forked from wolfSSL/wolfssl
fix X509 multiple OU's and refactor
This commit is contained in:
Jacob Barthelmeh
@ -3331,12 +3331,9 @@ void InitX509Name(WOLFSSL_X509_NAME* name, int dynamicFlag)
|
||||
name->dynamicName = 0;
|
||||
name->sz = 0;
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
XMEMSET(&name->fullName, 0, sizeof(DecodedName));
|
||||
XMEMSET(&name->cnEntry, 0, sizeof(WOLFSSL_X509_NAME_ENTRY));
|
||||
XMEMSET(&name->extra, 0, sizeof(name->extra));
|
||||
name->cnEntry.value = &(name->cnEntry.data); /* point to internal data*/
|
||||
name->cnEntry.nid = ASN_COMMON_NAME;
|
||||
XMEMSET(&name->entry, 0, sizeof(name->entry));
|
||||
name->x509 = NULL;
|
||||
name->entrySz = 0;
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
}
|
||||
}
|
||||
@ -3352,17 +3349,13 @@ void FreeX509Name(WOLFSSL_X509_NAME* name, void* heap)
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
{
|
||||
int i;
|
||||
if (name->fullName.fullName != NULL) {
|
||||
XFREE(name->fullName.fullName, heap, DYNAMIC_TYPE_X509);
|
||||
name->fullName.fullName = NULL;
|
||||
}
|
||||
for (i = 0; i < MAX_NAME_ENTRIES; i++) {
|
||||
/* free ASN1 string data */
|
||||
if (name->extra[i].set && name->extra[i].data.data != NULL) {
|
||||
XFREE(name->extra[i].data.data, heap, DYNAMIC_TYPE_OPENSSL);
|
||||
if (name->entry[i].set && name->entry[i].data.data != NULL) {
|
||||
wolfSSL_ASN1_OBJECT_free(&name->entry[i].object);
|
||||
XFREE(name->entry[i].data.data, heap, DYNAMIC_TYPE_OPENSSL);
|
||||
}
|
||||
}
|
||||
wolfSSL_ASN1_OBJECT_free(&name->cnEntry.object);
|
||||
}
|
||||
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
|
||||
}
|
||||
@ -9519,33 +9512,20 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
|
||||
x509->issuer.name[ASN_NAME_MAX - 1] = '\0';
|
||||
x509->issuer.sz = (int)XSTRLEN(x509->issuer.name) + 1;
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
if (dCert->issuerName.fullName != NULL) {
|
||||
XMEMCPY(&x509->issuer.fullName,
|
||||
&dCert->issuerName, sizeof(DecodedName));
|
||||
x509->issuer.fullName.fullName = (char*)XMALLOC(
|
||||
dCert->issuerName.fullNameLen, x509->heap,
|
||||
DYNAMIC_TYPE_X509);
|
||||
if (x509->issuer.fullName.fullName != NULL)
|
||||
XMEMCPY(x509->issuer.fullName.fullName,
|
||||
dCert->issuerName.fullName, dCert->issuerName.fullNameLen);
|
||||
if (dCert->issuerName != NULL) {
|
||||
wolfSSL_X509_set_issuer_name(x509, dCert->issuerName);
|
||||
x509->issuer.x509 = x509;
|
||||
}
|
||||
x509->issuer.x509 = x509;
|
||||
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
|
||||
|
||||
XSTRNCPY(x509->subject.name, dCert->subject, ASN_NAME_MAX);
|
||||
x509->subject.name[ASN_NAME_MAX - 1] = '\0';
|
||||
x509->subject.sz = (int)XSTRLEN(x509->subject.name) + 1;
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
if (dCert->subjectName.fullName != NULL) {
|
||||
XMEMCPY(&x509->subject.fullName,
|
||||
&dCert->subjectName, sizeof(DecodedName));
|
||||
x509->subject.fullName.fullName = (char*)XMALLOC(
|
||||
dCert->subjectName.fullNameLen, x509->heap, DYNAMIC_TYPE_X509);
|
||||
if (x509->subject.fullName.fullName != NULL)
|
||||
XMEMCPY(x509->subject.fullName.fullName,
|
||||
dCert->subjectName.fullName, dCert->subjectName.fullNameLen);
|
||||
if (dCert->subjectName != NULL) {
|
||||
wolfSSL_X509_set_subject_name(x509, dCert->subjectName);
|
||||
x509->subject.x509 = x509;
|
||||
}
|
||||
x509->subject.x509 = x509;
|
||||
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
|
||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX)
|
||||
x509->subject.rawLen = min(dCert->subjectRawLen, sizeof(x509->subject.raw));
|
||||
|
||||
18
tests/api.c
18
tests/api.c
@ -24480,35 +24480,35 @@ static void test_wolfSSL_X509_NID(void)
|
||||
/* extract subjectName info */
|
||||
AssertNotNull(name = X509_get_subject_name(cert));
|
||||
AssertIntEQ(X509_NAME_get_text_by_NID(name, -1, NULL, 0), -1);
|
||||
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, ASN_COMMON_NAME,
|
||||
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_commonName,
|
||||
NULL, 0)), 0);
|
||||
AssertIntEQ(nameSz, 15);
|
||||
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, ASN_COMMON_NAME,
|
||||
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_commonName,
|
||||
commonName, sizeof(commonName))), 0);
|
||||
AssertIntEQ(nameSz, 15);
|
||||
AssertIntEQ(XMEMCMP(commonName, "www.wolfssl.com", nameSz), 0);
|
||||
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, ASN_COMMON_NAME,
|
||||
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_commonName,
|
||||
commonName, 9)), 0);
|
||||
AssertIntEQ(nameSz, 8);
|
||||
AssertIntEQ(XMEMCMP(commonName, "www.wolf", nameSz), 0);
|
||||
|
||||
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, ASN_COUNTRY_NAME,
|
||||
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_countryName,
|
||||
countryName, sizeof(countryName))), 0);
|
||||
AssertIntEQ(XMEMCMP(countryName, "US", nameSz), 0);
|
||||
|
||||
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, ASN_LOCALITY_NAME,
|
||||
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_localityName,
|
||||
localityName, sizeof(localityName))), 0);
|
||||
AssertIntEQ(XMEMCMP(localityName, "Bozeman", nameSz), 0);
|
||||
|
||||
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, ASN_STATE_NAME,
|
||||
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_stateOrProvinceName,
|
||||
stateName, sizeof(stateName))), 0);
|
||||
AssertIntEQ(XMEMCMP(stateName, "Montana", nameSz), 0);
|
||||
|
||||
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, ASN_ORG_NAME,
|
||||
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_organizationName,
|
||||
orgName, sizeof(orgName))), 0);
|
||||
AssertIntEQ(XMEMCMP(orgName, "wolfSSL_2048", nameSz), 0);
|
||||
|
||||
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, ASN_ORGUNIT_NAME,
|
||||
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_organizationalUnitName,
|
||||
orgUnit, sizeof(orgUnit))), 0);
|
||||
AssertIntEQ(XMEMCMP(orgUnit, "Programming-2048", nameSz), 0);
|
||||
|
||||
@ -25931,7 +25931,7 @@ static void test_wolfSSL_X509_sign(void)
|
||||
|
||||
/* Set X509_NAME fields */
|
||||
AssertNotNull(name = X509_NAME_new());
|
||||
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "country", MBSTRING_UTF8,
|
||||
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
|
||||
(byte*)"US", 2, -1, 0), SSL_SUCCESS);
|
||||
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
|
||||
(byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS);
|
||||
|
||||
@ -5044,10 +5044,10 @@ void FreeDecodedCert(DecodedCert* cert)
|
||||
XFREE(cert->hwSerialNum, cert->heap, DYNAMIC_TYPE_X509_EXT);
|
||||
#endif /* WOLFSSL_SEP */
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
if (cert->issuerName.fullName != NULL)
|
||||
XFREE(cert->issuerName.fullName, cert->heap, DYNAMIC_TYPE_X509);
|
||||
if (cert->subjectName.fullName != NULL)
|
||||
XFREE(cert->subjectName.fullName, cert->heap, DYNAMIC_TYPE_X509);
|
||||
if (cert->issuerName != NULL)
|
||||
wolfSSL_X509_NAME_free(cert->issuerName);
|
||||
if (cert->subjectName != NULL)
|
||||
wolfSSL_X509_NAME_free(cert->subjectName);
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
#ifdef WOLFSSL_RENESAS_TSIP_TLS
|
||||
if (cert->tsip_encRsaKeyIdx != NULL)
|
||||
@ -5538,7 +5538,8 @@ int CalcHashId(const byte* data, word32 len, byte* hash)
|
||||
return ret;
|
||||
}
|
||||
|
||||
/* process NAME, either issuer or subject */
|
||||
/* process NAME, either issuer or subject
|
||||
* returns 0 on success and negative values on fail */
|
||||
static int GetName(DecodedCert* cert, int nameType, int maxIdx)
|
||||
{
|
||||
int length; /* length of all distinguished names */
|
||||
@ -5548,14 +5549,10 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
|
||||
byte* hash;
|
||||
word32 idx, localIdx = 0;
|
||||
byte tag;
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
DecodedName* dName =
|
||||
(nameType == ISSUER) ? &cert->issuerName : &cert->subjectName;
|
||||
int dcnum = 0;
|
||||
#ifdef OPENSSL_EXTRA
|
||||
int count = 0;
|
||||
#endif
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
WOLFSSL_X509_NAME* dName;
|
||||
int nid;
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
|
||||
WOLFSSL_MSG("Getting Cert Name");
|
||||
|
||||
@ -5612,6 +5609,12 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
|
||||
cert->subjectRawLen = length - cert->srcIdx;
|
||||
}
|
||||
#endif
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
dName = wolfSSL_X509_NAME_new();
|
||||
if (dName == NULL) {
|
||||
return MEMORY_E;
|
||||
}
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
|
||||
while (cert->srcIdx < (word32)length) {
|
||||
byte b = 0;
|
||||
@ -5627,16 +5630,28 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
|
||||
WOLFSSL_MSG("Cert name lacks set header, trying sequence");
|
||||
}
|
||||
|
||||
if (GetSequence(cert->source, &cert->srcIdx, &dummy, maxIdx) <= 0)
|
||||
if (GetSequence(cert->source, &cert->srcIdx, &dummy, maxIdx) <= 0) {
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
wolfSSL_X509_NAME_free(dName);
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
return ASN_PARSE_E;
|
||||
}
|
||||
|
||||
ret = GetASNObjectId(cert->source, &cert->srcIdx, &oidSz, maxIdx);
|
||||
if (ret != 0)
|
||||
if (ret != 0) {
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
wolfSSL_X509_NAME_free(dName);
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
return ret;
|
||||
}
|
||||
|
||||
/* make sure there is room for joint */
|
||||
if ((cert->srcIdx + sizeof(joint)) > (word32)maxIdx)
|
||||
if ((cert->srcIdx + sizeof(joint)) > (word32)maxIdx) {
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
wolfSSL_X509_NAME_free(dName);
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
return ASN_PARSE_E;
|
||||
}
|
||||
|
||||
XMEMCPY(joint, &cert->source[cert->srcIdx], sizeof(joint));
|
||||
|
||||
@ -5646,6 +5661,9 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
|
||||
id = joint[2];
|
||||
if (GetHeader(cert->source, &b, &cert->srcIdx, &strLen,
|
||||
maxIdx, 1) < 0) {
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
wolfSSL_X509_NAME_free(dName);
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
return ASN_PARSE_E;
|
||||
}
|
||||
|
||||
@ -5658,10 +5676,9 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
|
||||
|
||||
copy = WOLFSSL_COMMON_NAME;
|
||||
copyLen = sizeof(WOLFSSL_COMMON_NAME) - 1;
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
dName->cnIdx = cert->srcIdx;
|
||||
dName->cnLen = strLen;
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
nid = NID_commonName;
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
}
|
||||
else if (id == ASN_SUR_NAME) {
|
||||
copy = WOLFSSL_SUR_NAME;
|
||||
@ -5674,8 +5691,7 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
|
||||
}
|
||||
#endif /* WOLFSSL_CERT_GEN */
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
dName->snIdx = cert->srcIdx;
|
||||
dName->snLen = strLen;
|
||||
nid = NID_surname;
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
}
|
||||
else if (id == ASN_COUNTRY_NAME) {
|
||||
@ -5689,8 +5705,7 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
|
||||
}
|
||||
#endif /* WOLFSSL_CERT_GEN */
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
dName->cIdx = cert->srcIdx;
|
||||
dName->cLen = strLen;
|
||||
nid = NID_countryName;
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
}
|
||||
else if (id == ASN_LOCALITY_NAME) {
|
||||
@ -5704,8 +5719,7 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
|
||||
}
|
||||
#endif /* WOLFSSL_CERT_GEN */
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
dName->lIdx = cert->srcIdx;
|
||||
dName->lLen = strLen;
|
||||
nid = NID_localityName;
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
}
|
||||
else if (id == ASN_STATE_NAME) {
|
||||
@ -5719,8 +5733,7 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
|
||||
}
|
||||
#endif /* WOLFSSL_CERT_GEN */
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
dName->stIdx = cert->srcIdx;
|
||||
dName->stLen = strLen;
|
||||
nid = NID_stateOrProvinceName;
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
}
|
||||
else if (id == ASN_ORG_NAME) {
|
||||
@ -5734,8 +5747,7 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
|
||||
}
|
||||
#endif /* WOLFSSL_CERT_GEN */
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
dName->oIdx = cert->srcIdx;
|
||||
dName->oLen = strLen;
|
||||
nid = NID_organizationName;
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
}
|
||||
else if (id == ASN_ORGUNIT_NAME) {
|
||||
@ -5749,8 +5761,7 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
|
||||
}
|
||||
#endif /* WOLFSSL_CERT_GEN */
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
dName->ouIdx = cert->srcIdx;
|
||||
dName->ouLen = strLen;
|
||||
nid = NID_organizationalUnitName;
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
}
|
||||
else if (id == ASN_SERIAL_NUMBER) {
|
||||
@ -5764,8 +5775,7 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
|
||||
}
|
||||
#endif /* WOLFSSL_CERT_GEN */
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
dName->snIdx = cert->srcIdx;
|
||||
dName->snLen = strLen;
|
||||
nid = NID_serialNumber;
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
}
|
||||
#ifdef WOLFSSL_CERT_EXT
|
||||
@ -5780,8 +5790,7 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
|
||||
}
|
||||
#endif /* WOLFSSL_CERT_GEN */
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
dName->bcIdx = cert->srcIdx;
|
||||
dName->bcLen = strLen;
|
||||
nid = NID_businessCategory;
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
}
|
||||
#endif /* WOLFSSL_CERT_EXT */
|
||||
@ -5798,8 +5807,12 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
|
||||
b = cert->source[cert->srcIdx++]; /* encoding */
|
||||
|
||||
if (GetLength(cert->source, &cert->srcIdx, &strLen,
|
||||
maxIdx) < 0)
|
||||
maxIdx) < 0) {
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
wolfSSL_X509_NAME_free(dName);
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
return ASN_PARSE_E;
|
||||
}
|
||||
|
||||
/* Check for jurisdiction of incorporation country name */
|
||||
if (id == ASN_JOI_C) {
|
||||
@ -5813,8 +5826,7 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
|
||||
}
|
||||
#endif /* WOLFSSL_CERT_GEN */
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
dName->jcIdx = cert->srcIdx;
|
||||
dName->jcLen = strLen;
|
||||
nid = NID_jurisdictionCountryName;
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
}
|
||||
|
||||
@ -5830,8 +5842,7 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
|
||||
}
|
||||
#endif /* WOLFSSL_CERT_GEN */
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
dName->jsIdx = cert->srcIdx;
|
||||
dName->jsLen = strLen;
|
||||
nid = NID_jurisdictionStateOrProvinceName;
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
}
|
||||
|
||||
@ -5859,8 +5870,12 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
|
||||
|
||||
cert->srcIdx += oidSz + 1;
|
||||
|
||||
if (GetLength(cert->source, &cert->srcIdx, &strLen, maxIdx) < 0)
|
||||
if (GetLength(cert->source, &cert->srcIdx, &strLen, maxIdx) < 0) {
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
wolfSSL_X509_NAME_free(dName);
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
return ASN_PARSE_E;
|
||||
}
|
||||
|
||||
if (strLen > (int)(ASN_NAME_MAX - idx)) {
|
||||
WOLFSSL_MSG("ASN name too big, skipping");
|
||||
@ -5884,8 +5899,7 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
|
||||
}
|
||||
#endif /* WOLFSSL_CERT_GEN */
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
dName->emailIdx = cert->srcIdx;
|
||||
dName->emailLen = strLen;
|
||||
nid = NID_emailAddress;
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
#ifndef IGNORE_NAME_CONSTRAINTS
|
||||
{
|
||||
@ -5895,6 +5909,10 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
|
||||
cert->heap, DYNAMIC_TYPE_ALTNAME);
|
||||
if (emailName == NULL) {
|
||||
WOLFSSL_MSG("\tOut of Memory");
|
||||
#if defined(OPENSSL_EXTRA) || \
|
||||
defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
wolfSSL_X509_NAME_free(dName);
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
return MEMORY_E;
|
||||
}
|
||||
emailName->type = 0;
|
||||
@ -5903,6 +5921,10 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
|
||||
if (emailName->name == NULL) {
|
||||
WOLFSSL_MSG("\tOut of Memory");
|
||||
XFREE(emailName, cert->heap, DYNAMIC_TYPE_ALTNAME);
|
||||
#if defined(OPENSSL_EXTRA) || \
|
||||
defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
wolfSSL_X509_NAME_free(dName);
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
return MEMORY_E;
|
||||
}
|
||||
emailName->len = strLen;
|
||||
@ -5923,8 +5945,7 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
|
||||
copyLen = sizeof(WOLFSSL_USER_ID) - 1;
|
||||
#if defined(OPENSSL_EXTRA) || \
|
||||
defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
dName->uidIdx = cert->srcIdx;
|
||||
dName->uidLen = strLen;
|
||||
nid = NID_userId;
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
break;
|
||||
|
||||
@ -5933,15 +5954,16 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
|
||||
copyLen = sizeof(WOLFSSL_DOMAIN_COMPONENT) - 1;
|
||||
#if defined(OPENSSL_EXTRA) || \
|
||||
defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
dName->dcIdx[dcnum] = cert->srcIdx;
|
||||
dName->dcLen[dcnum] = strLen;
|
||||
dName->dcNum = dcnum + 1;
|
||||
dcnum++;
|
||||
nid = NID_domainComponent;
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
break;
|
||||
|
||||
default:
|
||||
WOLFSSL_MSG("Unknown pilot attribute type");
|
||||
#if defined(OPENSSL_EXTRA) || \
|
||||
defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
wolfSSL_X509_NAME_free(dName);
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
return ASN_PARSE_E;
|
||||
}
|
||||
}
|
||||
@ -5956,174 +5978,28 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
|
||||
idx += copyLen;
|
||||
XMEMCPY(&full[idx], &cert->source[cert->srcIdx], strLen);
|
||||
idx += strLen;
|
||||
|
||||
#ifdef OPENSSL_EXTRA
|
||||
if (count < DOMAIN_COMPONENT_MAX) {
|
||||
/* store order that DN was parsed */
|
||||
dName->loc[count++] = id;
|
||||
}
|
||||
#endif
|
||||
}
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
if (wolfSSL_X509_NAME_add_entry_by_NID(dName, nid, MBSTRING_UTF8,
|
||||
&cert->source[cert->srcIdx], strLen, -1, -1) !=
|
||||
WOLFSSL_SUCCESS) {
|
||||
wolfSSL_X509_NAME_free(dName);
|
||||
return ASN_PARSE_E;
|
||||
}
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
cert->srcIdx += strLen;
|
||||
}
|
||||
full[idx++] = 0;
|
||||
#if defined(OPENSSL_EXTRA)
|
||||
/* store order that DN was parsed */
|
||||
dName->locSz = count;
|
||||
#endif
|
||||
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
{
|
||||
int totalLen = 0;
|
||||
int i = 0;
|
||||
|
||||
if (dName->cnLen != 0)
|
||||
totalLen += dName->cnLen + 4;
|
||||
if (dName->snLen != 0)
|
||||
totalLen += dName->snLen + 4;
|
||||
if (dName->cLen != 0)
|
||||
totalLen += dName->cLen + 3;
|
||||
if (dName->lLen != 0)
|
||||
totalLen += dName->lLen + 3;
|
||||
if (dName->stLen != 0)
|
||||
totalLen += dName->stLen + 4;
|
||||
if (dName->oLen != 0)
|
||||
totalLen += dName->oLen + 3;
|
||||
if (dName->ouLen != 0)
|
||||
totalLen += dName->ouLen + 4;
|
||||
if (dName->emailLen != 0)
|
||||
totalLen += dName->emailLen + 14;
|
||||
if (dName->uidLen != 0)
|
||||
totalLen += dName->uidLen + 5;
|
||||
if (dName->serialLen != 0)
|
||||
totalLen += dName->serialLen + 14;
|
||||
if (dName->dcNum != 0){
|
||||
for (i = 0;i < dName->dcNum;i++)
|
||||
totalLen += dName->dcLen[i] + 4;
|
||||
}
|
||||
|
||||
dName->fullName = (char*)XMALLOC(totalLen + 1, cert->heap,
|
||||
DYNAMIC_TYPE_X509);
|
||||
if (dName->fullName != NULL) {
|
||||
idx = 0;
|
||||
|
||||
if (dName->cnLen != 0) {
|
||||
dName->entryCount++;
|
||||
XMEMCPY(&dName->fullName[idx], WOLFSSL_COMMON_NAME, 4);
|
||||
dName->cnNid = wc_OBJ_sn2nid((const char *)WOLFSSL_COMMON_NAME);
|
||||
idx += 4;
|
||||
XMEMCPY(&dName->fullName[idx],
|
||||
&cert->source[dName->cnIdx], dName->cnLen);
|
||||
dName->cnIdx = idx;
|
||||
idx += dName->cnLen;
|
||||
}
|
||||
if (dName->snLen != 0) {
|
||||
dName->entryCount++;
|
||||
XMEMCPY(&dName->fullName[idx], WOLFSSL_SUR_NAME, 4);
|
||||
dName->snNid = wc_OBJ_sn2nid((const char *)WOLFSSL_SUR_NAME);
|
||||
idx += 4;
|
||||
XMEMCPY(&dName->fullName[idx],
|
||||
&cert->source[dName->snIdx], dName->snLen);
|
||||
dName->snIdx = idx;
|
||||
idx += dName->snLen;
|
||||
}
|
||||
if (dName->cLen != 0) {
|
||||
dName->entryCount++;
|
||||
XMEMCPY(&dName->fullName[idx], WOLFSSL_COUNTRY_NAME, 3);
|
||||
dName->cNid = wc_OBJ_sn2nid((const char *)WOLFSSL_COUNTRY_NAME);
|
||||
idx += 3;
|
||||
XMEMCPY(&dName->fullName[idx],
|
||||
&cert->source[dName->cIdx], dName->cLen);
|
||||
dName->cIdx = idx;
|
||||
idx += dName->cLen;
|
||||
}
|
||||
if (dName->lLen != 0) {
|
||||
dName->entryCount++;
|
||||
XMEMCPY(&dName->fullName[idx], WOLFSSL_LOCALITY_NAME, 3);
|
||||
dName->lNid = wc_OBJ_sn2nid((const char *)WOLFSSL_LOCALITY_NAME);
|
||||
idx += 3;
|
||||
XMEMCPY(&dName->fullName[idx],
|
||||
&cert->source[dName->lIdx], dName->lLen);
|
||||
dName->lIdx = idx;
|
||||
idx += dName->lLen;
|
||||
}
|
||||
if (dName->stLen != 0) {
|
||||
dName->entryCount++;
|
||||
XMEMCPY(&dName->fullName[idx], WOLFSSL_STATE_NAME, 4);
|
||||
dName->stNid = wc_OBJ_sn2nid((const char *)WOLFSSL_STATE_NAME);
|
||||
idx += 4;
|
||||
XMEMCPY(&dName->fullName[idx],
|
||||
&cert->source[dName->stIdx], dName->stLen);
|
||||
dName->stIdx = idx;
|
||||
idx += dName->stLen;
|
||||
}
|
||||
if (dName->oLen != 0) {
|
||||
dName->entryCount++;
|
||||
XMEMCPY(&dName->fullName[idx], WOLFSSL_ORG_NAME, 3);
|
||||
dName->oNid = wc_OBJ_sn2nid((const char *)WOLFSSL_ORG_NAME);
|
||||
idx += 3;
|
||||
XMEMCPY(&dName->fullName[idx],
|
||||
&cert->source[dName->oIdx], dName->oLen);
|
||||
dName->oIdx = idx;
|
||||
idx += dName->oLen;
|
||||
}
|
||||
if (dName->ouLen != 0) {
|
||||
dName->entryCount++;
|
||||
XMEMCPY(&dName->fullName[idx], WOLFSSL_ORGUNIT_NAME, 4);
|
||||
dName->ouNid = wc_OBJ_sn2nid((const char *)WOLFSSL_ORGUNIT_NAME);
|
||||
idx += 4;
|
||||
XMEMCPY(&dName->fullName[idx],
|
||||
&cert->source[dName->ouIdx], dName->ouLen);
|
||||
dName->ouIdx = idx;
|
||||
idx += dName->ouLen;
|
||||
}
|
||||
if (dName->emailLen != 0) {
|
||||
dName->entryCount++;
|
||||
XMEMCPY(&dName->fullName[idx], "/emailAddress=", 14);
|
||||
dName->emailNid = wc_OBJ_sn2nid((const char *)"/emailAddress=");
|
||||
idx += 14;
|
||||
XMEMCPY(&dName->fullName[idx],
|
||||
&cert->source[dName->emailIdx], dName->emailLen);
|
||||
dName->emailIdx = idx;
|
||||
idx += dName->emailLen;
|
||||
}
|
||||
for (i = 0;i < dName->dcNum;i++){
|
||||
if (dName->dcLen[i] != 0) {
|
||||
dName->entryCount++;
|
||||
XMEMCPY(&dName->fullName[idx], WOLFSSL_DOMAIN_COMPONENT, 4);
|
||||
idx += 4;
|
||||
XMEMCPY(&dName->fullName[idx],
|
||||
&cert->source[dName->dcIdx[i]], dName->dcLen[i]);
|
||||
dName->dcIdx[i] = idx;
|
||||
idx += dName->dcLen[i];
|
||||
}
|
||||
}
|
||||
if (dName->uidLen != 0) {
|
||||
dName->entryCount++;
|
||||
XMEMCPY(&dName->fullName[idx], "/UID=", 5);
|
||||
dName->uidNid = wc_OBJ_sn2nid((const char *)"/UID=");
|
||||
idx += 5;
|
||||
XMEMCPY(&dName->fullName[idx],
|
||||
&cert->source[dName->uidIdx], dName->uidLen);
|
||||
dName->uidIdx = idx;
|
||||
idx += dName->uidLen;
|
||||
}
|
||||
if (dName->serialLen != 0) {
|
||||
dName->entryCount++;
|
||||
XMEMCPY(&dName->fullName[idx], WOLFSSL_SERIAL_NUMBER, 14);
|
||||
dName->serialNid = wc_OBJ_sn2nid((const char *)WOLFSSL_SERIAL_NUMBER);
|
||||
idx += 14;
|
||||
XMEMCPY(&dName->fullName[idx],
|
||||
&cert->source[dName->serialIdx], dName->serialLen);
|
||||
dName->serialIdx = idx;
|
||||
idx += dName->serialLen;
|
||||
}
|
||||
dName->fullName[idx] = '\0';
|
||||
dName->fullNameLen = totalLen;
|
||||
}
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
if (nameType == ISSUER) {
|
||||
cert->issuerName = dName;
|
||||
}
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
|
||||
else {
|
||||
cert->subjectName = dName;
|
||||
}
|
||||
#endif
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -12033,7 +11909,7 @@ typedef struct EncodedName {
|
||||
|
||||
|
||||
/* Get Which Name from index */
|
||||
static const char* GetOneName(CertName* name, int idx)
|
||||
const char* GetOneCertName(CertName* name, int idx)
|
||||
{
|
||||
switch (idx) {
|
||||
case 0:
|
||||
@ -12122,7 +11998,7 @@ static char GetNameType(CertName* name, int idx)
|
||||
|
||||
|
||||
/* Get ASN Name from index */
|
||||
static byte GetNameId(int idx)
|
||||
byte GetCertNameId(int idx)
|
||||
{
|
||||
switch (idx) {
|
||||
case 0:
|
||||
@ -12164,6 +12040,7 @@ static byte GetNameId(int idx)
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
Extensions ::= SEQUENCE OF Extension
|
||||
|
||||
@ -12757,10 +12634,10 @@ int SetName(byte* output, word32 outputSz, CertName* name)
|
||||
|
||||
for (i = 0; i < NAME_ENTRIES; i++) {
|
||||
int ret;
|
||||
const char* nameStr = GetOneName(name, i);
|
||||
const char* nameStr = GetOneCertName(name, i);
|
||||
|
||||
ret = wc_EncodeName(&names[i], nameStr, GetNameType(name, i),
|
||||
GetNameId(i));
|
||||
GetCertNameId(i));
|
||||
if (ret < 0) {
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
@ -12801,7 +12678,7 @@ int SetName(byte* output, word32 outputSz, CertName* name)
|
||||
|
||||
for (i = 0; i < NAME_ENTRIES; i++) {
|
||||
#ifdef WOLFSSL_MULTI_ATTRIB
|
||||
type = GetNameId(i);
|
||||
type = GetCertNameId(i);
|
||||
|
||||
/* list all DC values before OUs */
|
||||
if (type == ASN_ORGUNIT_NAME) {
|
||||
|
||||
@ -3593,9 +3593,8 @@ struct WOLFSSL_X509_NAME {
|
||||
char staticName[ASN_NAME_MAX];
|
||||
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
|
||||
!defined(NO_ASN)
|
||||
DecodedName fullName;
|
||||
WOLFSSL_X509_NAME_ENTRY cnEntry;
|
||||
WOLFSSL_X509_NAME_ENTRY extra[MAX_NAME_ENTRIES]; /* extra entries added */
|
||||
int entrySz; /* number of entries */
|
||||
WOLFSSL_X509_NAME_ENTRY entry[MAX_NAME_ENTRIES]; /* all entries i.e. CN */
|
||||
WOLFSSL_X509* x509; /* x509 that struct belongs to */
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX)
|
||||
|
||||
@ -233,6 +233,7 @@ enum
|
||||
NID_jurisdictionStateOrProvinceName = 0xd,
|
||||
NID_businessCategory = ASN_BUS_CAT,
|
||||
NID_domainComponent = ASN_DOMAIN_COMPONENT,
|
||||
NID_userId = 458,
|
||||
NID_emailAddress = 0x30, /* emailAddress */
|
||||
NID_id_on_dnsSRV = 82, /* 1.3.6.1.5.5.7.8.7 */
|
||||
NID_ms_upn = 265, /* 1.3.6.1.4.1.311.20.2.3 */
|
||||
@ -356,7 +357,7 @@ enum Misc_ASN {
|
||||
MAX_CERTPOL_SZ = CTC_MAX_CERTPOL_SZ,
|
||||
#endif
|
||||
MAX_AIA_SZ = 2, /* Max Authority Info Access extension size*/
|
||||
MAX_NAME_ENTRIES = 5, /* extra entries added to x509 name struct */
|
||||
MAX_NAME_ENTRIES = 13, /* entries added to x509 name struct */
|
||||
OCSP_NONCE_EXT_SZ = 35, /* OCSP Nonce Extension size */
|
||||
MAX_OCSP_EXT_SZ = 58, /* Max OCSP Extension length */
|
||||
MAX_OCSP_NONCE_SZ = 16, /* OCSP Nonce size */
|
||||
@ -611,64 +612,6 @@ struct Base_entry {
|
||||
byte type; /* Name base type (DNS or RFC822) */
|
||||
};
|
||||
|
||||
#define DOMAIN_COMPONENT_MAX 10
|
||||
#define DN_NAMES_MAX 9
|
||||
|
||||
struct DecodedName {
|
||||
char* fullName;
|
||||
int fullNameLen;
|
||||
int entryCount;
|
||||
int cnIdx;
|
||||
int cnLen;
|
||||
int cnNid;
|
||||
int snIdx;
|
||||
int snLen;
|
||||
int snNid;
|
||||
int cIdx;
|
||||
int cLen;
|
||||
int cNid;
|
||||
int lIdx;
|
||||
int lLen;
|
||||
int lNid;
|
||||
int stIdx;
|
||||
int stLen;
|
||||
int stNid;
|
||||
int oIdx;
|
||||
int oLen;
|
||||
int oNid;
|
||||
int ouIdx;
|
||||
int ouLen;
|
||||
#ifdef WOLFSSL_CERT_EXT
|
||||
int bcIdx;
|
||||
int bcLen;
|
||||
int jcIdx;
|
||||
int jcLen;
|
||||
int jsIdx;
|
||||
int jsLen;
|
||||
#endif
|
||||
int ouNid;
|
||||
int emailIdx;
|
||||
int emailLen;
|
||||
int emailNid;
|
||||
int uidIdx;
|
||||
int uidLen;
|
||||
int uidNid;
|
||||
int serialIdx;
|
||||
int serialLen;
|
||||
int serialNid;
|
||||
int dcIdx[DOMAIN_COMPONENT_MAX];
|
||||
int dcLen[DOMAIN_COMPONENT_MAX];
|
||||
int dcNum;
|
||||
int dcMode;
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
/* hold the location / order with which each of the DN tags was found
|
||||
*
|
||||
* example of ASN_DOMAIN_COMPONENT at index 0 if first found and so on.
|
||||
*/
|
||||
int loc[DOMAIN_COMPONENT_MAX + DN_NAMES_MAX];
|
||||
int locSz;
|
||||
#endif
|
||||
};
|
||||
|
||||
enum SignatureState {
|
||||
SIG_STATE_BEGIN,
|
||||
@ -786,7 +729,6 @@ struct CertSignCtx {
|
||||
#endif
|
||||
|
||||
typedef struct DecodedCert DecodedCert;
|
||||
typedef struct DecodedName DecodedName;
|
||||
typedef struct Signer Signer;
|
||||
#ifdef WOLFSSL_TRUST_PEER_CERT
|
||||
typedef struct TrustedPeerCert TrustedPeerCert;
|
||||
@ -913,8 +855,9 @@ struct DecodedCert {
|
||||
int subjectEmailLen;
|
||||
#endif /* WOLFSSL_CERT_GEN */
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
DecodedName issuerName;
|
||||
DecodedName subjectName;
|
||||
/* WOLFSSL_X509_NAME structures (used void* to avoid including ssl.h) */
|
||||
void* issuerName;
|
||||
void* subjectName;
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
#ifdef WOLFSSL_SEP
|
||||
int deviceTypeSz;
|
||||
@ -1126,6 +1069,8 @@ WOLFSSL_LOCAL int wc_OBJ_sn2nid(const char *sn);
|
||||
/* ASN.1 helper functions */
|
||||
#ifdef WOLFSSL_CERT_GEN
|
||||
WOLFSSL_ASN_API int SetName(byte* output, word32 outputSz, CertName* name);
|
||||
WOLFSSL_LOCAL const char* GetOneCertName(CertName* name, int idx);
|
||||
WOLFSSL_LOCAL byte GetCertNameId(int idx);
|
||||
#endif
|
||||
WOLFSSL_LOCAL int GetShortInt(const byte* input, word32* inOutIdx, int* number,
|
||||
word32 maxIdx);
|
||||
|
||||
Reference in New Issue
Block a user