feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Added NID_pkcs9_contentType and ub_ to compatibility layer (#4408)

Browse Source 
* Added `NID_pkcs9_contentType` and `ub_` values.  ZD 11742

* Improve the API unit test. Also only include when `WOLFSSL_CERT_REQ` defined.
This commit is contained in:
David Garske
2021-09-26 15:21:53 -07:00
committed by GitHub
parent 9e4ab9b638
commit 3bdce348e9
7 changed files with 80 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/internal.c
View File

@ -10178,7 +10178,13 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
ret = MEMORY_E; ret = MEMORY_E;
} }
} }
#endif if (dCert->contentType) {
if (dCert->contentTypeLen < CTC_NAME_SIZE) {
XMEMCPY(x509->contentType, dCert->contentType, dCert->contentTypeLen);
x509->contentType[dCert->contentTypeLen] = '\0';
}
}
#endif /* WOLFSSL_CERT_REQ */
#ifdef WOLFSSL_SEP #ifdef WOLFSSL_SEP
{ {

5
src/ssl.c
View File

@ -30696,9 +30696,12 @@ const WOLFSSL_ObjectInfo wolfssl_object_info[] = {
"jurisdictionCountryName"}, "jurisdictionCountryName"},
{ NID_jurisdictionStateOrProvinceName, NID_jurisdictionStateOrProvinceName, { NID_jurisdictionStateOrProvinceName, NID_jurisdictionStateOrProvinceName,
oidCertNameType, "jurisdictionST", "jurisdictionStateOrProvinceName"}, oidCertNameType, "jurisdictionST", "jurisdictionStateOrProvinceName"},
#ifdef WOLFSSL_CERT_REQ #ifdef WOLFSSL_CERT_REQ
{ NID_pkcs9_challengePassword, CHALLENGE_PASSWORD_OID, { NID_pkcs9_challengePassword, CHALLENGE_PASSWORD_OID,
oidCsrAttrType, "challengePassword", "challengePassword"}, oidCsrAttrType, "challengePassword", "challengePassword"},
{ NID_pkcs9_contentType, PKCS9_CONTENT_TYPE_OID,
oidCsrAttrType, "contentType", "contentType" },
#endif #endif
#endif #endif
#ifdef OPENSSL_EXTRA /* OPENSSL_EXTRA_X509_SMALL only needs the above */ #ifdef OPENSSL_EXTRA /* OPENSSL_EXTRA_X509_SMALL only needs the above */
@ -50490,6 +50493,8 @@ int oid2nid(word32 oid, int grp)
#ifdef WOLFSSL_CERT_REQ #ifdef WOLFSSL_CERT_REQ
case oidCsrAttrType: case oidCsrAttrType:
switch (oid) { switch (oid) {
case PKCS9_CONTENT_TYPE_OID:
return NID_pkcs9_contentType;
case CHALLENGE_PASSWORD_OID: case CHALLENGE_PASSWORD_OID:
return NID_pkcs9_challengePassword; return NID_pkcs9_challengePassword;
case SERIAL_NUMBER_OID: case SERIAL_NUMBER_OID:

18
tests/api.c
View File

@ -36171,7 +36171,6 @@ static void test_wolfSSL_X509_NAME_ENTRY(void)
X509_NAME_ENTRY* entry; X509_NAME_ENTRY* entry;
unsigned char cn[] = "another name to add"; unsigned char cn[] = "another name to add";
printf(testingFmt, "wolfSSL_X509_NAME_ENTRY()"); printf(testingFmt, "wolfSSL_X509_NAME_ENTRY()");
AssertNotNull(x509 = AssertNotNull(x509 =
@ -36214,6 +36213,21 @@ static void test_wolfSSL_X509_NAME_ENTRY(void)
#endif #endif
X509_NAME_ENTRY_free(entry); X509_NAME_ENTRY_free(entry);
#ifdef WOLFSSL_CERT_REQ
{
unsigned char srv_pkcs9p[] = "Server";
char* subject;
AssertIntEQ(X509_NAME_add_entry_by_NID(nm, NID_pkcs9_contentType,
MBSTRING_ASC, srv_pkcs9p, -1, -1, 0), SSL_SUCCESS);
subject = X509_NAME_oneline(nm, 0, 0);
#ifdef DEBUG_WOLFSSL
printf("\n\t%s\n", subject);
#endif
XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL);
}
#endif
/* Test add entry by text */ /* Test add entry by text */
AssertNotNull(entry = X509_NAME_ENTRY_create_by_txt(NULL, "commonName", AssertNotNull(entry = X509_NAME_ENTRY_create_by_txt(NULL, "commonName",
0x0c, cn, (int)sizeof(cn))); 0x0c, cn, (int)sizeof(cn)));
@ -36227,7 +36241,7 @@ static void test_wolfSSL_X509_NAME_ENTRY(void)
/* Test add entry by NID */ /* Test add entry by NID */
AssertIntEQ(X509_NAME_add_entry_by_NID(nm, NID_commonName, MBSTRING_UTF8, AssertIntEQ(X509_NAME_add_entry_by_NID(nm, NID_commonName, MBSTRING_UTF8,
cn, -1, -1, 0), WOLFSSL_SUCCESS); cn, -1, -1, 0), SSL_SUCCESS);
#ifndef NO_BIO #ifndef NO_BIO
BIO_free(bio); BIO_free(bio);

34
wolfcrypt/src/asn.c
View File

@ -3950,6 +3950,7 @@ static const byte extExtKeyUsageOcspSignOid[] = {43, 6, 1, 5, 5, 7, 3, 9};
#ifdef WOLFSSL_CERT_REQ #ifdef WOLFSSL_CERT_REQ
/* csrAttrType */ /* csrAttrType */
static const byte attrUnstructuredNameOid[] = {42, 134, 72, 134, 247, 13, 1, 9, 2}; static const byte attrUnstructuredNameOid[] = {42, 134, 72, 134, 247, 13, 1, 9, 2};
static const byte attrPkcs9ContentTypeOid[] = {42, 134, 72, 134, 247, 13, 1, 9, 3};
static const byte attrChallengePasswordOid[] = {42, 134, 72, 134, 247, 13, 1, 9, 7}; static const byte attrChallengePasswordOid[] = {42, 134, 72, 134, 247, 13, 1, 9, 7};
static const byte attrExtensionRequestOid[] = {42, 134, 72, 134, 247, 13, 1, 9, 14}; static const byte attrExtensionRequestOid[] = {42, 134, 72, 134, 247, 13, 1, 9, 14};
static const byte attrSerialNumberOid[] = {85, 4, 5}; static const byte attrSerialNumberOid[] = {85, 4, 5};
@ -4740,6 +4741,10 @@ const byte* OidFromId(word32 id, word32 type, word32* oidSz)
oid = attrUnstructuredNameOid; oid = attrUnstructuredNameOid;
*oidSz = sizeof(attrUnstructuredNameOid); *oidSz = sizeof(attrUnstructuredNameOid);
break; break;
case PKCS9_CONTENT_TYPE_OID:
oid = attrPkcs9ContentTypeOid;
*oidSz = sizeof(attrPkcs9ContentTypeOid);
break;
case CHALLENGE_PASSWORD_OID: case CHALLENGE_PASSWORD_OID:
oid = attrChallengePasswordOid; oid = attrChallengePasswordOid;
*oidSz = sizeof(attrChallengePasswordOid); *oidSz = sizeof(attrChallengePasswordOid);
@ -16516,6 +16521,20 @@ static int DecodeCertReqAttrValue(DecodedCert* cert, int* criticalExt,
ASNGetData strDataASN[strAttrASN_Length]; ASNGetData strDataASN[strAttrASN_Length];
switch (oid) { switch (oid) {
case PKCS9_CONTENT_TYPE_OID:
/* Clear dynamic data and specify choices acceptable. */
XMEMSET(strDataASN, 0, sizeof(strDataASN));
GetASN_Choice(&strDataASN[0], strAttrChoice);
/* Parse a string. */
ret = GetASN_Items(strAttrASN, strDataASN, strAttrASN_Length,
1, input, &idx, maxIdx);
if (ret == 0) {
/* Store references to password data. */
cert->contentType = (char*)strDataASN[0].data.ref.data;
cert->contentTypeLen = strDataASN[0].data.ref.length;
}
break;
/* A password by which the entity may request certificate revocation. /* A password by which the entity may request certificate revocation.
* PKCS#9: RFC 2985, 5.4.1 - Challenge password * PKCS#9: RFC 2985, 5.4.1 - Challenge password
*/ */
@ -17499,6 +17518,21 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
return ASN_PARSE_E; return ASN_PARSE_E;
} }
switch (oid) { switch (oid) {
case PKCS9_CONTENT_TYPE_OID:
if (GetHeader(cert->source, &tag,
&cert->srcIdx, &len, attrMaxIdx, 1) < 0) {
WOLFSSL_MSG("attr GetHeader error");
return ASN_PARSE_E;
}
if (tag != ASN_PRINTABLE_STRING && tag != ASN_UTF8STRING &&
tag != ASN_IA5_STRING) {
WOLFSSL_MSG("Unsupported attribute value format");
return ASN_PARSE_E;
}
cert->contentType = (char*)cert->source + cert->srcIdx;
cert->contentTypeLen = len;
cert->srcIdx += len;
break;
case CHALLENGE_PASSWORD_OID: case CHALLENGE_PASSWORD_OID:
if (GetHeader(cert->source, &tag, if (GetHeader(cert->source, &tag,
&cert->srcIdx, &len, attrMaxIdx, 1) < 0) { &cert->srcIdx, &len, attrMaxIdx, 1) < 0) {

3
wolfssl/internal.h
View File

@ -3895,7 +3895,8 @@ struct WOLFSSL_X509 {
WOLFSSL_X509_ATTRIBUTE* challengePwAttr; WOLFSSL_X509_ATTRIBUTE* challengePwAttr;
#endif #endif
char challengePw[CTC_NAME_SIZE]; /* for REQ certs */ char challengePw[CTC_NAME_SIZE]; /* for REQ certs */
#endif char contentType[CTC_NAME_SIZE];
#endif /* WOLFSSL_CERT_REQ */
WOLFSSL_X509_NAME issuer; WOLFSSL_X509_NAME issuer;
WOLFSSL_X509_NAME subject; WOLFSSL_X509_NAME subject;
#if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_WPAS) #if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_WPAS)

11
wolfssl/openssl/asn1.h
View File

@ -92,6 +92,17 @@
#define ASN1_STRING_FLAG_MSTRING 0x040 #define ASN1_STRING_FLAG_MSTRING 0x040
#define ASN1_STRING_FLAG_EMBED 0x080 #define ASN1_STRING_FLAG_EMBED 0x080
/* X.509 PKI size limits from RFC2459 (appendix A) */
/* internally our limit is CTC_NAME_SIZE (64) - overriden with WC_CTC_NAME_SIZE */
#define ub_name CTC_NAME_SIZE /* 32768 */
#define ub_common_name CTC_NAME_SIZE /* 64 */
#define ub_locality_name CTC_NAME_SIZE /* 128 */
#define ub_state_name CTC_NAME_SIZE /* 128 */
#define ub_organization_name CTC_NAME_SIZE /* 64 */
#define ub_organization_unit_name CTC_NAME_SIZE /* 64 */
#define ub_title CTC_NAME_SIZE /* 64 */
#define ub_email_address CTC_NAME_SIZE /* 128 */
WOLFSSL_API WOLFSSL_ASN1_INTEGER *wolfSSL_BN_to_ASN1_INTEGER( WOLFSSL_API WOLFSSL_ASN1_INTEGER *wolfSSL_BN_to_ASN1_INTEGER(
const WOLFSSL_BIGNUM*, WOLFSSL_ASN1_INTEGER*); const WOLFSSL_BIGNUM*, WOLFSSL_ASN1_INTEGER*);

6
wolfssl/wolfcrypt/asn.h
View File

@ -678,6 +678,7 @@ enum
NID_sha512_224 = 1094, NID_sha512_224 = 1094,
NID_sha512_256 = 1095, NID_sha512_256 = 1095,
NID_pkcs9_unstructuredName = 49, NID_pkcs9_unstructuredName = 49,
NID_pkcs9_contentType = 50, /* 1.2.840.113549.1.9.3 */
NID_pkcs9_challengePassword = 54, NID_pkcs9_challengePassword = 54,
NID_hw_name_oid = 73, NID_hw_name_oid = 73,
NID_id_pkix_OCSP_basic = 74, NID_id_pkix_OCSP_basic = 74,
@ -1097,6 +1098,7 @@ enum KeyIdType {
#ifdef WOLFSSL_CERT_REQ #ifdef WOLFSSL_CERT_REQ
enum CsrAttrType { enum CsrAttrType {
UNSTRUCTURED_NAME_OID = 654, UNSTRUCTURED_NAME_OID = 654,
PKCS9_CONTENT_TYPE_OID = 655,
CHALLENGE_PASSWORD_OID = 659, CHALLENGE_PASSWORD_OID = 659,
SERIAL_NUMBER_OID = 94, SERIAL_NUMBER_OID = 94,
EXTENSION_REQUEST_OID = 666, EXTENSION_REQUEST_OID = 666,
@ -1477,7 +1479,9 @@ struct DecodedCert {
#ifdef WOLFSSL_CERT_REQ #ifdef WOLFSSL_CERT_REQ
/* CSR attributes */ /* CSR attributes */
char* cPwd; /* challengePassword */ char* contentType; /* Content Type */
int contentTypeLen;
char* cPwd; /* Challenge Password */
int cPwdLen; int cPwdLen;
char* sNum; /* Serial Number */ char* sNum; /* Serial Number */
int sNumLen; int sNumLen;