mirror of https://github.com/wolfSSL/wolfssl
Merge pull request #3122 from JacobBarthelmeh/Compatibility-Layer
fix X509 multiple OU's and refactor
This commit is contained in:
commit
fbe0c8cba7
|
@ -1018,7 +1018,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
|
|||
#if (defined(HAVE_ECC) && !defined(ALT_ECC_SIZE)) \
|
||||
|| defined(SESSION_CERTS)
|
||||
/* big enough to handle most cases including session certs */
|
||||
byte memory[220000];
|
||||
byte memory[239936];
|
||||
#else
|
||||
byte memory[80000];
|
||||
#endif
|
||||
|
|
|
@ -3322,51 +3322,44 @@ static enum wc_HashType HashAlgoToType(int hashAlgo)
|
|||
|
||||
#ifndef NO_CERTS
|
||||
|
||||
void InitX509Name(WOLFSSL_X509_NAME* name, int dynamicFlag)
|
||||
void InitX509Name(WOLFSSL_X509_NAME* name, int dynamicFlag, void* heap)
|
||||
{
|
||||
(void)dynamicFlag;
|
||||
(void)heap;
|
||||
|
||||
if (name != NULL) {
|
||||
name->name = name->staticName;
|
||||
name->dynamicName = 0;
|
||||
name->sz = 0;
|
||||
name->heap = heap;
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
XMEMSET(&name->fullName, 0, sizeof(DecodedName));
|
||||
XMEMSET(&name->cnEntry, 0, sizeof(WOLFSSL_X509_NAME_ENTRY));
|
||||
XMEMSET(&name->extra, 0, sizeof(name->extra));
|
||||
name->cnEntry.value = &(name->cnEntry.data); /* point to internal data*/
|
||||
name->cnEntry.nid = ASN_COMMON_NAME;
|
||||
XMEMSET(&name->entry, 0, sizeof(name->entry));
|
||||
name->x509 = NULL;
|
||||
name->entrySz = 0;
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
void FreeX509Name(WOLFSSL_X509_NAME* name, void* heap)
|
||||
void FreeX509Name(WOLFSSL_X509_NAME* name)
|
||||
{
|
||||
if (name != NULL) {
|
||||
if (name->dynamicName) {
|
||||
XFREE(name->name, heap, DYNAMIC_TYPE_SUBJECT_CN);
|
||||
XFREE(name->name, name->heap, DYNAMIC_TYPE_SUBJECT_CN);
|
||||
name->name = NULL;
|
||||
}
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
{
|
||||
int i;
|
||||
if (name->fullName.fullName != NULL) {
|
||||
XFREE(name->fullName.fullName, heap, DYNAMIC_TYPE_X509);
|
||||
name->fullName.fullName = NULL;
|
||||
}
|
||||
for (i = 0; i < MAX_NAME_ENTRIES; i++) {
|
||||
/* free ASN1 string data */
|
||||
if (name->extra[i].set && name->extra[i].data.data != NULL) {
|
||||
XFREE(name->extra[i].data.data, heap, DYNAMIC_TYPE_OPENSSL);
|
||||
if (name->entry[i].set) {
|
||||
wolfSSL_ASN1_OBJECT_free(&name->entry[i].object);
|
||||
wolfSSL_ASN1_STRING_free(name->entry[i].value);
|
||||
}
|
||||
}
|
||||
wolfSSL_ASN1_OBJECT_free(&name->cnEntry.object);
|
||||
}
|
||||
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
|
||||
}
|
||||
(void)heap;
|
||||
}
|
||||
|
||||
|
||||
|
@ -3381,8 +3374,8 @@ void InitX509(WOLFSSL_X509* x509, int dynamicFlag, void* heap)
|
|||
XMEMSET(x509, 0, sizeof(WOLFSSL_X509));
|
||||
|
||||
x509->heap = heap;
|
||||
InitX509Name(&x509->issuer, 0);
|
||||
InitX509Name(&x509->subject, 0);
|
||||
InitX509Name(&x509->issuer, 0, heap);
|
||||
InitX509Name(&x509->subject, 0, heap);
|
||||
x509->dynamicMemory = (byte)dynamicFlag;
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
|
||||
x509->refCount = 1;
|
||||
|
@ -3397,8 +3390,8 @@ void FreeX509(WOLFSSL_X509* x509)
|
|||
if (x509 == NULL)
|
||||
return;
|
||||
|
||||
FreeX509Name(&x509->issuer, x509->heap);
|
||||
FreeX509Name(&x509->subject, x509->heap);
|
||||
FreeX509Name(&x509->issuer);
|
||||
FreeX509Name(&x509->subject);
|
||||
if (x509->pubKey.buffer) {
|
||||
XFREE(x509->pubKey.buffer, x509->heap, DYNAMIC_TYPE_PUBLIC_KEY);
|
||||
x509->pubKey.buffer = NULL;
|
||||
|
@ -9513,39 +9506,33 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
|
|||
dCert->subjectCNLen < 0)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
if (x509->issuer.name == NULL || x509->subject.name == NULL) {
|
||||
WOLFSSL_MSG("Either init was not called on X509 or programming error");
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
x509->version = dCert->version + 1;
|
||||
|
||||
XSTRNCPY(x509->issuer.name, dCert->issuer, ASN_NAME_MAX);
|
||||
x509->issuer.name[ASN_NAME_MAX - 1] = '\0';
|
||||
x509->issuer.sz = (int)XSTRLEN(x509->issuer.name) + 1;
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
if (dCert->issuerName.fullName != NULL) {
|
||||
XMEMCPY(&x509->issuer.fullName,
|
||||
&dCert->issuerName, sizeof(DecodedName));
|
||||
x509->issuer.fullName.fullName = (char*)XMALLOC(
|
||||
dCert->issuerName.fullNameLen, x509->heap,
|
||||
DYNAMIC_TYPE_X509);
|
||||
if (x509->issuer.fullName.fullName != NULL)
|
||||
XMEMCPY(x509->issuer.fullName.fullName,
|
||||
dCert->issuerName.fullName, dCert->issuerName.fullNameLen);
|
||||
if (dCert->issuerName != NULL) {
|
||||
wolfSSL_X509_set_issuer_name(x509,
|
||||
(WOLFSSL_X509_NAME*)dCert->issuerName);
|
||||
x509->issuer.x509 = x509;
|
||||
}
|
||||
x509->issuer.x509 = x509;
|
||||
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
|
||||
|
||||
XSTRNCPY(x509->subject.name, dCert->subject, ASN_NAME_MAX);
|
||||
x509->subject.name[ASN_NAME_MAX - 1] = '\0';
|
||||
x509->subject.sz = (int)XSTRLEN(x509->subject.name) + 1;
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
if (dCert->subjectName.fullName != NULL) {
|
||||
XMEMCPY(&x509->subject.fullName,
|
||||
&dCert->subjectName, sizeof(DecodedName));
|
||||
x509->subject.fullName.fullName = (char*)XMALLOC(
|
||||
dCert->subjectName.fullNameLen, x509->heap, DYNAMIC_TYPE_X509);
|
||||
if (x509->subject.fullName.fullName != NULL)
|
||||
XMEMCPY(x509->subject.fullName.fullName,
|
||||
dCert->subjectName.fullName, dCert->subjectName.fullNameLen);
|
||||
if (dCert->subjectName != NULL) {
|
||||
wolfSSL_X509_set_subject_name(x509,
|
||||
(WOLFSSL_X509_NAME*)dCert->subjectName);
|
||||
x509->subject.x509 = x509;
|
||||
}
|
||||
x509->subject.x509 = x509;
|
||||
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
|
||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX)
|
||||
x509->subject.rawLen = min(dCert->subjectRawLen, sizeof(x509->subject.raw));
|
||||
|
@ -11227,6 +11214,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
|
|||
ssl->secure_renegotiation->enabled) {
|
||||
/* free old peer cert */
|
||||
FreeX509(&ssl->peerCert);
|
||||
InitX509(&ssl->peerCert, 0, ssl->heap);
|
||||
}
|
||||
#endif
|
||||
|
||||
|
|
18
tests/api.c
18
tests/api.c
|
@ -25064,35 +25064,35 @@ static void test_wolfSSL_X509_NID(void)
|
|||
/* extract subjectName info */
|
||||
AssertNotNull(name = X509_get_subject_name(cert));
|
||||
AssertIntEQ(X509_NAME_get_text_by_NID(name, -1, NULL, 0), -1);
|
||||
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, ASN_COMMON_NAME,
|
||||
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_commonName,
|
||||
NULL, 0)), 0);
|
||||
AssertIntEQ(nameSz, 15);
|
||||
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, ASN_COMMON_NAME,
|
||||
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_commonName,
|
||||
commonName, sizeof(commonName))), 0);
|
||||
AssertIntEQ(nameSz, 15);
|
||||
AssertIntEQ(XMEMCMP(commonName, "www.wolfssl.com", nameSz), 0);
|
||||
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, ASN_COMMON_NAME,
|
||||
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_commonName,
|
||||
commonName, 9)), 0);
|
||||
AssertIntEQ(nameSz, 8);
|
||||
AssertIntEQ(XMEMCMP(commonName, "www.wolf", nameSz), 0);
|
||||
|
||||
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, ASN_COUNTRY_NAME,
|
||||
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_countryName,
|
||||
countryName, sizeof(countryName))), 0);
|
||||
AssertIntEQ(XMEMCMP(countryName, "US", nameSz), 0);
|
||||
|
||||
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, ASN_LOCALITY_NAME,
|
||||
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_localityName,
|
||||
localityName, sizeof(localityName))), 0);
|
||||
AssertIntEQ(XMEMCMP(localityName, "Bozeman", nameSz), 0);
|
||||
|
||||
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, ASN_STATE_NAME,
|
||||
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_stateOrProvinceName,
|
||||
stateName, sizeof(stateName))), 0);
|
||||
AssertIntEQ(XMEMCMP(stateName, "Montana", nameSz), 0);
|
||||
|
||||
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, ASN_ORG_NAME,
|
||||
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_organizationName,
|
||||
orgName, sizeof(orgName))), 0);
|
||||
AssertIntEQ(XMEMCMP(orgName, "wolfSSL_2048", nameSz), 0);
|
||||
|
||||
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, ASN_ORGUNIT_NAME,
|
||||
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_organizationalUnitName,
|
||||
orgUnit, sizeof(orgUnit))), 0);
|
||||
AssertIntEQ(XMEMCMP(orgUnit, "Programming-2048", nameSz), 0);
|
||||
|
||||
|
@ -26517,7 +26517,7 @@ static void test_wolfSSL_X509_sign(void)
|
|||
|
||||
/* Set X509_NAME fields */
|
||||
AssertNotNull(name = X509_NAME_new());
|
||||
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "country", MBSTRING_UTF8,
|
||||
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
|
||||
(byte*)"US", 2, -1, 0), SSL_SUCCESS);
|
||||
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
|
||||
(byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS);
|
||||
|
|
|
@ -5043,11 +5043,12 @@ void FreeDecodedCert(DecodedCert* cert)
|
|||
XFREE(cert->hwType, cert->heap, DYNAMIC_TYPE_X509_EXT);
|
||||
XFREE(cert->hwSerialNum, cert->heap, DYNAMIC_TYPE_X509_EXT);
|
||||
#endif /* WOLFSSL_SEP */
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
if (cert->issuerName.fullName != NULL)
|
||||
XFREE(cert->issuerName.fullName, cert->heap, DYNAMIC_TYPE_X509);
|
||||
if (cert->subjectName.fullName != NULL)
|
||||
XFREE(cert->subjectName.fullName, cert->heap, DYNAMIC_TYPE_X509);
|
||||
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
|
||||
!defined(WOLFCRYPT_ONLY)
|
||||
if (cert->issuerName != NULL)
|
||||
wolfSSL_X509_NAME_free((WOLFSSL_X509_NAME*)cert->issuerName);
|
||||
if (cert->subjectName != NULL)
|
||||
wolfSSL_X509_NAME_free((WOLFSSL_X509_NAME*)cert->subjectName);
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
#ifdef WOLFSSL_RENESAS_TSIP_TLS
|
||||
if (cert->tsip_encRsaKeyIdx != NULL)
|
||||
|
@ -5538,7 +5539,8 @@ int CalcHashId(const byte* data, word32 len, byte* hash)
|
|||
return ret;
|
||||
}
|
||||
|
||||
/* process NAME, either issuer or subject */
|
||||
/* process NAME, either issuer or subject
|
||||
* returns 0 on success and negative values on fail */
|
||||
static int GetName(DecodedCert* cert, int nameType, int maxIdx)
|
||||
{
|
||||
int length; /* length of all distinguished names */
|
||||
|
@ -5548,14 +5550,11 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
|
|||
byte* hash;
|
||||
word32 idx, localIdx = 0;
|
||||
byte tag;
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
DecodedName* dName =
|
||||
(nameType == ISSUER) ? &cert->issuerName : &cert->subjectName;
|
||||
int dcnum = 0;
|
||||
#ifdef OPENSSL_EXTRA
|
||||
int count = 0;
|
||||
#endif
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
|
||||
!defined(WOLFCRYPT_ONLY)
|
||||
WOLFSSL_X509_NAME* dName;
|
||||
int nid = NID_undef;
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
|
||||
WOLFSSL_MSG("Getting Cert Name");
|
||||
|
||||
|
@ -5612,6 +5611,13 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
|
|||
cert->subjectRawLen = length - cert->srcIdx;
|
||||
}
|
||||
#endif
|
||||
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
|
||||
!defined(WOLFCRYPT_ONLY)
|
||||
dName = wolfSSL_X509_NAME_new();
|
||||
if (dName == NULL) {
|
||||
return MEMORY_E;
|
||||
}
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
|
||||
while (cert->srcIdx < (word32)length) {
|
||||
byte b = 0;
|
||||
|
@ -5627,16 +5633,31 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
|
|||
WOLFSSL_MSG("Cert name lacks set header, trying sequence");
|
||||
}
|
||||
|
||||
if (GetSequence(cert->source, &cert->srcIdx, &dummy, maxIdx) <= 0)
|
||||
if (GetSequence(cert->source, &cert->srcIdx, &dummy, maxIdx) <= 0) {
|
||||
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
|
||||
!defined(WOLFCRYPT_ONLY)
|
||||
wolfSSL_X509_NAME_free(dName);
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
return ASN_PARSE_E;
|
||||
}
|
||||
|
||||
ret = GetASNObjectId(cert->source, &cert->srcIdx, &oidSz, maxIdx);
|
||||
if (ret != 0)
|
||||
if (ret != 0) {
|
||||
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
|
||||
!defined(WOLFCRYPT_ONLY)
|
||||
wolfSSL_X509_NAME_free(dName);
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
return ret;
|
||||
}
|
||||
|
||||
/* make sure there is room for joint */
|
||||
if ((cert->srcIdx + sizeof(joint)) > (word32)maxIdx)
|
||||
if ((cert->srcIdx + sizeof(joint)) > (word32)maxIdx) {
|
||||
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
|
||||
!defined(WOLFCRYPT_ONLY)
|
||||
wolfSSL_X509_NAME_free(dName);
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
return ASN_PARSE_E;
|
||||
}
|
||||
|
||||
XMEMCPY(joint, &cert->source[cert->srcIdx], sizeof(joint));
|
||||
|
||||
|
@ -5646,6 +5667,10 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
|
|||
id = joint[2];
|
||||
if (GetHeader(cert->source, &b, &cert->srcIdx, &strLen,
|
||||
maxIdx, 1) < 0) {
|
||||
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
|
||||
!defined(WOLFCRYPT_ONLY)
|
||||
wolfSSL_X509_NAME_free(dName);
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
return ASN_PARSE_E;
|
||||
}
|
||||
|
||||
|
@ -5658,10 +5683,10 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
|
|||
|
||||
copy = WOLFSSL_COMMON_NAME;
|
||||
copyLen = sizeof(WOLFSSL_COMMON_NAME) - 1;
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
dName->cnIdx = cert->srcIdx;
|
||||
dName->cnLen = strLen;
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) \
|
||||
&& !defined(WOLFCRYPT_ONLY)
|
||||
nid = NID_commonName;
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
}
|
||||
else if (id == ASN_SUR_NAME) {
|
||||
copy = WOLFSSL_SUR_NAME;
|
||||
|
@ -5673,9 +5698,10 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
|
|||
cert->subjectSNEnc = b;
|
||||
}
|
||||
#endif /* WOLFSSL_CERT_GEN */
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
dName->snIdx = cert->srcIdx;
|
||||
dName->snLen = strLen;
|
||||
#if (defined(OPENSSL_EXTRA) || \
|
||||
defined(OPENSSL_EXTRA_X509_SMALL)) \
|
||||
&& !defined(WOLFCRYPT_ONLY)
|
||||
nid = NID_surname;
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
}
|
||||
else if (id == ASN_COUNTRY_NAME) {
|
||||
|
@ -5688,9 +5714,10 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
|
|||
cert->subjectCEnc = b;
|
||||
}
|
||||
#endif /* WOLFSSL_CERT_GEN */
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
dName->cIdx = cert->srcIdx;
|
||||
dName->cLen = strLen;
|
||||
#if (defined(OPENSSL_EXTRA) || \
|
||||
defined(OPENSSL_EXTRA_X509_SMALL)) \
|
||||
&& !defined(WOLFCRYPT_ONLY)
|
||||
nid = NID_countryName;
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
}
|
||||
else if (id == ASN_LOCALITY_NAME) {
|
||||
|
@ -5703,9 +5730,10 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
|
|||
cert->subjectLEnc = b;
|
||||
}
|
||||
#endif /* WOLFSSL_CERT_GEN */
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
dName->lIdx = cert->srcIdx;
|
||||
dName->lLen = strLen;
|
||||
#if (defined(OPENSSL_EXTRA) || \
|
||||
defined(OPENSSL_EXTRA_X509_SMALL)) \
|
||||
&& !defined(WOLFCRYPT_ONLY)
|
||||
nid = NID_localityName;
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
}
|
||||
else if (id == ASN_STATE_NAME) {
|
||||
|
@ -5718,9 +5746,10 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
|
|||
cert->subjectSTEnc = b;
|
||||
}
|
||||
#endif /* WOLFSSL_CERT_GEN */
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
dName->stIdx = cert->srcIdx;
|
||||
dName->stLen = strLen;
|
||||
#if (defined(OPENSSL_EXTRA) || \
|
||||
defined(OPENSSL_EXTRA_X509_SMALL)) \
|
||||
&& !defined(WOLFCRYPT_ONLY)
|
||||
nid = NID_stateOrProvinceName;
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
}
|
||||
else if (id == ASN_ORG_NAME) {
|
||||
|
@ -5733,9 +5762,10 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
|
|||
cert->subjectOEnc = b;
|
||||
}
|
||||
#endif /* WOLFSSL_CERT_GEN */
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
dName->oIdx = cert->srcIdx;
|
||||
dName->oLen = strLen;
|
||||
#if (defined(OPENSSL_EXTRA) || \
|
||||
defined(OPENSSL_EXTRA_X509_SMALL)) \
|
||||
&& !defined(WOLFCRYPT_ONLY)
|
||||
nid = NID_organizationName;
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
}
|
||||
else if (id == ASN_ORGUNIT_NAME) {
|
||||
|
@ -5748,9 +5778,10 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
|
|||
cert->subjectOUEnc = b;
|
||||
}
|
||||
#endif /* WOLFSSL_CERT_GEN */
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
dName->ouIdx = cert->srcIdx;
|
||||
dName->ouLen = strLen;
|
||||
#if (defined(OPENSSL_EXTRA) || \
|
||||
defined(OPENSSL_EXTRA_X509_SMALL)) \
|
||||
&& !defined(WOLFCRYPT_ONLY)
|
||||
nid = NID_organizationalUnitName;
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
}
|
||||
else if (id == ASN_SERIAL_NUMBER) {
|
||||
|
@ -5763,9 +5794,10 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
|
|||
cert->subjectSNDEnc = b;
|
||||
}
|
||||
#endif /* WOLFSSL_CERT_GEN */
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
dName->snIdx = cert->srcIdx;
|
||||
dName->snLen = strLen;
|
||||
#if (defined(OPENSSL_EXTRA) || \
|
||||
defined(OPENSSL_EXTRA_X509_SMALL)) \
|
||||
&& !defined(WOLFCRYPT_ONLY)
|
||||
nid = NID_serialNumber;
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
}
|
||||
#ifdef WOLFSSL_CERT_EXT
|
||||
|
@ -5779,9 +5811,9 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
|
|||
cert->subjectBCEnc = b;
|
||||
}
|
||||
#endif /* WOLFSSL_CERT_GEN */
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
dName->bcIdx = cert->srcIdx;
|
||||
dName->bcLen = strLen;
|
||||
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) \
|
||||
&& !defined(WOLFCRYPT_ONLY)
|
||||
nid = NID_businessCategory;
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
}
|
||||
#endif /* WOLFSSL_CERT_EXT */
|
||||
|
@ -5798,8 +5830,13 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
|
|||
b = cert->source[cert->srcIdx++]; /* encoding */
|
||||
|
||||
if (GetLength(cert->source, &cert->srcIdx, &strLen,
|
||||
maxIdx) < 0)
|
||||
maxIdx) < 0) {
|
||||
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
|
||||
!defined(WOLFCRYPT_ONLY)
|
||||
wolfSSL_X509_NAME_free(dName);
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
return ASN_PARSE_E;
|
||||
}
|
||||
|
||||
/* Check for jurisdiction of incorporation country name */
|
||||
if (id == ASN_JOI_C) {
|
||||
|
@ -5812,9 +5849,10 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
|
|||
cert->subjectJCEnc = b;
|
||||
}
|
||||
#endif /* WOLFSSL_CERT_GEN */
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
dName->jcIdx = cert->srcIdx;
|
||||
dName->jcLen = strLen;
|
||||
#if (defined(OPENSSL_EXTRA) || \
|
||||
defined(OPENSSL_EXTRA_X509_SMALL)) \
|
||||
&& !defined(WOLFCRYPT_ONLY)
|
||||
nid = NID_jurisdictionCountryName;
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
}
|
||||
|
||||
|
@ -5829,9 +5867,10 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
|
|||
cert->subjectJSEnc = b;
|
||||
}
|
||||
#endif /* WOLFSSL_CERT_GEN */
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
dName->jsIdx = cert->srcIdx;
|
||||
dName->jsLen = strLen;
|
||||
#if (defined(OPENSSL_EXTRA) || \
|
||||
defined(OPENSSL_EXTRA_X509_SMALL)) \
|
||||
&& !defined(WOLFCRYPT_ONLY)
|
||||
nid = NID_jurisdictionStateOrProvinceName;
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
}
|
||||
|
||||
|
@ -5859,8 +5898,13 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
|
|||
|
||||
cert->srcIdx += oidSz + 1;
|
||||
|
||||
if (GetLength(cert->source, &cert->srcIdx, &strLen, maxIdx) < 0)
|
||||
if (GetLength(cert->source, &cert->srcIdx, &strLen, maxIdx) < 0) {
|
||||
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
|
||||
!defined(WOLFCRYPT_ONLY)
|
||||
wolfSSL_X509_NAME_free(dName);
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
return ASN_PARSE_E;
|
||||
}
|
||||
|
||||
if (strLen > (int)(ASN_NAME_MAX - idx)) {
|
||||
WOLFSSL_MSG("ASN name too big, skipping");
|
||||
|
@ -5883,9 +5927,10 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
|
|||
cert->subjectEmailLen = strLen;
|
||||
}
|
||||
#endif /* WOLFSSL_CERT_GEN */
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
dName->emailIdx = cert->srcIdx;
|
||||
dName->emailLen = strLen;
|
||||
#if (defined(OPENSSL_EXTRA) || \
|
||||
defined(OPENSSL_EXTRA_X509_SMALL)) \
|
||||
&& !defined(WOLFCRYPT_ONLY)
|
||||
nid = NID_emailAddress;
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
#ifndef IGNORE_NAME_CONSTRAINTS
|
||||
{
|
||||
|
@ -5895,6 +5940,11 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
|
|||
cert->heap, DYNAMIC_TYPE_ALTNAME);
|
||||
if (emailName == NULL) {
|
||||
WOLFSSL_MSG("\tOut of Memory");
|
||||
#if (defined(OPENSSL_EXTRA) || \
|
||||
defined(OPENSSL_EXTRA_X509_SMALL)) && \
|
||||
!defined(WOLFCRYPT_ONLY)
|
||||
wolfSSL_X509_NAME_free(dName);
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
return MEMORY_E;
|
||||
}
|
||||
emailName->type = 0;
|
||||
|
@ -5903,6 +5953,11 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
|
|||
if (emailName->name == NULL) {
|
||||
WOLFSSL_MSG("\tOut of Memory");
|
||||
XFREE(emailName, cert->heap, DYNAMIC_TYPE_ALTNAME);
|
||||
#if (defined(OPENSSL_EXTRA) || \
|
||||
defined(OPENSSL_EXTRA_X509_SMALL)) && \
|
||||
!defined(WOLFCRYPT_ONLY)
|
||||
wolfSSL_X509_NAME_free(dName);
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
return MEMORY_E;
|
||||
}
|
||||
emailName->len = strLen;
|
||||
|
@ -5921,27 +5976,30 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
|
|||
case ASN_USER_ID:
|
||||
copy = WOLFSSL_USER_ID;
|
||||
copyLen = sizeof(WOLFSSL_USER_ID) - 1;
|
||||
#if defined(OPENSSL_EXTRA) || \
|
||||
defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
dName->uidIdx = cert->srcIdx;
|
||||
dName->uidLen = strLen;
|
||||
#if (defined(OPENSSL_EXTRA) || \
|
||||
defined(OPENSSL_EXTRA_X509_SMALL)) \
|
||||
&& !defined(WOLFCRYPT_ONLY)
|
||||
nid = NID_userId;
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
break;
|
||||
|
||||
case ASN_DOMAIN_COMPONENT:
|
||||
copy = WOLFSSL_DOMAIN_COMPONENT;
|
||||
copyLen = sizeof(WOLFSSL_DOMAIN_COMPONENT) - 1;
|
||||
#if defined(OPENSSL_EXTRA) || \
|
||||
defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
dName->dcIdx[dcnum] = cert->srcIdx;
|
||||
dName->dcLen[dcnum] = strLen;
|
||||
dName->dcNum = dcnum + 1;
|
||||
dcnum++;
|
||||
#if (defined(OPENSSL_EXTRA) || \
|
||||
defined(OPENSSL_EXTRA_X509_SMALL)) \
|
||||
&& !defined(WOLFCRYPT_ONLY)
|
||||
nid = NID_domainComponent;
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
break;
|
||||
|
||||
default:
|
||||
WOLFSSL_MSG("Unknown pilot attribute type");
|
||||
#if (defined(OPENSSL_EXTRA) || \
|
||||
defined(OPENSSL_EXTRA_X509_SMALL)) && \
|
||||
!defined(WOLFCRYPT_ONLY)
|
||||
wolfSSL_X509_NAME_free(dName);
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
return ASN_PARSE_E;
|
||||
}
|
||||
}
|
||||
|
@ -5956,174 +6014,30 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
|
|||
idx += copyLen;
|
||||
XMEMCPY(&full[idx], &cert->source[cert->srcIdx], strLen);
|
||||
idx += strLen;
|
||||
|
||||
#ifdef OPENSSL_EXTRA
|
||||
if (count < DOMAIN_COMPONENT_MAX) {
|
||||
/* store order that DN was parsed */
|
||||
dName->loc[count++] = id;
|
||||
}
|
||||
#endif
|
||||
}
|
||||
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
|
||||
!defined(WOLFCRYPT_ONLY)
|
||||
if (wolfSSL_X509_NAME_add_entry_by_NID(dName, nid, MBSTRING_UTF8,
|
||||
&cert->source[cert->srcIdx], strLen, -1, -1) !=
|
||||
WOLFSSL_SUCCESS) {
|
||||
wolfSSL_X509_NAME_free(dName);
|
||||
return ASN_PARSE_E;
|
||||
}
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
cert->srcIdx += strLen;
|
||||
}
|
||||
full[idx++] = 0;
|
||||
#if defined(OPENSSL_EXTRA)
|
||||
/* store order that DN was parsed */
|
||||
dName->locSz = count;
|
||||
#endif
|
||||
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
{
|
||||
int totalLen = 0;
|
||||
int i = 0;
|
||||
|
||||
if (dName->cnLen != 0)
|
||||
totalLen += dName->cnLen + 4;
|
||||
if (dName->snLen != 0)
|
||||
totalLen += dName->snLen + 4;
|
||||
if (dName->cLen != 0)
|
||||
totalLen += dName->cLen + 3;
|
||||
if (dName->lLen != 0)
|
||||
totalLen += dName->lLen + 3;
|
||||
if (dName->stLen != 0)
|
||||
totalLen += dName->stLen + 4;
|
||||
if (dName->oLen != 0)
|
||||
totalLen += dName->oLen + 3;
|
||||
if (dName->ouLen != 0)
|
||||
totalLen += dName->ouLen + 4;
|
||||
if (dName->emailLen != 0)
|
||||
totalLen += dName->emailLen + 14;
|
||||
if (dName->uidLen != 0)
|
||||
totalLen += dName->uidLen + 5;
|
||||
if (dName->serialLen != 0)
|
||||
totalLen += dName->serialLen + 14;
|
||||
if (dName->dcNum != 0){
|
||||
for (i = 0;i < dName->dcNum;i++)
|
||||
totalLen += dName->dcLen[i] + 4;
|
||||
}
|
||||
|
||||
dName->fullName = (char*)XMALLOC(totalLen + 1, cert->heap,
|
||||
DYNAMIC_TYPE_X509);
|
||||
if (dName->fullName != NULL) {
|
||||
idx = 0;
|
||||
|
||||
if (dName->cnLen != 0) {
|
||||
dName->entryCount++;
|
||||
XMEMCPY(&dName->fullName[idx], WOLFSSL_COMMON_NAME, 4);
|
||||
dName->cnNid = wc_OBJ_sn2nid((const char *)WOLFSSL_COMMON_NAME);
|
||||
idx += 4;
|
||||
XMEMCPY(&dName->fullName[idx],
|
||||
&cert->source[dName->cnIdx], dName->cnLen);
|
||||
dName->cnIdx = idx;
|
||||
idx += dName->cnLen;
|
||||
}
|
||||
if (dName->snLen != 0) {
|
||||
dName->entryCount++;
|
||||
XMEMCPY(&dName->fullName[idx], WOLFSSL_SUR_NAME, 4);
|
||||
dName->snNid = wc_OBJ_sn2nid((const char *)WOLFSSL_SUR_NAME);
|
||||
idx += 4;
|
||||
XMEMCPY(&dName->fullName[idx],
|
||||
&cert->source[dName->snIdx], dName->snLen);
|
||||
dName->snIdx = idx;
|
||||
idx += dName->snLen;
|
||||
}
|
||||
if (dName->cLen != 0) {
|
||||
dName->entryCount++;
|
||||
XMEMCPY(&dName->fullName[idx], WOLFSSL_COUNTRY_NAME, 3);
|
||||
dName->cNid = wc_OBJ_sn2nid((const char *)WOLFSSL_COUNTRY_NAME);
|
||||
idx += 3;
|
||||
XMEMCPY(&dName->fullName[idx],
|
||||
&cert->source[dName->cIdx], dName->cLen);
|
||||
dName->cIdx = idx;
|
||||
idx += dName->cLen;
|
||||
}
|
||||
if (dName->lLen != 0) {
|
||||
dName->entryCount++;
|
||||
XMEMCPY(&dName->fullName[idx], WOLFSSL_LOCALITY_NAME, 3);
|
||||
dName->lNid = wc_OBJ_sn2nid((const char *)WOLFSSL_LOCALITY_NAME);
|
||||
idx += 3;
|
||||
XMEMCPY(&dName->fullName[idx],
|
||||
&cert->source[dName->lIdx], dName->lLen);
|
||||
dName->lIdx = idx;
|
||||
idx += dName->lLen;
|
||||
}
|
||||
if (dName->stLen != 0) {
|
||||
dName->entryCount++;
|
||||
XMEMCPY(&dName->fullName[idx], WOLFSSL_STATE_NAME, 4);
|
||||
dName->stNid = wc_OBJ_sn2nid((const char *)WOLFSSL_STATE_NAME);
|
||||
idx += 4;
|
||||
XMEMCPY(&dName->fullName[idx],
|
||||
&cert->source[dName->stIdx], dName->stLen);
|
||||
dName->stIdx = idx;
|
||||
idx += dName->stLen;
|
||||
}
|
||||
if (dName->oLen != 0) {
|
||||
dName->entryCount++;
|
||||
XMEMCPY(&dName->fullName[idx], WOLFSSL_ORG_NAME, 3);
|
||||
dName->oNid = wc_OBJ_sn2nid((const char *)WOLFSSL_ORG_NAME);
|
||||
idx += 3;
|
||||
XMEMCPY(&dName->fullName[idx],
|
||||
&cert->source[dName->oIdx], dName->oLen);
|
||||
dName->oIdx = idx;
|
||||
idx += dName->oLen;
|
||||
}
|
||||
if (dName->ouLen != 0) {
|
||||
dName->entryCount++;
|
||||
XMEMCPY(&dName->fullName[idx], WOLFSSL_ORGUNIT_NAME, 4);
|
||||
dName->ouNid = wc_OBJ_sn2nid((const char *)WOLFSSL_ORGUNIT_NAME);
|
||||
idx += 4;
|
||||
XMEMCPY(&dName->fullName[idx],
|
||||
&cert->source[dName->ouIdx], dName->ouLen);
|
||||
dName->ouIdx = idx;
|
||||
idx += dName->ouLen;
|
||||
}
|
||||
if (dName->emailLen != 0) {
|
||||
dName->entryCount++;
|
||||
XMEMCPY(&dName->fullName[idx], "/emailAddress=", 14);
|
||||
dName->emailNid = wc_OBJ_sn2nid((const char *)"/emailAddress=");
|
||||
idx += 14;
|
||||
XMEMCPY(&dName->fullName[idx],
|
||||
&cert->source[dName->emailIdx], dName->emailLen);
|
||||
dName->emailIdx = idx;
|
||||
idx += dName->emailLen;
|
||||
}
|
||||
for (i = 0;i < dName->dcNum;i++){
|
||||
if (dName->dcLen[i] != 0) {
|
||||
dName->entryCount++;
|
||||
XMEMCPY(&dName->fullName[idx], WOLFSSL_DOMAIN_COMPONENT, 4);
|
||||
idx += 4;
|
||||
XMEMCPY(&dName->fullName[idx],
|
||||
&cert->source[dName->dcIdx[i]], dName->dcLen[i]);
|
||||
dName->dcIdx[i] = idx;
|
||||
idx += dName->dcLen[i];
|
||||
}
|
||||
}
|
||||
if (dName->uidLen != 0) {
|
||||
dName->entryCount++;
|
||||
XMEMCPY(&dName->fullName[idx], "/UID=", 5);
|
||||
dName->uidNid = wc_OBJ_sn2nid((const char *)"/UID=");
|
||||
idx += 5;
|
||||
XMEMCPY(&dName->fullName[idx],
|
||||
&cert->source[dName->uidIdx], dName->uidLen);
|
||||
dName->uidIdx = idx;
|
||||
idx += dName->uidLen;
|
||||
}
|
||||
if (dName->serialLen != 0) {
|
||||
dName->entryCount++;
|
||||
XMEMCPY(&dName->fullName[idx], WOLFSSL_SERIAL_NUMBER, 14);
|
||||
dName->serialNid = wc_OBJ_sn2nid((const char *)WOLFSSL_SERIAL_NUMBER);
|
||||
idx += 14;
|
||||
XMEMCPY(&dName->fullName[idx],
|
||||
&cert->source[dName->serialIdx], dName->serialLen);
|
||||
dName->serialIdx = idx;
|
||||
idx += dName->serialLen;
|
||||
}
|
||||
dName->fullName[idx] = '\0';
|
||||
dName->fullNameLen = totalLen;
|
||||
}
|
||||
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
|
||||
!defined(WOLFCRYPT_ONLY)
|
||||
if (nameType == ISSUER) {
|
||||
cert->issuerName = dName;
|
||||
}
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
|
||||
else {
|
||||
cert->subjectName = dName;
|
||||
}
|
||||
#endif
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -8442,7 +8356,8 @@ static int DecodeNameConstraints(const byte* input, int sz, DecodedCert* cert)
|
|||
}
|
||||
#endif /* IGNORE_NAME_CONSTRAINTS */
|
||||
|
||||
#if (defined(WOLFSSL_CERT_EXT) && !defined(WOLFSSL_SEP)) || defined(OPENSSL_EXTRA)
|
||||
#if (defined(WOLFSSL_CERT_EXT) && !defined(WOLFSSL_SEP)) || \
|
||||
defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
|
||||
/* Decode ITU-T X.690 OID format to a string representation
|
||||
* return string length */
|
||||
|
@ -12033,7 +11948,7 @@ typedef struct EncodedName {
|
|||
|
||||
|
||||
/* Get Which Name from index */
|
||||
static const char* GetOneName(CertName* name, int idx)
|
||||
const char* GetOneCertName(CertName* name, int idx)
|
||||
{
|
||||
switch (idx) {
|
||||
case 0:
|
||||
|
@ -12122,7 +12037,7 @@ static char GetNameType(CertName* name, int idx)
|
|||
|
||||
|
||||
/* Get ASN Name from index */
|
||||
static byte GetNameId(int idx)
|
||||
byte GetCertNameId(int idx)
|
||||
{
|
||||
switch (idx) {
|
||||
case 0:
|
||||
|
@ -12164,6 +12079,7 @@ static byte GetNameId(int idx)
|
|||
}
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
Extensions ::= SEQUENCE OF Extension
|
||||
|
||||
|
@ -12631,6 +12547,7 @@ static int wc_EncodeName(EncodedName* name, const char* nameStr, char nameType,
|
|||
|
||||
/* Restrict country code size */
|
||||
if (ASN_COUNTRY_NAME == type && strLen != CTC_COUNTRY_SIZE) {
|
||||
WOLFSSL_MSG("Country code size error");
|
||||
return ASN_COUNTRY_SIZE_E;
|
||||
}
|
||||
|
||||
|
@ -12757,15 +12674,16 @@ int SetName(byte* output, word32 outputSz, CertName* name)
|
|||
|
||||
for (i = 0; i < NAME_ENTRIES; i++) {
|
||||
int ret;
|
||||
const char* nameStr = GetOneName(name, i);
|
||||
const char* nameStr = GetOneCertName(name, i);
|
||||
|
||||
ret = wc_EncodeName(&names[i], nameStr, GetNameType(name, i),
|
||||
GetNameId(i));
|
||||
GetCertNameId(i));
|
||||
if (ret < 0) {
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
#endif
|
||||
return BUFFER_E;
|
||||
WOLFSSL_MSG("EncodeName failed");
|
||||
return BUFFER_E;
|
||||
}
|
||||
totalBytes += ret;
|
||||
}
|
||||
|
@ -12779,6 +12697,7 @@ int SetName(byte* output, word32 outputSz, CertName* name)
|
|||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
#endif
|
||||
WOLFSSL_MSG("EncodeName on multiple attributes failed\n");
|
||||
return BUFFER_E;
|
||||
}
|
||||
totalBytes += ret;
|
||||
|
@ -12796,12 +12715,13 @@ int SetName(byte* output, word32 outputSz, CertName* name)
|
|||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
#endif
|
||||
WOLFSSL_MSG("Total Bytes is greater than ASN_NAME_MAX");
|
||||
return BUFFER_E;
|
||||
}
|
||||
|
||||
for (i = 0; i < NAME_ENTRIES; i++) {
|
||||
#ifdef WOLFSSL_MULTI_ATTRIB
|
||||
type = GetNameId(i);
|
||||
type = GetCertNameId(i);
|
||||
|
||||
/* list all DC values before OUs */
|
||||
if (type == ASN_ORGUNIT_NAME) {
|
||||
|
@ -12812,6 +12732,7 @@ int SetName(byte* output, word32 outputSz, CertName* name)
|
|||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
#endif
|
||||
WOLFSSL_MSG("Not enough space left for DC value");
|
||||
return BUFFER_E;
|
||||
}
|
||||
|
||||
|
|
|
@ -3595,15 +3595,15 @@ struct WOLFSSL_X509_NAME {
|
|||
char staticName[ASN_NAME_MAX];
|
||||
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
|
||||
!defined(NO_ASN)
|
||||
DecodedName fullName;
|
||||
WOLFSSL_X509_NAME_ENTRY cnEntry;
|
||||
WOLFSSL_X509_NAME_ENTRY extra[MAX_NAME_ENTRIES]; /* extra entries added */
|
||||
int entrySz; /* number of entries */
|
||||
WOLFSSL_X509_NAME_ENTRY entry[MAX_NAME_ENTRIES]; /* all entries i.e. CN */
|
||||
WOLFSSL_X509* x509; /* x509 that struct belongs to */
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX)
|
||||
byte raw[ASN_NAME_MAX];
|
||||
int rawLen;
|
||||
#endif
|
||||
void* heap;
|
||||
};
|
||||
|
||||
#ifndef EXTERNAL_SERIAL_SIZE
|
||||
|
@ -4535,8 +4535,8 @@ WOLFSSL_LOCAL int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength);
|
|||
WOLFSSL_LOCAL word32 LowResTimer(void);
|
||||
|
||||
#ifndef NO_CERTS
|
||||
WOLFSSL_LOCAL void InitX509Name(WOLFSSL_X509_NAME*, int);
|
||||
WOLFSSL_LOCAL void FreeX509Name(WOLFSSL_X509_NAME* name, void* heap);
|
||||
WOLFSSL_LOCAL void InitX509Name(WOLFSSL_X509_NAME*, int, void*);
|
||||
WOLFSSL_LOCAL void FreeX509Name(WOLFSSL_X509_NAME* name);
|
||||
WOLFSSL_LOCAL void InitX509(WOLFSSL_X509*, int, void* heap);
|
||||
WOLFSSL_LOCAL void FreeX509(WOLFSSL_X509*);
|
||||
WOLFSSL_LOCAL int CopyDecodedToX509(WOLFSSL_X509*, DecodedCert*);
|
||||
|
|
|
@ -3223,7 +3223,6 @@ WOLFSSL_API int wolfSSL_accept_ex(WOLFSSL*, HandShakeCallBack, TimeoutCallBack,
|
|||
#include <wolfssl/openssl/asn1.h>
|
||||
struct WOLFSSL_X509_NAME_ENTRY {
|
||||
WOLFSSL_ASN1_OBJECT object; /* static object just for keeping grp, type */
|
||||
WOLFSSL_ASN1_STRING data;
|
||||
WOLFSSL_ASN1_STRING* value; /* points to data, for lighttpd port */
|
||||
int nid; /* i.e. ASN_COMMON_NAME */
|
||||
int set;
|
||||
|
@ -3234,11 +3233,8 @@ WOLFSSL_API int wolfSSL_X509_NAME_get_index_by_OBJ(WOLFSSL_X509_NAME *name,
|
|||
const WOLFSSL_ASN1_OBJECT *obj,
|
||||
int idx);
|
||||
|
||||
#endif /* OPENSSL_ALL || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
|
||||
|
||||
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
|
||||
|
||||
enum {
|
||||
WOLFSSL_SYS_ACCEPT = 0,
|
||||
WOLFSSL_SYS_BIND,
|
||||
|
@ -3308,9 +3304,10 @@ WOLFSSL_API int wolfSSL_X509_NAME_cmp(const WOLFSSL_X509_NAME* x,
|
|||
WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_NAME_new(void);
|
||||
WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509*);
|
||||
WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_NAME_dup(WOLFSSL_X509_NAME*);
|
||||
WOLFSSL_API int wolfSSL_X509_NAME_copy(WOLFSSL_X509_NAME*, WOLFSSL_X509_NAME*);
|
||||
WOLFSSL_API int wolfSSL_check_private_key(const WOLFSSL* ssl);
|
||||
#endif /* !NO_CERTS */
|
||||
#endif /* OPENSSL_EXTRA || OPENSSL_ALL */
|
||||
#endif /* OPENSSL_ALL || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
|
||||
|
||||
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
|
||||
WOLFSSL_API void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509,
|
||||
|
@ -3417,7 +3414,8 @@ WOLFSSL_API int wolfSSL_PEM_do_header(EncryptedInfo* cipher,
|
|||
|
||||
/*lighttp compatibility */
|
||||
|
||||
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
|
||||
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || \
|
||||
defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
struct WOLFSSL_ASN1_BIT_STRING {
|
||||
int length;
|
||||
int type;
|
||||
|
@ -3428,7 +3426,8 @@ struct WOLFSSL_ASN1_BIT_STRING {
|
|||
WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(WOLFSSL_X509_NAME *name, int loc);
|
||||
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
|
||||
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)|| \
|
||||
defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
|
||||
#if defined(OPENSSL_EXTRA) \
|
||||
|| defined(OPENSSL_ALL) \
|
||||
|
@ -3436,7 +3435,8 @@ WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(WOLFSSL_X509_NA
|
|||
|| defined(WOLFSSL_MYSQL_COMPATIBLE) \
|
||||
|| defined(HAVE_STUNNEL) \
|
||||
|| defined(WOLFSSL_NGINX) \
|
||||
|| defined(WOLFSSL_HAPROXY)
|
||||
|| defined(WOLFSSL_HAPROXY) \
|
||||
|| defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
WOLFSSL_API void wolfSSL_X509_NAME_ENTRY_free(WOLFSSL_X509_NAME_ENTRY* ne);
|
||||
WOLFSSL_API WOLFSSL_X509_NAME_ENTRY* wolfSSL_X509_NAME_ENTRY_new(void);
|
||||
WOLFSSL_API void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME* name);
|
||||
|
@ -3831,7 +3831,7 @@ WOLFSSL_API void wolfSSL_get0_next_proto_negotiated(const WOLFSSL *s, const unsi
|
|||
unsigned *len);
|
||||
|
||||
|
||||
#ifdef OPENSSL_EXTRA
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
|
||||
WOLFSSL_API const unsigned char *SSL_SESSION_get0_id_context(
|
||||
const WOLFSSL_SESSION *sess, unsigned int *sid_ctx_length);
|
||||
|
|
|
@ -233,6 +233,7 @@ enum
|
|||
NID_jurisdictionStateOrProvinceName = 0xd,
|
||||
NID_businessCategory = ASN_BUS_CAT,
|
||||
NID_domainComponent = ASN_DOMAIN_COMPONENT,
|
||||
NID_userId = 458,
|
||||
NID_emailAddress = 0x30, /* emailAddress */
|
||||
NID_id_on_dnsSRV = 82, /* 1.3.6.1.5.5.7.8.7 */
|
||||
NID_ms_upn = 265, /* 1.3.6.1.4.1.311.20.2.3 */
|
||||
|
@ -341,7 +342,8 @@ enum Misc_ASN {
|
|||
#endif
|
||||
/* Max total extensions, id + len + others */
|
||||
#endif
|
||||
#if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) || defined(HAVE_PKCS7)
|
||||
#if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) || \
|
||||
defined(HAVE_PKCS7) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
MAX_OID_SZ = 32, /* Max DER length of OID*/
|
||||
MAX_OID_STRING_SZ = 64, /* Max string length representation of OID*/
|
||||
#endif
|
||||
|
@ -356,7 +358,7 @@ enum Misc_ASN {
|
|||
MAX_CERTPOL_SZ = CTC_MAX_CERTPOL_SZ,
|
||||
#endif
|
||||
MAX_AIA_SZ = 2, /* Max Authority Info Access extension size*/
|
||||
MAX_NAME_ENTRIES = 5, /* extra entries added to x509 name struct */
|
||||
MAX_NAME_ENTRIES = 13, /* entries added to x509 name struct */
|
||||
OCSP_NONCE_EXT_SZ = 35, /* OCSP Nonce Extension size */
|
||||
MAX_OCSP_EXT_SZ = 58, /* Max OCSP Extension length */
|
||||
MAX_OCSP_NONCE_SZ = 16, /* OCSP Nonce size */
|
||||
|
@ -611,64 +613,6 @@ struct Base_entry {
|
|||
byte type; /* Name base type (DNS or RFC822) */
|
||||
};
|
||||
|
||||
#define DOMAIN_COMPONENT_MAX 10
|
||||
#define DN_NAMES_MAX 9
|
||||
|
||||
struct DecodedName {
|
||||
char* fullName;
|
||||
int fullNameLen;
|
||||
int entryCount;
|
||||
int cnIdx;
|
||||
int cnLen;
|
||||
int cnNid;
|
||||
int snIdx;
|
||||
int snLen;
|
||||
int snNid;
|
||||
int cIdx;
|
||||
int cLen;
|
||||
int cNid;
|
||||
int lIdx;
|
||||
int lLen;
|
||||
int lNid;
|
||||
int stIdx;
|
||||
int stLen;
|
||||
int stNid;
|
||||
int oIdx;
|
||||
int oLen;
|
||||
int oNid;
|
||||
int ouIdx;
|
||||
int ouLen;
|
||||
#ifdef WOLFSSL_CERT_EXT
|
||||
int bcIdx;
|
||||
int bcLen;
|
||||
int jcIdx;
|
||||
int jcLen;
|
||||
int jsIdx;
|
||||
int jsLen;
|
||||
#endif
|
||||
int ouNid;
|
||||
int emailIdx;
|
||||
int emailLen;
|
||||
int emailNid;
|
||||
int uidIdx;
|
||||
int uidLen;
|
||||
int uidNid;
|
||||
int serialIdx;
|
||||
int serialLen;
|
||||
int serialNid;
|
||||
int dcIdx[DOMAIN_COMPONENT_MAX];
|
||||
int dcLen[DOMAIN_COMPONENT_MAX];
|
||||
int dcNum;
|
||||
int dcMode;
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
/* hold the location / order with which each of the DN tags was found
|
||||
*
|
||||
* example of ASN_DOMAIN_COMPONENT at index 0 if first found and so on.
|
||||
*/
|
||||
int loc[DOMAIN_COMPONENT_MAX + DN_NAMES_MAX];
|
||||
int locSz;
|
||||
#endif
|
||||
};
|
||||
|
||||
enum SignatureState {
|
||||
SIG_STATE_BEGIN,
|
||||
|
@ -786,7 +730,6 @@ struct CertSignCtx {
|
|||
#endif
|
||||
|
||||
typedef struct DecodedCert DecodedCert;
|
||||
typedef struct DecodedName DecodedName;
|
||||
typedef struct Signer Signer;
|
||||
#ifdef WOLFSSL_TRUST_PEER_CERT
|
||||
typedef struct TrustedPeerCert TrustedPeerCert;
|
||||
|
@ -913,8 +856,9 @@ struct DecodedCert {
|
|||
int subjectEmailLen;
|
||||
#endif /* WOLFSSL_CERT_GEN */
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
DecodedName issuerName;
|
||||
DecodedName subjectName;
|
||||
/* WOLFSSL_X509_NAME structures (used void* to avoid including ssl.h) */
|
||||
void* issuerName;
|
||||
void* subjectName;
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
#ifdef WOLFSSL_SEP
|
||||
int deviceTypeSz;
|
||||
|
@ -1126,6 +1070,8 @@ WOLFSSL_LOCAL int wc_OBJ_sn2nid(const char *sn);
|
|||
/* ASN.1 helper functions */
|
||||
#ifdef WOLFSSL_CERT_GEN
|
||||
WOLFSSL_ASN_API int SetName(byte* output, word32 outputSz, CertName* name);
|
||||
WOLFSSL_LOCAL const char* GetOneCertName(CertName* name, int idx);
|
||||
WOLFSSL_LOCAL byte GetCertNameId(int idx);
|
||||
#endif
|
||||
WOLFSSL_LOCAL int GetShortInt(const byte* input, word32* inOutIdx, int* number,
|
||||
word32 maxIdx);
|
||||
|
|
|
@ -111,7 +111,7 @@ WOLFSSL_API int wolfSSL_GetAllocators(wolfSSL_Malloc_cb*,
|
|||
/* extra storage in structs for multiple attributes and order */
|
||||
#ifndef LARGEST_MEM_BUCKET
|
||||
#ifdef WOLFSSL_TLS13
|
||||
#define LARGEST_MEM_BUCKET 25792
|
||||
#define LARGEST_MEM_BUCKET 30400
|
||||
#else
|
||||
#define LARGEST_MEM_BUCKET 25600
|
||||
#endif
|
||||
|
|
Loading…
Reference in New Issue