diff --git a/src/ssl.c b/src/ssl.c index b933f7394..57854c37b 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -29369,6 +29369,51 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl) } #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ +#if defined(OPENSSL_ALL) +const byte* wolfSSL_OBJ_txt2oidBuf(char* buf, word32* inOutSz, word32 oidType) + { + char *token; + byte* oidBuf = NULL; + word32 oid; + word16 dotted[ASN1_OID_DOTTED_MAX_SZ]; + word32 dottedCount = 0; + int nid; + + if (buf == NULL) + return NULL; + + nid = wolfSSL_OBJ_txt2nid(buf); + + if (nid != NID_undef) { + /* Handle named OID case */ + oid = nid2oid(nid, oidType); + oidBuf = (byte*)OidFromId(oid, oidType,inOutSz); + } + #if defined(HAVE_OID_ENCODING) + else { + /* Handle dotted form OID case*/ + token = XSTRTOK(buf, ".", NULL); + + while (token != NULL) { + dotted[dottedCount] = XATOI(token); + dottedCount++; + token = XSTRTOK(NULL, ".", NULL); + } + + if (EncodeObjectId(dotted, dottedCount, oidBuf, inOutSz) != 0) { + oidBuf = NULL; + } + } + #else + (void)token; + (void)dotted; + (void)dottedCount; + #endif + + return (const byte*)oidBuf; + } +#endif /* OPENSSL_ALL */ + #if defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) || \ defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(HAVE_STUNNEL) || \ defined(WOLFSSL_NGINX) || defined(HAVE_POCO_LIB) || \ @@ -33912,6 +33957,7 @@ int wolfSSL_set_alpn_protos(WOLFSSL* ssl, word32 nid2oid(int nid, int grp) { + size_t i; /* get OID type */ switch (grp) { /* oidHashType */ @@ -34269,10 +34315,33 @@ word32 nid2oid(int nid, int grp) } break; + /* oidCmsKeyAgreeType */ + #ifdef WOLFSSL_CERT_REQ + case oidCsrAttrType: + switch (nid) { + case NID_pkcs9_contentType: + return PKCS9_CONTENT_TYPE_OID; + case NID_pkcs9_challengePassword: + return CHALLENGE_PASSWORD_OID; + case NID_serialNumber: + return SERIAL_NUMBER_OID; + case NID_userId: + return USER_ID_OID; + case NID_surname: + return SURNAME_OID; + } + break; + #endif + default: WOLFSSL_MSG("NID not in table"); - /* MSVC warns without the cast */ - return (word32)-1; + } + + /* If not found in above switch then try the table */ + for (i = 0; i < WOLFSSL_OBJECT_INFO_SZ; i++) { + if (wolfssl_object_info[i].nid == nid) { + return wolfssl_object_info[i].id; + } } /* MSVC warns without the cast */ @@ -34647,7 +34716,7 @@ int oid2nid(word32 oid, int grp) #endif default: - WOLFSSL_MSG("NID not in table"); + WOLFSSL_MSG("OID not in table"); } /* If not found in above switch then try the table */ for (i = 0; i < WOLFSSL_OBJECT_INFO_SZ; i++) { diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index cf9cc9e0a..65b4fe7f7 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -12350,9 +12350,13 @@ static int GenerateDNSEntryRIDString(DNS_entry* entry, void* heap) int i, j, ret = 0; int nameSz; int tmpSize = MAX_OID_SZ; + int endChar = 0; + int nid = 0; + word32 oid = 0; + word32 idx = 0; word16 tmpName[MAX_OID_SZ]; + char finalName[MAX_OID_SZ]; char* rid; - char dottedName[MAX_OID_SZ] = {0}; if (entry == NULL || entry->type != ASN_RID_TYPE) { return BAD_FUNC_ARG; @@ -12361,44 +12365,56 @@ static int GenerateDNSEntryRIDString(DNS_entry* entry, void* heap) if (entry->len <= 0) { return BAD_FUNC_ARG; } + + XMEMSET(&finalName, 0, MAX_OID_SZ); rid = entry->name; -#if defined(HAVE_OID_DECODING) || defined(WOLFSSL_ASN_PRINT) - /* Decode OBJECT_ID into dotted form array. */ - ret = DecodeObjectId((const byte*)(rid),(word32)entry->len, tmpName, - (word32*)&tmpSize); -#else - ret = NOT_COMPILED_IN; -#endif + ret = GetOID((const byte*)rid, &idx, &oid, oidIgnoreType, entry->len); - if (ret == 0) { - j = 0; - /* Append each number of dotted form. */ - for (i = 0; i < tmpSize; i++) { - ret = XSNPRINTF(dottedName + j, MAX_OID_SZ, "%d", tmpName[i]); - if (ret >= 0) { - j += ret; - if (i < tmpSize - 1) { - dottedName[j] = '.'; - j++; + if (ret == 0 && (nid = oid2nid(oid, oidCsrAttrType)) > 0) { + rid = (char*)wolfSSL_OBJ_nid2ln(nid); + XSTRNCPY(finalName, rid, XSTRLEN((const char*)rid)); + } + else { + #if defined(HAVE_OID_DECODING) || defined(WOLFSSL_ASN_PRINT) + /* Decode OBJECT_ID into dotted form array. */ + ret = DecodeObjectId((const byte*)(rid),(word32)entry->len, tmpName, + (word32*)&tmpSize); + #else + ret = NOT_COMPILED_IN; + #endif + + if (ret == 0) { + endChar = 1; + j = 0; + /* Append each number of dotted form. */ + for (i = 0; i < tmpSize; i++) { + ret = XSNPRINTF(finalName + j, MAX_OID_SZ, "%d", tmpName[i]); + if (ret >= 0) { + j += ret; + if (i < tmpSize - 1) { + finalName[j] = '.'; + j++; + } + } + else { + return BUFFER_E; } } - else { - return BUFFER_E; - } + ret = 0; } - ret = 0; } if (ret == 0) { - nameSz = (int)XSTRLEN((const char*)dottedName); - entry->ridString = (char*)XMALLOC(nameSz + 1, heap, DYNAMIC_TYPE_ALTNAME); + nameSz = (int)XSTRLEN((const char*)finalName); + entry->ridString = (char*)XMALLOC(nameSz + endChar, heap, DYNAMIC_TYPE_ALTNAME); if (entry->ridString == NULL) { ret = MEMORY_E; } - XMEMCPY(entry->ridString, dottedName, nameSz); - entry->ridString[nameSz] = '\0'; + XMEMCPY(entry->ridString, finalName, nameSz); + if (endChar) + entry->ridString[nameSz] = '\0'; } return ret; @@ -37280,9 +37296,6 @@ int wc_Asn1_SetFile(Asn1* asn1, XFILE file) return ret; } -/* Maximum OID dotted form size. */ -#define ASN1_OID_DOTTED_MAX_SZ 16 - /* Print OID in dotted form or as hex bytes. * * @param [in] file File pointer to write to. diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 648cdbcee..0f1993e23 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -4168,6 +4168,7 @@ WOLFSSL_API size_t wolfSSL_OBJ_length(const WOLFSSL_ASN1_OBJECT* o); WOLFSSL_API const unsigned char* wolfSSL_OBJ_get0_data( const WOLFSSL_ASN1_OBJECT* o); +WOLFSSL_API const byte* wolfSSL_OBJ_txt2oidBuf(char* b, word32* sz, word32 t); WOLFSSL_API const char* wolfSSL_OBJ_nid2ln(int n); WOLFSSL_API int wolfSSL_OBJ_ln2nid(const char *ln); WOLFSSL_API int wolfSSL_OBJ_cmp(const WOLFSSL_ASN1_OBJECT* a, diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 2d0d66bfc..a476cfc7f 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -898,6 +898,9 @@ enum ECC_TYPES #endif #endif +/* Maximum OID dotted form size. */ +#define ASN1_OID_DOTTED_MAX_SZ 16 + enum Misc_ASN { MAX_SALT_SIZE = 64, /* MAX PKCS Salt length */ MAX_IV_SIZE = 64, /* MAX PKCS Iv length */ @@ -2166,7 +2169,7 @@ WOLFSSL_LOCAL int GetInt(mp_int* mpi, const byte* input, word32* inOutIdx, word32 maxIdx); #ifdef HAVE_OID_ENCODING - WOLFSSL_API int EncodeObjectId(const word16* in, word32 inSz, + WOLFSSL_LOCAL int EncodeObjectId(const word16* in, word32 inSz, byte* out, word32* outSz); #endif #if defined(HAVE_OID_DECODING) || defined(WOLFSSL_ASN_PRINT)