
|
||||
{
|
||||
WOLFSSL_BIO* bio;
|
||||
char buf[256]; /* should be size of ASN_NAME_MAX */
|
||||
int textSz;
|
||||
|
||||
|
||||
/* print out domain component if certificate has it */
|
||||
textSz = wolfSSL_X509_NAME_get_text_by_NID(
|
||||
wolfSSL_X509_get_subject_name(x509), NID_domainComponent,
|
||||
buf, sizeof(buf));
|
||||
if (textSz > 0) {
|
||||
printf("Domain Component = %s\n", buf);
|
||||
}
|
||||
|
||||
bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file());
|
||||
if (bio != NULL) {
|
||||
wolfSSL_BIO_set_fp(bio, stdout, BIO_NOCLOSE);
|
||||
wolfSSL_X509_print(bio, x509);
|
||||
wolfSSL_BIO_free(bio);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
|
|
|
@ -104,8 +104,12 @@ enum DN_Tags {
|
|||
ASN_STATE_NAME = 0x08, /* ST */
|
||||
ASN_ORG_NAME = 0x0a, /* O */
|
||||
ASN_ORGUNIT_NAME = 0x0b, /* OU */
|
||||
ASN_DOMAIN_COMPONENT = 0x10, /* DC */
|
||||
ASN_EMAIL_NAME = 0x98 /* not oid number there is 97 in 2.5.4.0-97 */
|
||||
ASN_EMAIL_NAME = 0x98, /* not oid number there is 97 in 2.5.4.0-97 */
|
||||
|
||||
/* pilot attribute types
|
||||
* OID values of 0.9.2342.19200300.100.1.* */
|
||||
ASN_USER_ID = 0x01, /* UID */
|
||||
ASN_DOMAIN_COMPONENT = 0x19 /* DC */
|
||||
};
|
||||
|
||||
enum PBES {
|
||||
|
|
Loading…
Reference in New Issue