mirrors
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3122 from JacobBarthelmeh/Compatibility-Layer 

fix X509 multiple OU's and refactor
This commit is contained in:
toddouska 2020-07-15 15:06:22 -07:00 committed by GitHub
parent 925e9d9213 a8736dd89d
commit fbe0c8cba7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 714 additions and 1166 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
examples/server/server.c
View File

@ -1018,7 +1018,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
#if (defined(HAVE_ECC) && !defined(ALT_ECC_SIZE)) \
|| defined(SESSION_CERTS)
/* big enough to handle most cases including session certs */
byte memory[220000];
byte memory[239936];
#else
byte memory[80000];
#endif

68
src/internal.c
View File

@ -3322,51 +3322,44 @@ static enum wc_HashType HashAlgoToType(int hashAlgo)
#ifndef NO_CERTS
void InitX509Name(WOLFSSL_X509_NAME* name, int dynamicFlag)
void InitX509Name(WOLFSSL_X509_NAME* name, int dynamicFlag, void* heap)
{
(void)dynamicFlag;
(void)heap;
if (name != NULL) {
name->name = name->staticName;
name->dynamicName = 0;
name->sz = 0;
name->heap = heap;
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
XMEMSET(&name->fullName, 0, sizeof(DecodedName));
XMEMSET(&name->cnEntry, 0, sizeof(WOLFSSL_X509_NAME_ENTRY));
XMEMSET(&name->extra, 0, sizeof(name->extra));
name->cnEntry.value = &(name->cnEntry.data); /* point to internal data*/
name->cnEntry.nid = ASN_COMMON_NAME;
XMEMSET(&name->entry, 0, sizeof(name->entry));
name->x509 = NULL;
name->entrySz = 0;
#endif /* OPENSSL_EXTRA */
}
}
void FreeX509Name(WOLFSSL_X509_NAME* name, void* heap)
void FreeX509Name(WOLFSSL_X509_NAME* name)
{
if (name != NULL) {
if (name->dynamicName) {
XFREE(name->name, heap, DYNAMIC_TYPE_SUBJECT_CN);
XFREE(name->name, name->heap, DYNAMIC_TYPE_SUBJECT_CN);
name->name = NULL;
}
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
{
int i;
if (name->fullName.fullName != NULL) {
XFREE(name->fullName.fullName, heap, DYNAMIC_TYPE_X509);
name->fullName.fullName = NULL;
}
for (i = 0; i < MAX_NAME_ENTRIES; i++) {
/* free ASN1 string data */
if (name->extra[i].set && name->extra[i].data.data != NULL) {
XFREE(name->extra[i].data.data, heap, DYNAMIC_TYPE_OPENSSL);
if (name->entry[i].set) {
wolfSSL_ASN1_OBJECT_free(&name->entry[i].object);
wolfSSL_ASN1_STRING_free(name->entry[i].value);
}
}
wolfSSL_ASN1_OBJECT_free(&name->cnEntry.object);
}
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
}
(void)heap;
}
@ -3381,8 +3374,8 @@ void InitX509(WOLFSSL_X509* x509, int dynamicFlag, void* heap)
XMEMSET(x509, 0, sizeof(WOLFSSL_X509));
x509->heap = heap;
InitX509Name(&x509->issuer, 0);
InitX509Name(&x509->subject, 0);
InitX509Name(&x509->issuer, 0, heap);
InitX509Name(&x509->subject, 0, heap);
x509->dynamicMemory = (byte)dynamicFlag;
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
x509->refCount = 1;
@ -3397,8 +3390,8 @@ void FreeX509(WOLFSSL_X509* x509)
if (x509 == NULL)
return;
FreeX509Name(&x509->issuer, x509->heap);
FreeX509Name(&x509->subject, x509->heap);
FreeX509Name(&x509->issuer);
FreeX509Name(&x509->subject);
if (x509->pubKey.buffer) {
XFREE(x509->pubKey.buffer, x509->heap, DYNAMIC_TYPE_PUBLIC_KEY);
x509->pubKey.buffer = NULL;
@ -9513,39 +9506,33 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
dCert->subjectCNLen < 0)
return BAD_FUNC_ARG;
if (x509->issuer.name == NULL || x509->subject.name == NULL) {
WOLFSSL_MSG("Either init was not called on X509 or programming error");
return BAD_FUNC_ARG;
}
x509->version = dCert->version + 1;
XSTRNCPY(x509->issuer.name, dCert->issuer, ASN_NAME_MAX);
x509->issuer.name[ASN_NAME_MAX - 1] = '\0';
x509->issuer.sz = (int)XSTRLEN(x509->issuer.name) + 1;
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
if (dCert->issuerName.fullName != NULL) {
XMEMCPY(&x509->issuer.fullName,
&dCert->issuerName, sizeof(DecodedName));
x509->issuer.fullName.fullName = (char*)XMALLOC(
dCert->issuerName.fullNameLen, x509->heap,
DYNAMIC_TYPE_X509);
if (x509->issuer.fullName.fullName != NULL)
XMEMCPY(x509->issuer.fullName.fullName,
dCert->issuerName.fullName, dCert->issuerName.fullNameLen);
if (dCert->issuerName != NULL) {
wolfSSL_X509_set_issuer_name(x509,
(WOLFSSL_X509_NAME*)dCert->issuerName);
x509->issuer.x509 = x509;
}
x509->issuer.x509 = x509;
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
XSTRNCPY(x509->subject.name, dCert->subject, ASN_NAME_MAX);
x509->subject.name[ASN_NAME_MAX - 1] = '\0';
x509->subject.sz = (int)XSTRLEN(x509->subject.name) + 1;
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
if (dCert->subjectName.fullName != NULL) {
XMEMCPY(&x509->subject.fullName,
&dCert->subjectName, sizeof(DecodedName));
x509->subject.fullName.fullName = (char*)XMALLOC(
dCert->subjectName.fullNameLen, x509->heap, DYNAMIC_TYPE_X509);
if (x509->subject.fullName.fullName != NULL)
XMEMCPY(x509->subject.fullName.fullName,
dCert->subjectName.fullName, dCert->subjectName.fullNameLen);
if (dCert->subjectName != NULL) {
wolfSSL_X509_set_subject_name(x509,
(WOLFSSL_X509_NAME*)dCert->subjectName);
x509->subject.x509 = x509;
}
x509->subject.x509 = x509;
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX)
x509->subject.rawLen = min(dCert->subjectRawLen, sizeof(x509->subject.raw));
@ -11227,6 +11214,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
ssl->secure_renegotiation->enabled) {
/* free old peer cert */
FreeX509(&ssl->peerCert);
InitX509(&ssl->peerCert, 0, ssl->heap);
}
#endif

1299
src/ssl.c
View File

File diff suppressed because it is too large Load Diff

18
tests/api.c
View File

@ -25064,35 +25064,35 @@ static void test_wolfSSL_X509_NID(void)
/* extract subjectName info */
AssertNotNull(name = X509_get_subject_name(cert));
AssertIntEQ(X509_NAME_get_text_by_NID(name, -1, NULL, 0), -1);
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, ASN_COMMON_NAME,
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_commonName,
NULL, 0)), 0);
AssertIntEQ(nameSz, 15);
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, ASN_COMMON_NAME,
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_commonName,
commonName, sizeof(commonName))), 0);
AssertIntEQ(nameSz, 15);
AssertIntEQ(XMEMCMP(commonName, "www.wolfssl.com", nameSz), 0);
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, ASN_COMMON_NAME,
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_commonName,
commonName, 9)), 0);
AssertIntEQ(nameSz, 8);
AssertIntEQ(XMEMCMP(commonName, "www.wolf", nameSz), 0);
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, ASN_COUNTRY_NAME,
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_countryName,
countryName, sizeof(countryName))), 0);
AssertIntEQ(XMEMCMP(countryName, "US", nameSz), 0);
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, ASN_LOCALITY_NAME,
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_localityName,
localityName, sizeof(localityName))), 0);
AssertIntEQ(XMEMCMP(localityName, "Bozeman", nameSz), 0);
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, ASN_STATE_NAME,
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_stateOrProvinceName,
stateName, sizeof(stateName))), 0);
AssertIntEQ(XMEMCMP(stateName, "Montana", nameSz), 0);
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, ASN_ORG_NAME,
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_organizationName,
orgName, sizeof(orgName))), 0);
AssertIntEQ(XMEMCMP(orgName, "wolfSSL_2048", nameSz), 0);
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, ASN_ORGUNIT_NAME,
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_organizationalUnitName,
orgUnit, sizeof(orgUnit))), 0);
AssertIntEQ(XMEMCMP(orgUnit, "Programming-2048", nameSz), 0);
@ -26517,7 +26517,7 @@ static void test_wolfSSL_X509_sign(void)
/* Set X509_NAME fields */
AssertNotNull(name = X509_NAME_new());
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "country", MBSTRING_UTF8,
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
(byte*)"US", 2, -1, 0), SSL_SUCCESS);
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
(byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS);

391
wolfcrypt/src/asn.c
View File

@ -5043,11 +5043,12 @@ void FreeDecodedCert(DecodedCert* cert)
XFREE(cert->hwType, cert->heap, DYNAMIC_TYPE_X509_EXT);
XFREE(cert->hwSerialNum, cert->heap, DYNAMIC_TYPE_X509_EXT);
#endif /* WOLFSSL_SEP */
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
if (cert->issuerName.fullName != NULL)
XFREE(cert->issuerName.fullName, cert->heap, DYNAMIC_TYPE_X509);
if (cert->subjectName.fullName != NULL)
XFREE(cert->subjectName.fullName, cert->heap, DYNAMIC_TYPE_X509);
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
!defined(WOLFCRYPT_ONLY)
if (cert->issuerName != NULL)
wolfSSL_X509_NAME_free((WOLFSSL_X509_NAME*)cert->issuerName);
if (cert->subjectName != NULL)
wolfSSL_X509_NAME_free((WOLFSSL_X509_NAME*)cert->subjectName);
#endif /* OPENSSL_EXTRA */
#ifdef WOLFSSL_RENESAS_TSIP_TLS
if (cert->tsip_encRsaKeyIdx != NULL)
@ -5538,7 +5539,8 @@ int CalcHashId(const byte* data, word32 len, byte* hash)
return ret;
}
/* process NAME, either issuer or subject */
/* process NAME, either issuer or subject
* returns 0 on success and negative values on fail */
static int GetName(DecodedCert* cert, int nameType, int maxIdx)
{
int length; /* length of all distinguished names */
@ -5548,14 +5550,11 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
byte* hash;
word32 idx, localIdx = 0;
byte tag;
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
DecodedName* dName =
(nameType == ISSUER) ? &cert->issuerName : &cert->subjectName;
int dcnum = 0;
#ifdef OPENSSL_EXTRA
int count = 0;
#endif
#endif /* OPENSSL_EXTRA */
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
!defined(WOLFCRYPT_ONLY)
WOLFSSL_X509_NAME* dName;
int nid = NID_undef;
#endif /* OPENSSL_EXTRA */
WOLFSSL_MSG("Getting Cert Name");
@ -5612,6 +5611,13 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
cert->subjectRawLen = length - cert->srcIdx;
}
#endif
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
!defined(WOLFCRYPT_ONLY)
dName = wolfSSL_X509_NAME_new();
if (dName == NULL) {
return MEMORY_E;
}
#endif /* OPENSSL_EXTRA */
while (cert->srcIdx < (word32)length) {
byte b = 0;
@ -5627,16 +5633,31 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
WOLFSSL_MSG("Cert name lacks set header, trying sequence");
}
if (GetSequence(cert->source, &cert->srcIdx, &dummy, maxIdx) <= 0)
if (GetSequence(cert->source, &cert->srcIdx, &dummy, maxIdx) <= 0) {
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
!defined(WOLFCRYPT_ONLY)
wolfSSL_X509_NAME_free(dName);
#endif /* OPENSSL_EXTRA */
return ASN_PARSE_E;
}
ret = GetASNObjectId(cert->source, &cert->srcIdx, &oidSz, maxIdx);
if (ret != 0)
if (ret != 0) {
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
!defined(WOLFCRYPT_ONLY)
wolfSSL_X509_NAME_free(dName);
#endif /* OPENSSL_EXTRA */
return ret;
}
/* make sure there is room for joint */
if ((cert->srcIdx + sizeof(joint)) > (word32)maxIdx)
if ((cert->srcIdx + sizeof(joint)) > (word32)maxIdx) {
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
!defined(WOLFCRYPT_ONLY)
wolfSSL_X509_NAME_free(dName);
#endif /* OPENSSL_EXTRA */
return ASN_PARSE_E;
}
XMEMCPY(joint, &cert->source[cert->srcIdx], sizeof(joint));
@ -5646,6 +5667,10 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
id = joint[2];
if (GetHeader(cert->source, &b, &cert->srcIdx, &strLen,
maxIdx, 1) < 0) {
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
!defined(WOLFCRYPT_ONLY)
wolfSSL_X509_NAME_free(dName);
#endif /* OPENSSL_EXTRA */
return ASN_PARSE_E;
}
@ -5658,10 +5683,10 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
copy = WOLFSSL_COMMON_NAME;
copyLen = sizeof(WOLFSSL_COMMON_NAME) - 1;
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
dName->cnIdx = cert->srcIdx;
dName->cnLen = strLen;
#endif /* OPENSSL_EXTRA */
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) \
&& !defined(WOLFCRYPT_ONLY)
nid = NID_commonName;
#endif /* OPENSSL_EXTRA */
}
else if (id == ASN_SUR_NAME) {
copy = WOLFSSL_SUR_NAME;
@ -5673,9 +5698,10 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
cert->subjectSNEnc = b;
}
#endif /* WOLFSSL_CERT_GEN */
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
dName->snIdx = cert->srcIdx;
dName->snLen = strLen;
#if (defined(OPENSSL_EXTRA) || \
defined(OPENSSL_EXTRA_X509_SMALL)) \
&& !defined(WOLFCRYPT_ONLY)
nid = NID_surname;
#endif /* OPENSSL_EXTRA */
}
else if (id == ASN_COUNTRY_NAME) {
@ -5688,9 +5714,10 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
cert->subjectCEnc = b;
}
#endif /* WOLFSSL_CERT_GEN */
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
dName->cIdx = cert->srcIdx;
dName->cLen = strLen;
#if (defined(OPENSSL_EXTRA) || \
defined(OPENSSL_EXTRA_X509_SMALL)) \
&& !defined(WOLFCRYPT_ONLY)
nid = NID_countryName;
#endif /* OPENSSL_EXTRA */
}
else if (id == ASN_LOCALITY_NAME) {
@ -5703,9 +5730,10 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
cert->subjectLEnc = b;
}
#endif /* WOLFSSL_CERT_GEN */
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
dName->lIdx = cert->srcIdx;
dName->lLen = strLen;
#if (defined(OPENSSL_EXTRA) || \
defined(OPENSSL_EXTRA_X509_SMALL)) \
&& !defined(WOLFCRYPT_ONLY)
nid = NID_localityName;
#endif /* OPENSSL_EXTRA */
}
else if (id == ASN_STATE_NAME) {
@ -5718,9 +5746,10 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
cert->subjectSTEnc = b;
}
#endif /* WOLFSSL_CERT_GEN */
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
dName->stIdx = cert->srcIdx;
dName->stLen = strLen;
#if (defined(OPENSSL_EXTRA) || \
defined(OPENSSL_EXTRA_X509_SMALL)) \
&& !defined(WOLFCRYPT_ONLY)
nid = NID_stateOrProvinceName;
#endif /* OPENSSL_EXTRA */
}
else if (id == ASN_ORG_NAME) {
@ -5733,9 +5762,10 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
cert->subjectOEnc = b;
}
#endif /* WOLFSSL_CERT_GEN */
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
dName->oIdx = cert->srcIdx;
dName->oLen = strLen;
#if (defined(OPENSSL_EXTRA) || \
defined(OPENSSL_EXTRA_X509_SMALL)) \
&& !defined(WOLFCRYPT_ONLY)
nid = NID_organizationName;
#endif /* OPENSSL_EXTRA */
}
else if (id == ASN_ORGUNIT_NAME) {
@ -5748,9 +5778,10 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
cert->subjectOUEnc = b;
}
#endif /* WOLFSSL_CERT_GEN */
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
dName->ouIdx = cert->srcIdx;
dName->ouLen = strLen;
#if (defined(OPENSSL_EXTRA) || \
defined(OPENSSL_EXTRA_X509_SMALL)) \
&& !defined(WOLFCRYPT_ONLY)
nid = NID_organizationalUnitName;
#endif /* OPENSSL_EXTRA */
}
else if (id == ASN_SERIAL_NUMBER) {
@ -5763,9 +5794,10 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
cert->subjectSNDEnc = b;
}
#endif /* WOLFSSL_CERT_GEN */
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
dName->snIdx = cert->srcIdx;
dName->snLen = strLen;
#if (defined(OPENSSL_EXTRA) || \
defined(OPENSSL_EXTRA_X509_SMALL)) \
&& !defined(WOLFCRYPT_ONLY)
nid = NID_serialNumber;
#endif /* OPENSSL_EXTRA */
}
#ifdef WOLFSSL_CERT_EXT
@ -5779,9 +5811,9 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
cert->subjectBCEnc = b;
}
#endif /* WOLFSSL_CERT_GEN */
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
dName->bcIdx = cert->srcIdx;
dName->bcLen = strLen;
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) \
&& !defined(WOLFCRYPT_ONLY)
nid = NID_businessCategory;
#endif /* OPENSSL_EXTRA */
}
#endif /* WOLFSSL_CERT_EXT */
@ -5798,8 +5830,13 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
b = cert->source[cert->srcIdx++]; /* encoding */
if (GetLength(cert->source, &cert->srcIdx, &strLen,
maxIdx) < 0)
maxIdx) < 0) {
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
!defined(WOLFCRYPT_ONLY)
wolfSSL_X509_NAME_free(dName);
#endif /* OPENSSL_EXTRA */
return ASN_PARSE_E;
}
/* Check for jurisdiction of incorporation country name */
if (id == ASN_JOI_C) {
@ -5812,9 +5849,10 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
cert->subjectJCEnc = b;
}
#endif /* WOLFSSL_CERT_GEN */
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
dName->jcIdx = cert->srcIdx;
dName->jcLen = strLen;
#if (defined(OPENSSL_EXTRA) || \
defined(OPENSSL_EXTRA_X509_SMALL)) \
&& !defined(WOLFCRYPT_ONLY)
nid = NID_jurisdictionCountryName;
#endif /* OPENSSL_EXTRA */
}
@ -5829,9 +5867,10 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
cert->subjectJSEnc = b;
}
#endif /* WOLFSSL_CERT_GEN */
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
dName->jsIdx = cert->srcIdx;
dName->jsLen = strLen;
#if (defined(OPENSSL_EXTRA) || \
defined(OPENSSL_EXTRA_X509_SMALL)) \
&& !defined(WOLFCRYPT_ONLY)
nid = NID_jurisdictionStateOrProvinceName;
#endif /* OPENSSL_EXTRA */
}
@ -5859,8 +5898,13 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
cert->srcIdx += oidSz + 1;
if (GetLength(cert->source, &cert->srcIdx, &strLen, maxIdx) < 0)
if (GetLength(cert->source, &cert->srcIdx, &strLen, maxIdx) < 0) {
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
!defined(WOLFCRYPT_ONLY)
wolfSSL_X509_NAME_free(dName);
#endif /* OPENSSL_EXTRA */
return ASN_PARSE_E;
}
if (strLen > (int)(ASN_NAME_MAX - idx)) {
WOLFSSL_MSG("ASN name too big, skipping");
@ -5883,9 +5927,10 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
cert->subjectEmailLen = strLen;
}
#endif /* WOLFSSL_CERT_GEN */
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
dName->emailIdx = cert->srcIdx;
dName->emailLen = strLen;
#if (defined(OPENSSL_EXTRA) || \
defined(OPENSSL_EXTRA_X509_SMALL)) \
&& !defined(WOLFCRYPT_ONLY)
nid = NID_emailAddress;
#endif /* OPENSSL_EXTRA */
#ifndef IGNORE_NAME_CONSTRAINTS
{
@ -5895,6 +5940,11 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
cert->heap, DYNAMIC_TYPE_ALTNAME);
if (emailName == NULL) {
WOLFSSL_MSG("\tOut of Memory");
#if (defined(OPENSSL_EXTRA) || \
defined(OPENSSL_EXTRA_X509_SMALL)) && \
!defined(WOLFCRYPT_ONLY)
wolfSSL_X509_NAME_free(dName);
#endif /* OPENSSL_EXTRA */
return MEMORY_E;
}
emailName->type = 0;
@ -5903,6 +5953,11 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
if (emailName->name == NULL) {
WOLFSSL_MSG("\tOut of Memory");
XFREE(emailName, cert->heap, DYNAMIC_TYPE_ALTNAME);
#if (defined(OPENSSL_EXTRA) || \
defined(OPENSSL_EXTRA_X509_SMALL)) && \
!defined(WOLFCRYPT_ONLY)
wolfSSL_X509_NAME_free(dName);
#endif /* OPENSSL_EXTRA */
return MEMORY_E;
}
emailName->len = strLen;
@ -5921,27 +5976,30 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
case ASN_USER_ID:
copy = WOLFSSL_USER_ID;
copyLen = sizeof(WOLFSSL_USER_ID) - 1;
#if defined(OPENSSL_EXTRA) || \
defined(OPENSSL_EXTRA_X509_SMALL)
dName->uidIdx = cert->srcIdx;
dName->uidLen = strLen;
#if (defined(OPENSSL_EXTRA) || \
defined(OPENSSL_EXTRA_X509_SMALL)) \
&& !defined(WOLFCRYPT_ONLY)
nid = NID_userId;
#endif /* OPENSSL_EXTRA */
break;
case ASN_DOMAIN_COMPONENT:
copy = WOLFSSL_DOMAIN_COMPONENT;
copyLen = sizeof(WOLFSSL_DOMAIN_COMPONENT) - 1;
#if defined(OPENSSL_EXTRA) || \
defined(OPENSSL_EXTRA_X509_SMALL)
dName->dcIdx[dcnum] = cert->srcIdx;
dName->dcLen[dcnum] = strLen;
dName->dcNum = dcnum + 1;
dcnum++;
#if (defined(OPENSSL_EXTRA) || \
defined(OPENSSL_EXTRA_X509_SMALL)) \
&& !defined(WOLFCRYPT_ONLY)
nid = NID_domainComponent;
#endif /* OPENSSL_EXTRA */
break;
default:
WOLFSSL_MSG("Unknown pilot attribute type");
#if (defined(OPENSSL_EXTRA) || \
defined(OPENSSL_EXTRA_X509_SMALL)) && \
!defined(WOLFCRYPT_ONLY)
wolfSSL_X509_NAME_free(dName);
#endif /* OPENSSL_EXTRA */
return ASN_PARSE_E;
}
}
@ -5956,174 +6014,30 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
idx += copyLen;
XMEMCPY(&full[idx], &cert->source[cert->srcIdx], strLen);
idx += strLen;
#ifdef OPENSSL_EXTRA
if (count < DOMAIN_COMPONENT_MAX) {
/* store order that DN was parsed */
dName->loc[count++] = id;
}
#endif
}
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
!defined(WOLFCRYPT_ONLY)
if (wolfSSL_X509_NAME_add_entry_by_NID(dName, nid, MBSTRING_UTF8,
&cert->source[cert->srcIdx], strLen, -1, -1) !=
WOLFSSL_SUCCESS) {
wolfSSL_X509_NAME_free(dName);
return ASN_PARSE_E;
}
#endif /* OPENSSL_EXTRA */
cert->srcIdx += strLen;
}
full[idx++] = 0;
#if defined(OPENSSL_EXTRA)
/* store order that DN was parsed */
dName->locSz = count;
#endif
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
{
int totalLen = 0;
int i = 0;
if (dName->cnLen != 0)
totalLen += dName->cnLen + 4;
if (dName->snLen != 0)
totalLen += dName->snLen + 4;
if (dName->cLen != 0)
totalLen += dName->cLen + 3;
if (dName->lLen != 0)
totalLen += dName->lLen + 3;
if (dName->stLen != 0)
totalLen += dName->stLen + 4;
if (dName->oLen != 0)
totalLen += dName->oLen + 3;
if (dName->ouLen != 0)
totalLen += dName->ouLen + 4;
if (dName->emailLen != 0)
totalLen += dName->emailLen + 14;
if (dName->uidLen != 0)
totalLen += dName->uidLen + 5;
if (dName->serialLen != 0)
totalLen += dName->serialLen + 14;
if (dName->dcNum != 0){
for (i = 0;i < dName->dcNum;i++)
totalLen += dName->dcLen[i] + 4;
}
dName->fullName = (char*)XMALLOC(totalLen + 1, cert->heap,
DYNAMIC_TYPE_X509);
if (dName->fullName != NULL) {
idx = 0;
if (dName->cnLen != 0) {
dName->entryCount++;
XMEMCPY(&dName->fullName[idx], WOLFSSL_COMMON_NAME, 4);
dName->cnNid = wc_OBJ_sn2nid((const char *)WOLFSSL_COMMON_NAME);
idx += 4;
XMEMCPY(&dName->fullName[idx],
&cert->source[dName->cnIdx], dName->cnLen);
dName->cnIdx = idx;
idx += dName->cnLen;
}
if (dName->snLen != 0) {
dName->entryCount++;
XMEMCPY(&dName->fullName[idx], WOLFSSL_SUR_NAME, 4);
dName->snNid = wc_OBJ_sn2nid((const char *)WOLFSSL_SUR_NAME);
idx += 4;
XMEMCPY(&dName->fullName[idx],
&cert->source[dName->snIdx], dName->snLen);
dName->snIdx = idx;
idx += dName->snLen;
}
if (dName->cLen != 0) {
dName->entryCount++;
XMEMCPY(&dName->fullName[idx], WOLFSSL_COUNTRY_NAME, 3);
dName->cNid = wc_OBJ_sn2nid((const char *)WOLFSSL_COUNTRY_NAME);
idx += 3;
XMEMCPY(&dName->fullName[idx],
&cert->source[dName->cIdx], dName->cLen);
dName->cIdx = idx;
idx += dName->cLen;
}
if (dName->lLen != 0) {
dName->entryCount++;
XMEMCPY(&dName->fullName[idx], WOLFSSL_LOCALITY_NAME, 3);
dName->lNid = wc_OBJ_sn2nid((const char *)WOLFSSL_LOCALITY_NAME);
idx += 3;
XMEMCPY(&dName->fullName[idx],
&cert->source[dName->lIdx], dName->lLen);
dName->lIdx = idx;
idx += dName->lLen;
}
if (dName->stLen != 0) {
dName->entryCount++;
XMEMCPY(&dName->fullName[idx], WOLFSSL_STATE_NAME, 4);
dName->stNid = wc_OBJ_sn2nid((const char *)WOLFSSL_STATE_NAME);
idx += 4;
XMEMCPY(&dName->fullName[idx],
&cert->source[dName->stIdx], dName->stLen);
dName->stIdx = idx;
idx += dName->stLen;
}
if (dName->oLen != 0) {
dName->entryCount++;
XMEMCPY(&dName->fullName[idx], WOLFSSL_ORG_NAME, 3);
dName->oNid = wc_OBJ_sn2nid((const char *)WOLFSSL_ORG_NAME);
idx += 3;
XMEMCPY(&dName->fullName[idx],
&cert->source[dName->oIdx], dName->oLen);
dName->oIdx = idx;
idx += dName->oLen;
}
if (dName->ouLen != 0) {
dName->entryCount++;
XMEMCPY(&dName->fullName[idx], WOLFSSL_ORGUNIT_NAME, 4);
dName->ouNid = wc_OBJ_sn2nid((const char *)WOLFSSL_ORGUNIT_NAME);
idx += 4;
XMEMCPY(&dName->fullName[idx],
&cert->source[dName->ouIdx], dName->ouLen);
dName->ouIdx = idx;
idx += dName->ouLen;
}
if (dName->emailLen != 0) {
dName->entryCount++;
XMEMCPY(&dName->fullName[idx], "/emailAddress=", 14);
dName->emailNid = wc_OBJ_sn2nid((const char *)"/emailAddress=");
idx += 14;
XMEMCPY(&dName->fullName[idx],
&cert->source[dName->emailIdx], dName->emailLen);
dName->emailIdx = idx;
idx += dName->emailLen;
}
for (i = 0;i < dName->dcNum;i++){
if (dName->dcLen[i] != 0) {
dName->entryCount++;
XMEMCPY(&dName->fullName[idx], WOLFSSL_DOMAIN_COMPONENT, 4);
idx += 4;
XMEMCPY(&dName->fullName[idx],
&cert->source[dName->dcIdx[i]], dName->dcLen[i]);
dName->dcIdx[i] = idx;
idx += dName->dcLen[i];
}
}
if (dName->uidLen != 0) {
dName->entryCount++;
XMEMCPY(&dName->fullName[idx], "/UID=", 5);
dName->uidNid = wc_OBJ_sn2nid((const char *)"/UID=");
idx += 5;
XMEMCPY(&dName->fullName[idx],
&cert->source[dName->uidIdx], dName->uidLen);
dName->uidIdx = idx;
idx += dName->uidLen;
}
if (dName->serialLen != 0) {
dName->entryCount++;
XMEMCPY(&dName->fullName[idx], WOLFSSL_SERIAL_NUMBER, 14);
dName->serialNid = wc_OBJ_sn2nid((const char *)WOLFSSL_SERIAL_NUMBER);
idx += 14;
XMEMCPY(&dName->fullName[idx],
&cert->source[dName->serialIdx], dName->serialLen);
dName->serialIdx = idx;
idx += dName->serialLen;
}
dName->fullName[idx] = '\0';
dName->fullNameLen = totalLen;
}
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
!defined(WOLFCRYPT_ONLY)
if (nameType == ISSUER) {
cert->issuerName = dName;
}
#endif /* OPENSSL_EXTRA */
else {
cert->subjectName = dName;
}
#endif
return 0;
}
@ -8442,7 +8356,8 @@ static int DecodeNameConstraints(const byte* input, int sz, DecodedCert* cert)
}
#endif /* IGNORE_NAME_CONSTRAINTS */
#if (defined(WOLFSSL_CERT_EXT) && !defined(WOLFSSL_SEP)) || defined(OPENSSL_EXTRA)
#if (defined(WOLFSSL_CERT_EXT) && !defined(WOLFSSL_SEP)) || \
defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
/* Decode ITU-T X.690 OID format to a string representation
* return string length */
@ -12033,7 +11948,7 @@ typedef struct EncodedName {
/* Get Which Name from index */
static const char* GetOneName(CertName* name, int idx)
const char* GetOneCertName(CertName* name, int idx)
{
switch (idx) {
case 0:
@ -12122,7 +12037,7 @@ static char GetNameType(CertName* name, int idx)
/* Get ASN Name from index */
static byte GetNameId(int idx)
byte GetCertNameId(int idx)
{
switch (idx) {
case 0:
@ -12164,6 +12079,7 @@ static byte GetNameId(int idx)
}
}
/*
Extensions ::= SEQUENCE OF Extension
@ -12631,6 +12547,7 @@ static int wc_EncodeName(EncodedName* name, const char* nameStr, char nameType,
/* Restrict country code size */
if (ASN_COUNTRY_NAME == type && strLen != CTC_COUNTRY_SIZE) {
WOLFSSL_MSG("Country code size error");
return ASN_COUNTRY_SIZE_E;
}
@ -12757,15 +12674,16 @@ int SetName(byte* output, word32 outputSz, CertName* name)
for (i = 0; i < NAME_ENTRIES; i++) {
int ret;
const char* nameStr = GetOneName(name, i);
const char* nameStr = GetOneCertName(name, i);
ret = wc_EncodeName(&names[i], nameStr, GetNameType(name, i),
GetNameId(i));
GetCertNameId(i));
if (ret < 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return BUFFER_E;
WOLFSSL_MSG("EncodeName failed");
return BUFFER_E;
}
totalBytes += ret;
}
@ -12779,6 +12697,7 @@ int SetName(byte* output, word32 outputSz, CertName* name)
#ifdef WOLFSSL_SMALL_STACK
XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
WOLFSSL_MSG("EncodeName on multiple attributes failed\n");
return BUFFER_E;
}
totalBytes += ret;
@ -12796,12 +12715,13 @@ int SetName(byte* output, word32 outputSz, CertName* name)
#ifdef WOLFSSL_SMALL_STACK
XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
WOLFSSL_MSG("Total Bytes is greater than ASN_NAME_MAX");
return BUFFER_E;
}
for (i = 0; i < NAME_ENTRIES; i++) {
#ifdef WOLFSSL_MULTI_ATTRIB
type = GetNameId(i);
type = GetCertNameId(i);
/* list all DC values before OUs */
if (type == ASN_ORGUNIT_NAME) {
@ -12812,6 +12732,7 @@ int SetName(byte* output, word32 outputSz, CertName* name)
#ifdef WOLFSSL_SMALL_STACK
XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
WOLFSSL_MSG("Not enough space left for DC value");
return BUFFER_E;
}

10
wolfssl/internal.h
View File

@ -3595,15 +3595,15 @@ struct WOLFSSL_X509_NAME {
char staticName[ASN_NAME_MAX];
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
!defined(NO_ASN)
DecodedName fullName;
WOLFSSL_X509_NAME_ENTRY cnEntry;
WOLFSSL_X509_NAME_ENTRY extra[MAX_NAME_ENTRIES]; /* extra entries added */
int entrySz; /* number of entries */
WOLFSSL_X509_NAME_ENTRY entry[MAX_NAME_ENTRIES]; /* all entries i.e. CN */
WOLFSSL_X509* x509; /* x509 that struct belongs to */
#endif /* OPENSSL_EXTRA */
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX)
byte raw[ASN_NAME_MAX];
int rawLen;
#endif
void* heap;
};
#ifndef EXTERNAL_SERIAL_SIZE
@ -4535,8 +4535,8 @@ WOLFSSL_LOCAL int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength);
WOLFSSL_LOCAL word32 LowResTimer(void);
#ifndef NO_CERTS
WOLFSSL_LOCAL void InitX509Name(WOLFSSL_X509_NAME*, int);
WOLFSSL_LOCAL void FreeX509Name(WOLFSSL_X509_NAME* name, void* heap);
WOLFSSL_LOCAL void InitX509Name(WOLFSSL_X509_NAME*, int, void*);
WOLFSSL_LOCAL void FreeX509Name(WOLFSSL_X509_NAME* name);
WOLFSSL_LOCAL void InitX509(WOLFSSL_X509*, int, void* heap);
WOLFSSL_LOCAL void FreeX509(WOLFSSL_X509*);
WOLFSSL_LOCAL int CopyDecodedToX509(WOLFSSL_X509*, DecodedCert*);

18
wolfssl/ssl.h
View File

@ -3223,7 +3223,6 @@ WOLFSSL_API int wolfSSL_accept_ex(WOLFSSL*, HandShakeCallBack, TimeoutCallBack,
#include <wolfssl/openssl/asn1.h>
struct WOLFSSL_X509_NAME_ENTRY {
WOLFSSL_ASN1_OBJECT object; /* static object just for keeping grp, type */
WOLFSSL_ASN1_STRING data;
WOLFSSL_ASN1_STRING* value; /* points to data, for lighttpd port */
int nid; /* i.e. ASN_COMMON_NAME */
int set;
@ -3234,11 +3233,8 @@ WOLFSSL_API int wolfSSL_X509_NAME_get_index_by_OBJ(WOLFSSL_X509_NAME *name,
const WOLFSSL_ASN1_OBJECT *obj,
int idx);
#endif /* OPENSSL_ALL || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
enum {
WOLFSSL_SYS_ACCEPT = 0,
WOLFSSL_SYS_BIND,
@ -3308,9 +3304,10 @@ WOLFSSL_API int wolfSSL_X509_NAME_cmp(const WOLFSSL_X509_NAME* x,
WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_NAME_new(void);
WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509*);
WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_NAME_dup(WOLFSSL_X509_NAME*);
WOLFSSL_API int wolfSSL_X509_NAME_copy(WOLFSSL_X509_NAME*, WOLFSSL_X509_NAME*);
WOLFSSL_API int wolfSSL_check_private_key(const WOLFSSL* ssl);
#endif /* !NO_CERTS */
#endif /* OPENSSL_EXTRA || OPENSSL_ALL */
#endif /* OPENSSL_ALL || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
WOLFSSL_API void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509,
@ -3417,7 +3414,8 @@ WOLFSSL_API int wolfSSL_PEM_do_header(EncryptedInfo* cipher,
/*lighttp compatibility */
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || \
defined(OPENSSL_EXTRA_X509_SMALL)
struct WOLFSSL_ASN1_BIT_STRING {
int length;
int type;
@ -3428,7 +3426,8 @@ struct WOLFSSL_ASN1_BIT_STRING {
WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(WOLFSSL_X509_NAME *name, int loc);
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)|| \
defined(OPENSSL_EXTRA_X509_SMALL)
#if defined(OPENSSL_EXTRA) \
|| defined(OPENSSL_ALL) \
@ -3436,7 +3435,8 @@ WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(WOLFSSL_X509_NA
|| defined(WOLFSSL_MYSQL_COMPATIBLE) \
|| defined(HAVE_STUNNEL) \
|| defined(WOLFSSL_NGINX) \
|| defined(WOLFSSL_HAPROXY)
|| defined(WOLFSSL_HAPROXY) \
|| defined(OPENSSL_EXTRA_X509_SMALL)
WOLFSSL_API void wolfSSL_X509_NAME_ENTRY_free(WOLFSSL_X509_NAME_ENTRY* ne);
WOLFSSL_API WOLFSSL_X509_NAME_ENTRY* wolfSSL_X509_NAME_ENTRY_new(void);
WOLFSSL_API void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME* name);
@ -3831,7 +3831,7 @@ WOLFSSL_API void wolfSSL_get0_next_proto_negotiated(const WOLFSSL *s, const unsi
unsigned *len);
#ifdef OPENSSL_EXTRA
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
WOLFSSL_API const unsigned char *SSL_SESSION_get0_id_context(
const WOLFSSL_SESSION *sess, unsigned int *sid_ctx_length);

72
wolfssl/wolfcrypt/asn.h
View File

@ -233,6 +233,7 @@ enum
NID_jurisdictionStateOrProvinceName = 0xd,
NID_businessCategory = ASN_BUS_CAT,
NID_domainComponent = ASN_DOMAIN_COMPONENT,
NID_userId = 458,
NID_emailAddress = 0x30, /* emailAddress */
NID_id_on_dnsSRV = 82, /* 1.3.6.1.5.5.7.8.7 */
NID_ms_upn = 265, /* 1.3.6.1.4.1.311.20.2.3 */
@ -341,7 +342,8 @@ enum Misc_ASN {
#endif
/* Max total extensions, id + len + others */
#endif
#if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) || defined(HAVE_PKCS7)
#if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) || \
defined(HAVE_PKCS7) || defined(OPENSSL_EXTRA_X509_SMALL)
MAX_OID_SZ = 32, /* Max DER length of OID*/
MAX_OID_STRING_SZ = 64, /* Max string length representation of OID*/
#endif
@ -356,7 +358,7 @@ enum Misc_ASN {
MAX_CERTPOL_SZ = CTC_MAX_CERTPOL_SZ,
#endif
MAX_AIA_SZ = 2, /* Max Authority Info Access extension size*/
MAX_NAME_ENTRIES = 5, /* extra entries added to x509 name struct */
MAX_NAME_ENTRIES = 13, /* entries added to x509 name struct */
OCSP_NONCE_EXT_SZ = 35, /* OCSP Nonce Extension size */
MAX_OCSP_EXT_SZ = 58, /* Max OCSP Extension length */
MAX_OCSP_NONCE_SZ = 16, /* OCSP Nonce size */
@ -611,64 +613,6 @@ struct Base_entry {
byte type; /* Name base type (DNS or RFC822) */
};
#define DOMAIN_COMPONENT_MAX 10
#define DN_NAMES_MAX 9
struct DecodedName {
char* fullName;
int fullNameLen;
int entryCount;
int cnIdx;
int cnLen;
int cnNid;
int snIdx;
int snLen;
int snNid;
int cIdx;
int cLen;
int cNid;
int lIdx;
int lLen;
int lNid;
int stIdx;
int stLen;
int stNid;
int oIdx;
int oLen;
int oNid;
int ouIdx;
int ouLen;
#ifdef WOLFSSL_CERT_EXT
int bcIdx;
int bcLen;
int jcIdx;
int jcLen;
int jsIdx;
int jsLen;
#endif
int ouNid;
int emailIdx;
int emailLen;
int emailNid;
int uidIdx;
int uidLen;
int uidNid;
int serialIdx;
int serialLen;
int serialNid;
int dcIdx[DOMAIN_COMPONENT_MAX];
int dcLen[DOMAIN_COMPONENT_MAX];
int dcNum;
int dcMode;
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
/* hold the location / order with which each of the DN tags was found
*
* example of ASN_DOMAIN_COMPONENT at index 0 if first found and so on.
*/
int loc[DOMAIN_COMPONENT_MAX + DN_NAMES_MAX];
int locSz;
#endif
};
enum SignatureState {
SIG_STATE_BEGIN,
@ -786,7 +730,6 @@ struct CertSignCtx {
#endif
typedef struct DecodedCert DecodedCert;
typedef struct DecodedName DecodedName;
typedef struct Signer Signer;
#ifdef WOLFSSL_TRUST_PEER_CERT
typedef struct TrustedPeerCert TrustedPeerCert;
@ -913,8 +856,9 @@ struct DecodedCert {
int subjectEmailLen;
#endif /* WOLFSSL_CERT_GEN */
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
DecodedName issuerName;
DecodedName subjectName;
/* WOLFSSL_X509_NAME structures (used void* to avoid including ssl.h) */
void* issuerName;
void* subjectName;
#endif /* OPENSSL_EXTRA */
#ifdef WOLFSSL_SEP
int deviceTypeSz;
@ -1126,6 +1070,8 @@ WOLFSSL_LOCAL int wc_OBJ_sn2nid(const char *sn);
/* ASN.1 helper functions */
#ifdef WOLFSSL_CERT_GEN
WOLFSSL_ASN_API int SetName(byte* output, word32 outputSz, CertName* name);
WOLFSSL_LOCAL const char* GetOneCertName(CertName* name, int idx);
WOLFSSL_LOCAL byte GetCertNameId(int idx);
#endif
WOLFSSL_LOCAL int GetShortInt(const byte* input, word32* inOutIdx, int* number,
word32 maxIdx);

2
wolfssl/wolfcrypt/memory.h
View File

@ -111,7 +111,7 @@ WOLFSSL_API int wolfSSL_GetAllocators(wolfSSL_Malloc_cb*,
/* extra storage in structs for multiple attributes and order */
#ifndef LARGEST_MEM_BUCKET
#ifdef WOLFSSL_TLS13
#define LARGEST_MEM_BUCKET 25792
#define LARGEST_MEM_BUCKET 30400
#else
#define LARGEST_MEM_BUCKET 25600
#endif