feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Implement DomainComponent in wolfSSL_X509_NAME_get_index_by_NID() and wolfSSL_X509_NAME_get_entry().

Browse Source
This commit is contained in:
Go Hosohara
2017-07-12 18:07:56 +09:00
committed by Jacob Barthelmeh
parent aa99031346
commit a3ad8c5bae
3 changed files with 54 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
src/ssl.c
View File

@@ -15106,8 +15106,8 @@ static void ExternalFreeX509(WOLFSSL_X509* x509)
textSz = name->fullName.ouLen; textSz = name->fullName.ouLen;
break; break;
case ASN_DOMAIN_COMPONENT: case ASN_DOMAIN_COMPONENT:
text = name->fullName.fullName + name->fullName.dcIdx; //text = name->fullName.fullName + name->fullName.dcIdx;
textSz = name->fullName.dcLen; //textSz = name->fullName.dcLen;
break; break;
default: default:
WOLFSSL_MSG("Entry type not found"); WOLFSSL_MSG("Entry type not found");
@@ -15145,14 +15145,19 @@ static void ExternalFreeX509(WOLFSSL_X509* x509)
/* these index values are already stored in DecodedName /* these index values are already stored in DecodedName
use those when available */ use those when available */
if (name->fullName.fullName && name->fullName.fullNameLen > 0) { if (name->fullName.fullName && name->fullName.fullNameLen > 0) {
name->fullName.dcMode = 0;
switch (nid) { switch (nid) {
case ASN_COMMON_NAME: case ASN_COMMON_NAME:
if (pos != name->fullName.cnIdx) if (pos != name->fullName.cnIdx)
ret = name->fullName.cnIdx; ret = name->fullName.cnIdx;
break; break;
case ASN_DOMAIN_COMPONENT: case ASN_DOMAIN_COMPONENT:
if (pos != name->fullName.dcIdx) name->fullName.dcMode = 1;
ret = name->fullName.dcIdx; if (pos < name->fullName.dcNum - 1){
ret = pos + 1;
} else {
ret = -1;
}
break; break;
default: default:
WOLFSSL_MSG("NID not yet implemented"); WOLFSSL_MSG("NID not yet implemented");
@@ -29460,21 +29465,31 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
return NULL; return NULL;
} }
/* common name index case */ /* DC component */
if (loc == name->fullName.cnIdx) { if (name->fullName.dcMode){
if (name->fullName.fullName != NULL){
if (loc == name->fullName.dcNum){
name->cnEntry.data.data = &name->fullName.fullName[name->fullName.cIdx];
name->cnEntry.data.length = name->fullName.cLen;
name->cnEntry.nid = ASN_COUNTRY_NAME;
} else {
name->cnEntry.data.data = &name->fullName.fullName[name->fullName.dcIdx[loc]];
name->cnEntry.data.length = name->fullName.dcLen[loc];
name->cnEntry.nid = ASN_DOMAIN_COMPONENT;
}
}
name->cnEntry.data.type = CTC_UTF8;
name->cnEntry.set = 1;
return &(name->cnEntry);
/* common name index case */
} else if (loc == name->fullName.cnIdx) {
/* get CN shortcut from x509 since it has null terminator */ /* get CN shortcut from x509 since it has null terminator */
name->cnEntry.data.data = name->x509->subjectCN; name->cnEntry.data.data = name->x509->subjectCN;
name->cnEntry.data.length = name->fullName.cnLen; name->cnEntry.data.length = name->fullName.cnLen;
name->cnEntry.data.type = CTC_UTF8; name->cnEntry.data.type = CTC_UTF8;
name->cnEntry.nid = ASN_COMMON_NAME; name->cnEntry.nid = ASN_COMMON_NAME;
name->cnEntry.set = 1; name->cnEntry.set = 1;
return &(name->cnEntry);
} else if (loc == name->fullName.dcIdx){
name->cnEntry.data.data = name->x509->subjectCN;
name->cnEntry.data.length = name->fullName.dcLen;
name->cnEntry.data.type = CTC_UTF8;
name->cnEntry.nid = ASN_DOMAIN_COMPONENT;
name->cnEntry.set = 1;
return &(name->cnEntry); return &(name->cnEntry);
} }

32
wolfcrypt/src/asn.c
View File

@@ -3666,6 +3666,7 @@ static int GetName(DecodedCert* cert, int nameType)
#ifdef OPENSSL_EXTRA #ifdef OPENSSL_EXTRA
DecodedName* dName = DecodedName* dName =
(nameType == ISSUER) ? &cert->issuerName : &cert->subjectName; (nameType == ISSUER) ? &cert->issuerName : &cert->subjectName;
int dcnum = 0;
#endif /* OPENSSL_EXTRA */ #endif /* OPENSSL_EXTRA */
WOLFSSL_MSG("Getting Cert Name"); WOLFSSL_MSG("Getting Cert Name");
@@ -4003,8 +4004,10 @@ static int GetName(DecodedCert* cert, int nameType)
XMEMCPY(&full[idx], "/DC=", 4); XMEMCPY(&full[idx], "/DC=", 4);
idx += 4; idx += 4;
#ifdef OPENSSL_EXTRA #ifdef OPENSSL_EXTRA
dName->dcIdx = cert->srcIdx; dName->dcIdx[dcnum] = cert->srcIdx;
dName->dcLen = adv; dName->dcLen[dcnum] = adv;
dName->dcNum = dcnum + 1;
dcnum++;
#endif /* OPENSSL_EXTRA */ #endif /* OPENSSL_EXTRA */
break; break;
@@ -4025,6 +4028,7 @@ static int GetName(DecodedCert* cert, int nameType)
#ifdef OPENSSL_EXTRA #ifdef OPENSSL_EXTRA
{ {
int totalLen = 0; int totalLen = 0;
int i = 0;
if (dName->cnLen != 0) if (dName->cnLen != 0)
totalLen += dName->cnLen + 4; totalLen += dName->cnLen + 4;
@@ -4046,8 +4050,10 @@ static int GetName(DecodedCert* cert, int nameType)
totalLen += dName->uidLen + 5; totalLen += dName->uidLen + 5;
if (dName->serialLen != 0) if (dName->serialLen != 0)
totalLen += dName->serialLen + 14; totalLen += dName->serialLen + 14;
if (dName->dcLen != 0) if (dName->dcNum != 0){
totalLen += dName->dcLen + 4; for (i = 0;i < dName->dcNum;i++)
totalLen += dName->dcLen[i] + 4;
}
dName->fullName = (char*)XMALLOC(totalLen + 1, cert->heap, dName->fullName = (char*)XMALLOC(totalLen + 1, cert->heap,
DYNAMIC_TYPE_X509); DYNAMIC_TYPE_X509);
@@ -4126,14 +4132,16 @@ static int GetName(DecodedCert* cert, int nameType)
dName->emailIdx = idx; dName->emailIdx = idx;
idx += dName->emailLen; idx += dName->emailLen;
} }
if (dName->dcLen != 0) { for (i = 0;i < dName->dcNum;i++){
dName->entryCount++; if (dName->dcLen[i] != 0) {
XMEMCPY(&dName->fullName[idx], "/DC=", 4); dName->entryCount++;
idx += 4; XMEMCPY(&dName->fullName[idx], "/DC=", 4);
XMEMCPY(&dName->fullName[idx], idx += 4;
&cert->source[dName->dcIdx], dName->dcLen); XMEMCPY(&dName->fullName[idx],
dName->dcIdx = idx; &cert->source[dName->dcIdx[i]], dName->dcLen[i]);
idx += dName->dcLen; dName->dcIdx[i] = idx;
idx += dName->dcLen[i];
}
} }
if (dName->uidLen != 0) { if (dName->uidLen != 0) {
dName->entryCount++; dName->entryCount++;

7
wolfssl/wolfcrypt/asn.h
View File

@@ -422,6 +422,7 @@ struct Base_entry {
byte type; /* Name base type (DNS or RFC822) */ byte type; /* Name base type (DNS or RFC822) */
}; };
#define DOMAIN_COMPONENT_MAX 10
struct DecodedName { struct DecodedName {
char* fullName; char* fullName;
@@ -447,8 +448,10 @@ struct DecodedName {
int uidLen; int uidLen;
int serialIdx; int serialIdx;
int serialLen; int serialLen;
int dcIdx; int dcIdx[DOMAIN_COMPONENT_MAX];
int dcLen; int dcLen[DOMAIN_COMPONENT_MAX];
int dcNum;
int dcMode;
}; };
enum SignatureState { enum SignatureState {