feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Add x509 name attributes and extensions to DER parsing and generation

Browse Source 
- Postal Code
- Street Address
- External Key Usage
- Netscape Certificate Type
- CRL Distribution Points
- Storing full Authority Key Identifier information
- Add new certificates to `certs/test` for testing
- Update WOLFSSL_ASN_TEMPLATE to match new features
This commit is contained in:
Juliusz Sosinowicz
2021-10-07 16:16:52 +02:00
parent 7baffd9cf1
commit c162196b27
27 changed files with 1139 additions and 285 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
certs/renewcerts/wolfssl.cnf
View File

@ -278,7 +278,7 @@ keyUsage=critical, digitalSignature, keyEncipherment, keyAgreement
extendedKeyUsage=serverAuth
nsCertType=server
# server-ecc extensions
# client-ecc extensions
[ client_ecc ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always

BIN
certs/test/cert-ext-ia.der
View File

Binary file not shown.

24
certs/test/cert-ext-ia.pem Normal file
View File

@ -0,0 +1,24 @@
-----BEGIN CERTIFICATE-----
MIIEBTCCAu2gAwIBAgIUA89RcLeZzk3/nwjVthGOpD1o1C0wDQYJKoZIhvcNAQEL
BQAwgaAxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApRdWVlbnNsYW5kMREwDwYDVQQH
DAhCcmlzYmFuZTEUMBIGA1UECgwLd29sZlNTTCBJbmMxFDASBgNVBAsMC0VuZ2lu
ZWVyaW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xIzAhBgkqhkiG9w0BCQEW
FHN1cHBvcnRAd29sZnNzc2wuY29tMB4XDTIxMTAwNjEyMjYwNFoXDTI0MDcwMjEy
MjYwNFowgaAxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApRdWVlbnNsYW5kMREwDwYD
VQQHDAhCcmlzYmFuZTEUMBIGA1UECgwLd29sZlNTTCBJbmMxFDASBgNVBAsMC0Vu
Z2luZWVyaW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xIzAhBgkqhkiG9w0B
CQEWFHN1cHBvcnRAd29sZnNzc2wuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAwJUI4VdB8nFtt9JFQScBZcZFrvK8JDC4lc4vTtb2HIi8fJ/7qGd/
/lycUXX3isoH5zUvj+G9e8AvfKtkqBf8yl17uuAh5XIuby6G2JVz2qwbU7lfP9cZ
DSVP4WNjUYsLZD+tQ7ilHFw0s64AoGPF9n8LWWh4c6aMGKkCba/DGQEuuBDjxsxA
tGmjRjNph27Euxem8+jdrXO8ey8htf1mUQy9VLPhbV8cvCNz0QkDiRTSELlkwyrQ
oZZKvOHUGlvHoMDBY3gPRDcwMpaAMiOVoXe6E9KXc+JdJclqDcM5YKS0sGlCQgnp
2Ai8MyCzWCKnquvE4eZhg8XSlt/Z0E+t1wIDAQABozUwMzANBgNVHTYBAf8EAwIB
ATAiBglghkgBhvhCAQ0EFRYTVGVzdGluZyBpbmhpYml0IGFueTANBgkqhkiG9w0B
AQsFAAOCAQEAt+GCSAzHQ4rIf9jrmImZU9gP0vmqKr4BKqHpnJSYcAp094MPUFgT
6L5q7qY2umH3DERkiduAqJBFjH8dDcso5d9G6EZNOZ5dn8fquVCjL611dJCqD4wN
L2EGfdP/AMSi/ze7k9QRXDj2NdcR4WE/EXNiQYWV+bdEQKujgkEcVUPS4CI00GRW
WNsVGjA2lSFv8x+jTEmwr56m76B0wAeHrKFjQ8qoxnJtVxx2baMdzF9Gd+JSMwk4
ew06RsGpCoxaoPwoYwj624ZRumAyCtqppB1A8VQYZ6Zs1M76gWrIkm3qSypm2VT/
hyvumoY7uJWA3evI2RDNFrlgzI/hnJ/ymA==
-----END CERTIFICATE-----

BIN
certs/test/cert-ext-joi.der
View File

Binary file not shown.

31
certs/test/cert-ext-joi.pem Normal file
View File

@ -0,0 +1,31 @@
-----BEGIN CERTIFICATE-----
MIIFXDCCBESgAwIBAgIUew7lLcN3cnN8wi3WWIgFLwDnp7owDQYJKoZIhvcNAQEL
BQAwgccxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
b3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEY
MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMSAwHgYJKoZIhvcNAQkBFhFpbmZvQHdv
bGZzc3NsLmNvbTETMBEGCysGAQQBgjc8AgEDEwJVUzEbMBkGCysGAQQBgjc8AgEC
DApDYWxpZm9ybmlhMB4XDTIxMTAwNjEyMjYwNFoXDTI0MDcwMjEyMjYwNFowgccx
CzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFu
MREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UE
AwwPd3d3LndvbGZzc2wuY29tMSAwHgYJKoZIhvcNAQkBFhFpbmZvQHdvbGZzc3Ns
LmNvbTETMBEGCysGAQQBgjc8AgEDEwJVUzEbMBkGCysGAQQBgjc8AgECDApDYWxp
Zm9ybmlhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvwzKLRSyHoRC
W804H0ryTXUQ8bY1n9/KfQOY06zeA2buKvHYsH1uB1QLEJghTYDLEiDnzE/eRX3J
cncy6sqQu2lSEAMvqPOVxfGLYlYb72dvpBBBla0Km+OlwLDScHZQMFuo6AgsfO2n
onqNOCkcrMft8nyVsJWCfUlcOM13Je+9gHVTlDw9ymNbnxW10x0TLxnRPNt2Osy4
fcnlwtfaQG/YIdxzG0ItU5z+Gvx9q3o2P5jehHwFZ85qFDiHqfGMtWjLaH9xICv1
oGP1Vi+jJtK3b7FaF9c4mQj+k1hv/sMTSQgWC6dNZwBSMWcjTpjtUUUduQTZC+zY
KLNLve02eQIDAQABo4IBPDCCATgwHQYDVR0OBBYEFCeOZxF0wyYdP+0zY7Ok2B0w
5ejVMIIBBwYDVR0jBIH/MIH8gBQnjmcRdMMmHT/tM2OzpNgdMOXo1aGBzaSByjCB
xzELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVt
YW4xETAPBgNVBAoMCFNhd3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYD
VQQDDA93d3cud29sZnNzbC5jb20xIDAeBgkqhkiG9w0BCQEWEWluZm9Ad29sZnNz
c2wuY29tMRMwEQYLKwYBBAGCNzwCAQMTAlVTMRswGQYLKwYBBAGCNzwCAQIMCkNh
bGlmb3JuaWGCFHsO5S3Dd3JzfMIt1liIBS8A56e6MAwGA1UdEwQFMAMBAf8wDQYJ
KoZIhvcNAQELBQADggEBAJV/akWWtWlplTSMz1YDUMZAYB8DoTGtC34cB2ZJ+i41
j8vkviPCExIaNyXvEPHsbreaQrkx8PfyPXPzmTa1UbIpZF1UpvIidjpl0QFog0tu
3I+gmpX1XJAgDgWxy9NUUFCfMhIEzBztabz10OKmAZHRTNeQMb/8HB6W8D/dbqH8
BIomaeXUGqPrY4QTBXAqTRDieGYk1lfex3faani4oxf1jtvIrYiRnCbXLHQRV7ql
Jz1Ws9/UOSp9Uw32ZnD5WCLNAopzwq9QydQ4/SmhoFhi00vBpaht7POuCqHH/F5K
mMaZcgJ8ZpQVG1pvZ054icOSnN1EABocFzxGoIvh3jo=
-----END CERTIFICATE-----

24
certs/test/cert-ext-multiple.cfg Normal file
View File

@ -0,0 +1,24 @@
[ req ]
distinguished_name = req_distinguished_name
prompt = no
x509_extensions = v3_ca
[ req_distinguished_name ]
C = AU
ST = Queensland
L = Brisbane
O = wolfSSL Inc
OU = Engineering
CN = www.wolfssl.com
emailAddress = support@wolfsssl.com
postalCode = 56-131
street = Main St
[ v3_ca ]
nsCertType = server
crlDistributionPoints = URI:http://www.wolfssl.com/crl.pem
extendedKeyUsage = serverAuth
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer:always

BIN
certs/test/cert-ext-multiple.der Normal file
View File

Binary file not shown.

32
certs/test/cert-ext-multiple.pem Normal file
View File

@ -0,0 +1,32 @@
-----BEGIN CERTIFICATE-----
MIIFmzCCBIOgAwIBAgIUXBMehhk3xIm8q5A8IA6Su/5KcFQwDQYJKoZIhvcNAQEL
BQAwgcMxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApRdWVlbnNsYW5kMREwDwYDVQQH
DAhCcmlzYmFuZTEUMBIGA1UECgwLd29sZlNTTCBJbmMxFDASBgNVBAsMC0VuZ2lu
ZWVyaW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xIzAhBgkqhkiG9w0BCQEW
FHN1cHBvcnRAd29sZnNzc2wuY29tMQ8wDQYDVQQRDAY1Ni0xMzExEDAOBgNVBAkM
B01haW4gU3QwHhcNMjExMDA2MTIyNjA0WhcNMjQwNzAyMTIyNjA0WjCBwzELMAkG
A1UEBhMCQVUxEzARBgNVBAgMClF1ZWVuc2xhbmQxETAPBgNVBAcMCEJyaXNiYW5l
MRQwEgYDVQQKDAt3b2xmU1NMIEluYzEUMBIGA1UECwwLRW5naW5lZXJpbmcxGDAW
BgNVBAMMD3d3dy53b2xmc3NsLmNvbTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEB3
b2xmc3NzbC5jb20xDzANBgNVBBEMBjU2LTEzMTEQMA4GA1UECQwHTWFpbiBTdDCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL8Myi0Ush6EQlvNOB9K8k11
EPG2NZ/fyn0DmNOs3gNm7irx2LB9bgdUCxCYIU2AyxIg58xP3kV9yXJ3MurKkLtp
UhADL6jzlcXxi2JWG+9nb6QQQZWtCpvjpcCw0nB2UDBbqOgILHztp6J6jTgpHKzH
7fJ8lbCVgn1JXDjNdyXvvYB1U5Q8PcpjW58VtdMdEy8Z0TzbdjrMuH3J5cLX2kBv
2CHccxtCLVOc/hr8fat6Nj+Y3oR8BWfOahQ4h6nxjLVoy2h/cSAr9aBj9VYvoybS
t2+xWhfXOJkI/pNYb/7DE0kIFgunTWcAUjFnI06Y7VFFHbkE2Qvs2CizS73tNnkC
AwEAAaOCAYMwggF/MBEGCWCGSAGG+EIBAQQEAwIGQDAvBgNVHR8EKDAmMCSgIqAg
hh5odHRwOi8vd3d3LndvbGZzc2wuY29tL2NybC5wZW0wEwYDVR0lBAwwCgYIKwYB
BQUHAwEwHQYDVR0OBBYEFCeOZxF0wyYdP+0zY7Ok2B0w5ejVMIIBAwYDVR0jBIH7
MIH4gBQnjmcRdMMmHT/tM2OzpNgdMOXo1aGByaSBxjCBwzELMAkGA1UEBhMCQVUx
EzARBgNVBAgMClF1ZWVuc2xhbmQxETAPBgNVBAcMCEJyaXNiYW5lMRQwEgYDVQQK
DAt3b2xmU1NMIEluYzEUMBIGA1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMMD3d3
dy53b2xmc3NsLmNvbTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEB3b2xmc3NzbC5j
b20xDzANBgNVBBEMBjU2LTEzMTEQMA4GA1UECQwHTWFpbiBTdIIUXBMehhk3xIm8
q5A8IA6Su/5KcFQwDQYJKoZIhvcNAQELBQADggEBAClFWcqt8yjuaNoHoB5ugpRi
t44U1y1/twWFuVdhzGiIex/FeUXY1LFT7HkBscyLQLVPk+4HxnM2gSSm/TSH17n4
u4hSr1nWM34VhOonwIm1eyN8aQmYTSLU2ukoU9tRYwHGHD2zphFW1laWalpsEx4o
Bv0HHlOLLJMyqzWrY927R2sd4U/c09LVMkXe1ZqpglAgMqUvDe+nrlCdGgOqUEdm
Ed1Cr5pwPxorpYz39HHkNa4XVRLk/BwtXAFUW/XpGtbUNciHsujnrRL8ZzV/PipY
EgFOi3ZEt8T3I8AtWIG99Nve7YCfsjgmN3XJrKUWVv47KooXq167arPVCOPOMBA=
-----END CERTIFICATE-----

BIN
certs/test/cert-ext-nc.der
View File

Binary file not shown.

27
certs/test/cert-ext-nc.pem Normal file
View File

@ -0,0 +1,27 @@
-----BEGIN CERTIFICATE-----
MIIEgTCCA2mgAwIBAgIUTT801Rb2AUDHoZhAiituiPxyJgUwDQYJKoZIhvcNAQEL
BQAwgaAxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApRdWVlbnNsYW5kMREwDwYDVQQH
DAhCcmlzYmFuZTEUMBIGA1UECgwLd29sZlNTTCBJbmMxFDASBgNVBAsMC0VuZ2lu
ZWVyaW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xIzAhBgkqhkiG9w0BCQEW
FHN1cHBvcnRAd29sZnNzc2wuY29tMB4XDTIxMTAwNjEyMjYwNFoXDTI0MDcwMjEy
MjYwNFowgaAxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApRdWVlbnNsYW5kMREwDwYD
VQQHDAhCcmlzYmFuZTEUMBIGA1UECgwLd29sZlNTTCBJbmMxFDASBgNVBAsMC0Vu
Z2luZWVyaW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xIzAhBgkqhkiG9w0B
CQEWFHN1cHBvcnRAd29sZnNzc2wuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAwJUI4VdB8nFtt9JFQScBZcZFrvK8JDC4lc4vTtb2HIi8fJ/7qGd/
/lycUXX3isoH5zUvj+G9e8AvfKtkqBf8yl17uuAh5XIuby6G2JVz2qwbU7lfP9cZ
DSVP4WNjUYsLZD+tQ7ilHFw0s64AoGPF9n8LWWh4c6aMGKkCba/DGQEuuBDjxsxA
tGmjRjNph27Euxem8+jdrXO8ey8htf1mUQy9VLPhbV8cvCNz0QkDiRTSELlkwyrQ
oZZKvOHUGlvHoMDBY3gPRDcwMpaAMiOVoXe6E9KXc+JdJclqDcM5YKS0sGlCQgnp
2Ai8MyCzWCKnquvE4eZhg8XSlt/Z0E+t1wIDAQABo4GwMIGtMB0GA1UdDgQWBBSz
ETLJkpiE4sn40DtuA0LKHw6OPDAfBgNVHSMEGDAWgBSzETLJkpiE4sn40DtuA0LK
Hw6OPDASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBhjAeBgNVHR4B
Af8EFDASoBAwDoEMLndvbGZzc2wuY29tMCcGCWCGSAGG+EIBDQQaFhhUZXN0aW5n
IG5hbWUgY29uc3RyYWludHMwDQYJKoZIhvcNAQELBQADggEBACiFWGDK333MJVsU
vtpTWoY76P/T6IdY03IM/1/tcDyRVjiHl2m031Cz1D8q1d3i+zzLxxz/Gzw+L2uh
RYuQDTC2kDLFVpN/7CIVSkAmrG2C2lm0gWYeBgVUp8XJSXl7LA04npGf7isN5Ut4
cMefVc64m9amM2iFCU/MNjVDzw8nt7V4uJygFVc9DXijoC/ZBl+ZEmCUDFMm5q6g
6ZJ5x2c5CmfhbvkltpZsHtNexpMn/OlxBy6mQtox1X9Xkatd0ReOGUBMxKMWnwfa
gNRCaFxsv/22ZdY49OsH3OKwHcFAyCMLEVqzSZFZX7a8LJHGQOy3Y3YG56t3EaJd
b35YGGg=
-----END CERTIFICATE-----

BIN
certs/test/cert-ext-nct.der
View File

Binary file not shown.

24
certs/test/cert-ext-nct.pem Normal file
View File

@ -0,0 +1,24 @@
-----BEGIN CERTIFICATE-----
MIIEGjCCAwKgAwIBAgIUAk4+yIZ3S7BdgUTUopeUVK7oAgAwDQYJKoZIhvcNAQEL
BQAwgaAxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApRdWVlbnNsYW5kMREwDwYDVQQH
DAhCcmlzYmFuZTEUMBIGA1UECgwLd29sZlNTTCBJbmMxFDASBgNVBAsMC0VuZ2lu
ZWVyaW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xIzAhBgkqhkiG9w0BCQEW
FHN1cHBvcnRAd29sZnNzc2wuY29tMB4XDTIxMTAwNjEyMjYwNFoXDTI0MDcwMjEy
MjYwNFowgaAxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApRdWVlbnNsYW5kMREwDwYD
VQQHDAhCcmlzYmFuZTEUMBIGA1UECgwLd29sZlNTTCBJbmMxFDASBgNVBAsMC0Vu
Z2luZWVyaW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xIzAhBgkqhkiG9w0B
CQEWFHN1cHBvcnRAd29sZnNzc2wuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAwJUI4VdB8nFtt9JFQScBZcZFrvK8JDC4lc4vTtb2HIi8fJ/7qGd/
/lycUXX3isoH5zUvj+G9e8AvfKtkqBf8yl17uuAh5XIuby6G2JVz2qwbU7lfP9cZ
DSVP4WNjUYsLZD+tQ7ilHFw0s64AoGPF9n8LWWh4c6aMGKkCba/DGQEuuBDjxsxA
tGmjRjNph27Euxem8+jdrXO8ey8htf1mUQy9VLPhbV8cvCNz0QkDiRTSELlkwyrQ
oZZKvOHUGlvHoMDBY3gPRDcwMpaAMiOVoXe6E9KXc+JdJclqDcM5YKS0sGlCQgnp
2Ai8MyCzWCKnquvE4eZhg8XSlt/Z0E+t1wIDAQABo0owSDAUBglghkgBhvhCAQEB
Af8EBAMCBkAwMAYJYIZIAYb4QgENBCMWIVRlc3RpbmcgTmV0c2NhcGUgQ2VydGlm
aWNhdGUgVHlwZTANBgkqhkiG9w0BAQsFAAOCAQEAgo2UG9wBBhmnTzf8k/dJ529S
AlK8hC+2QM1zzxcD58Z7R/8NaStMMgJI0UdCeibxJOkhRfjCIlqWQ1dCBNvMPf2Y
nXZmZ1vSkVDoRFqQDwjKi383Dz2+zQTir7Ewa0OKhevhVfdqwJYZHKNsHVVCSIXf
8PzF5quPTUfqUBBX/KfBr6uSpqKdNyXW1FE57HHyyY3m1fctof2KdqnEVrDixbe7
piCXf+w2MOdxla0hOjiRuaBMoaEwseiBcXKnhTxv3TTHpADAViqYm42JjbZk+oXH
0R+oP0GrCjI/IMWL5l9VFV9IDVkBTrJAYaAdBDxdkhxlzdZx+zi2O4WGjt2CUQ==
-----END CERTIFICATE-----

BIN
certs/test/cert-ext-ndir-exc.der
View File

Binary file not shown.

29
certs/test/cert-ext-ndir-exc.pem Normal file
View File

@ -0,0 +1,29 @@
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgIUDyeuOpJhkA5iuOA+yt9w0Pxh8KYwDQYJKoZIhvcNAQEL
BQAwgZUxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
b3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEY
MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMSAwHgYJKoZIhvcNAQkBFhFpbmZvQHdv
bGZzc3NsLmNvbTAeFw0yMTEwMDYxMjI2MDRaFw0yNDA3MDIxMjI2MDRaMIGVMQsw
CQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjER
MA8GA1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMM
D3d3dy53b2xmc3NsLmNvbTEgMB4GCSqGSIb3DQEJARYRaW5mb0B3b2xmc3NzbC5j
b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/DMotFLIehEJbzTgf
SvJNdRDxtjWf38p9A5jTrN4DZu4q8diwfW4HVAsQmCFNgMsSIOfMT95FfclydzLq
ypC7aVIQAy+o85XF8YtiVhvvZ2+kEEGVrQqb46XAsNJwdlAwW6joCCx87aeieo04
KRysx+3yfJWwlYJ9SVw4zXcl772AdVOUPD3KY1ufFbXTHRMvGdE823Y6zLh9yeXC
19pAb9gh3HMbQi1TnP4a/H2rejY/mN6EfAVnzmoUOIep8Yy1aMtof3EgK/WgY/VW
L6Mm0rdvsVoX1ziZCP6TWG/+wxNJCBYLp01nAFIxZyNOmO1RRR25BNkL7Ngos0u9
7TZ5AgMBAAGjggFBMIIBPTAdBgNVHQ4EFgQUJ45nEXTDJh0/7TNjs6TYHTDl6NUw
gdUGA1UdIwSBzTCByoAUJ45nEXTDJh0/7TNjs6TYHTDl6NWhgZukgZgwgZUxCzAJ
BgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREw
DwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwP
d3d3LndvbGZzc2wuY29tMSAwHgYJKoZIhvcNAQkBFhFpbmZvQHdvbGZzc3NsLmNv
bYIUDyeuOpJhkA5iuOA+yt9w0Pxh8KYwDAYDVR0TBAUwAwEB/zA2BgNVHR4BAf8E
LDAqoSgwJqQkMCIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMA0G
CSqGSIb3DQEBCwUAA4IBAQBgGzWKEdxe7BftJBBBVUOXd8FCFwwgvX2gx1egOFun
PfUliAz68lHUc9qh6d5NPjB4YgOBHnKs03Za1eBkRkIPTU5AyFbu2GQHkgJl6abt
YY2IiKQ+FCoZ7HCYo+VQKjvtKTbyExLSxWFZONBJQ2Ac1wyBLhTpZnxfMugWy9u8
mllvwQd6h+3Lkd3mVaVpyvoVQGGBzt/Ny/PwmfX+AwWsTJKhocE8xTvGmKexed5E
M4IAKJffmFBCd+pELRYRqQL6oVxclbsAPDLH+BXFKl1DNyoqTFSJSa/m/U9aBILZ
M6V63k8RPzbyHOw5GXM5j1ulItdwQ1fEEKPMu2o2u1dp
-----END CERTIFICATE-----

BIN
certs/test/cert-ext-ndir.der
View File

Binary file not shown.

29
certs/test/cert-ext-ndir.pem Normal file
View File

@ -0,0 +1,29 @@
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUf/jV/P1olEjAao7TEGdZx5xTD/EwDQYJKoZIhvcNAQEL
BQAwgZUxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
b3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEY
MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMSAwHgYJKoZIhvcNAQkBFhFpbmZvQHdv
bGZzc3NsLmNvbTAeFw0yMTEwMDYxMjI2MDRaFw0yNDA3MDIxMjI2MDRaMIGVMQsw
CQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjER
MA8GA1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMM
D3d3dy53b2xmc3NsLmNvbTEgMB4GCSqGSIb3DQEJARYRaW5mb0B3b2xmc3NzbC5j
b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/DMotFLIehEJbzTgf
SvJNdRDxtjWf38p9A5jTrN4DZu4q8diwfW4HVAsQmCFNgMsSIOfMT95FfclydzLq
ypC7aVIQAy+o85XF8YtiVhvvZ2+kEEGVrQqb46XAsNJwdlAwW6joCCx87aeieo04
KRysx+3yfJWwlYJ9SVw4zXcl772AdVOUPD3KY1ufFbXTHRMvGdE823Y6zLh9yeXC
19pAb9gh3HMbQi1TnP4a/H2rejY/mN6EfAVnzmoUOIep8Yy1aMtof3EgK/WgY/VW
L6Mm0rdvsVoX1ziZCP6TWG/+wxNJCBYLp01nAFIxZyNOmO1RRR25BNkL7Ngos0u9
7TZ5AgMBAAGjggEsMIIBKDAdBgNVHQ4EFgQUJ45nEXTDJh0/7TNjs6TYHTDl6NUw
gdUGA1UdIwSBzTCByoAUJ45nEXTDJh0/7TNjs6TYHTDl6NWhgZukgZgwgZUxCzAJ
BgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREw
DwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwP
d3d3LndvbGZzc2wuY29tMSAwHgYJKoZIhvcNAQkBFhFpbmZvQHdvbGZzc3NsLmNv
bYIUf/jV/P1olEjAao7TEGdZx5xTD/EwDAYDVR0TBAUwAwEB/zAhBgNVHR4BAf8E
FzAVoBMwEaQPMA0xCzAJBgNVBAYTAlVTMA0GCSqGSIb3DQEBCwUAA4IBAQBnnFq7
5O1NpE3jttFAtEdGUXhwIzuxwDCJ4SNyUGnFww06NE7mRpvN22vzqi/UwlViuCbE
Sl9MkBD2FEYM/raKyHiO1ZFne4FTzqjuQMsvng9vdHknPpBEKcpOrjxGSWJWRtXM
xFVTD2vg7jBsgOHSWyfhKQDk3ibDzHSS7/7gdOLxWs7rbKpnHDx5P2oCeOEqVikF
WqrBy8RMdGrTBw/NkAwNdLwPwWXGqD4rFltlZl3mxrcsgKeAsoHiaIqKm8F/gYx5
+xP1bgNnnJHRv3Pu0wQ+Y5JXIaRm42CBUBa34KvSDeC/xk5nMhUPadenIwizQCXW
LHrK/Ja95/QKWbPa
-----END CERTIFICATE-----

54
certs/test/gen-ext-certs.sh
View File

@ -5,20 +5,22 @@ TMP="/tmp/`basename $0`"
KEY=certs/server-key.der
gen_cert() {
openssl req -x509 -keyform DER -key $KEY \
-days 1000 -new -outform DER -out $OUT -config $CONFIG \
-days 1000 -new -outform DER -out $OUT.der -config $CONFIG \
>$TMP 2>&1
if [ "$?" = "0" -a -f $OUT ]; then
if [ "$?" = "0" -a -f $OUT.der ]; then
echo "Created: $OUT"
else
cat $TMP
echo "Failed: $OUT"
fi
openssl x509 -in $OUT.der -inform DER -outform PEM > $OUT.pem
rm $TMP
}
OUT=certs/test/cert-ext-nc.der
OUT=certs/test/cert-ext-nc
KEYFILE=certs/test/cert-ext-nc-key.der
CONFIG=certs/test/cert-ext-nc.cfg
tee >$CONFIG <<EOF
@ -47,7 +49,7 @@ EOF
gen_cert
OUT=certs/test/cert-ext-mnc.der
OUT=certs/test/cert-ext-mnc
KEYFILE=certs/test/cert-ext-mnc-key.der
CONFIG=certs/test/cert-ext-mnc.cfg
tee >$CONFIG <<EOF
@ -76,7 +78,7 @@ EOF
gen_cert
OUT=certs/test/cert-ext-ncdns.der
OUT=certs/test/cert-ext-ncdns
KEYFILE=certs/test/cert-ext-nc-key.der
CONFIG=certs/test/cert-ext-ncdns.cfg
tee >$CONFIG <<EOF
@ -104,7 +106,7 @@ nsComment = "Testing name constraints"
EOF
gen_cert
OUT=certs/test/cert-ext-ncmixed.der
OUT=certs/test/cert-ext-ncmixed
KEYFILE=certs/test/cert-ext-ncmixed-key.der
CONFIG=certs/test/cert-ext-ncmixed.cfg
tee >$CONFIG <<EOF
@ -132,7 +134,7 @@ nsComment = "Testing name constraints"
EOF
gen_cert
OUT=certs/test/cert-ext-ia.der
OUT=certs/test/cert-ext-ia
KEYFILE=certs/test/cert-ext-ia-key.der
CONFIG=certs/test/cert-ext-ia.cfg
tee >$CONFIG <<EOF
@ -157,7 +159,7 @@ nsComment = "Testing inhibit any"
EOF
gen_cert
OUT=certs/test/cert-ext-nct.der
OUT=certs/test/cert-ext-nct
KEYFILE=certs/test/cert-ext-mct-key.der
CONFIG=certs/test/cert-ext-nct.cfg
tee >$CONFIG <<EOF
@ -183,7 +185,7 @@ EOF
gen_cert
KEY=certs/ca-key.der
OUT=certs/test/cert-ext-ndir.der
OUT=certs/test/cert-ext-ndir
KEYFILE=certs/ca-key.der
CONFIG=certs/test/cert-ext-ndir.cfg
tee >$CONFIG <<EOF
@ -213,7 +215,7 @@ countryName = US
EOF
gen_cert
OUT=certs/test/cert-ext-ndir-exc.der
OUT=certs/test/cert-ext-ndir-exc
KEYFILE=certs/ca-key.der
CONFIG=certs/test/cert-ext-ndir-exc.cfg
tee >$CONFIG <<EOF
@ -244,7 +246,7 @@ stateOrProvinceName = California
EOF
gen_cert
OUT=certs/test/cert-ext-joi.der
OUT=certs/test/cert-ext-joi
KEYFILE=certs/ca-key.der
CONFIG=certs/test/cert-ext-joi.cfg
tee >$CONFIG <<EOF
@ -272,4 +274,34 @@ basicConstraints=CA:TRUE
EOF
gen_cert
OUT=certs/test/cert-ext-multiple
KEYFILE=certs/test/cert-ext-mct-key.der
CONFIG=certs/test/cert-ext-multiple.cfg
tee >$CONFIG <<EOF
[ req ]
distinguished_name = req_distinguished_name
prompt = no
x509_extensions = v3_ca
[ req_distinguished_name ]
C = AU
ST = Queensland
L = Brisbane
O = wolfSSL Inc
OU = Engineering
CN = www.wolfssl.com
emailAddress = support@wolfsssl.com
postalCode = 56-131
street = Main St
[ v3_ca ]
nsCertType = server
crlDistributionPoints = URI:http://www.wolfssl.com/crl.pem
extendedKeyUsage = serverAuth
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer:always
EOF
gen_cert

12
certs/test/include.am
View File

@ -5,22 +5,32 @@
EXTRA_DIST += \
certs/test/cert-ext-ia.cfg \
certs/test/cert-ext-ia.der \
certs/test/cert-ext-ia.pem \
certs/test/cert-ext-nc.cfg \
certs/test/cert-ext-nc.der \
certs/test/cert-ext-nc.pem \
certs/test/cert-ext-ncdns.der \
certs/test/cert-ext-ncmixed.der \
certs/test/cert-ext-mnc.der \
certs/test/cert-ext-nct.cfg \
certs/test/cert-ext-nct.der \
certs/test/cert-ext-nct.pem \
certs/test/cert-ext-ndir.cfg \
certs/test/cert-ext-ndir.der \
certs/test/cert-ext-ndir.pem \
certs/test/cert-ext-ns.der \
certs/test/cert-ext-ns.pem \
certs/test/cert-ext-ndir-exc.cfg \
certs/test/cert-ext-ndir-exc.der \
certs/test/cert-ext-ndir-exc.pem \
certs/test/gen-ext-certs.sh \
certs/test/server-duplicate-policy.pem \
certs/test/cert-ext-joi.der \
certs/test/cert-ext-joi.cfg
certs/test/cert-ext-joi.pem \
certs/test/cert-ext-joi.cfg \
certs/test/cert-ext-multiple.cfg \
certs/test/cert-ext-multiple.der \
certs/test/cert-ext-multiple.pem
# The certs/server-cert with the last byte (signature byte) changed
EXTRA_DIST += \

51
src/internal.c
View File

@ -3895,7 +3895,13 @@ void FreeX509(WOLFSSL_X509* x509)
XFREE(x509->sig.buffer, x509->heap, DYNAMIC_TYPE_SIGNATURE);
x509->sig.buffer = NULL;
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
XFREE(x509->authKeyId, x509->heap, DYNAMIC_TYPE_X509_EXT);
if (x509->authKeyIdSrc != NULL) {
XFREE(x509->authKeyIdSrc, x509->heap, DYNAMIC_TYPE_X509_EXT);
}
else {
XFREE(x509->authKeyId, x509->heap, DYNAMIC_TYPE_X509_EXT);
}
x509->authKeyIdSrc = NULL;
x509->authKeyId = NULL;
XFREE(x509->subjKeyId, x509->heap, DYNAMIC_TYPE_X509_EXT);
x509->subjKeyId = NULL;
@ -3903,6 +3909,10 @@ void FreeX509(WOLFSSL_X509* x509)
XFREE(x509->authInfo, x509->heap, DYNAMIC_TYPE_X509_EXT);
x509->authInfo = NULL;
}
if (x509->rawCRLInfo != NULL) {
XFREE(x509->rawCRLInfo, x509->heap, DYNAMIC_TYPE_X509_EXT);
x509->rawCRLInfo = NULL;
}
if (x509->CRLInfo != NULL) {
XFREE(x509->CRLInfo, x509->heap, DYNAMIC_TYPE_X509_EXT);
x509->CRLInfo = NULL;
@ -10649,6 +10659,17 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
x509->CRLdistSet = dCert->extCRLdistSet;
x509->CRLdistCrit = dCert->extCRLdistCrit;
if (dCert->extCrlInfoRaw != NULL && dCert->extCrlInfoRawSz > 0) {
x509->rawCRLInfo = (byte*)XMALLOC(dCert->extCrlInfoRawSz, x509->heap,
DYNAMIC_TYPE_X509_EXT);
if (x509->rawCRLInfo != NULL) {
XMEMCPY(x509->rawCRLInfo, dCert->extCrlInfoRaw, dCert->extCrlInfoRawSz);
x509->rawCRLInfoSz = dCert->extCrlInfoRawSz;
}
else {
ret = MEMORY_E;
}
}
if (dCert->extCrlInfo != NULL && dCert->extCrlInfoSz > 0) {
x509->CRLInfo = (byte*)XMALLOC(dCert->extCrlInfoSz, x509->heap,
DYNAMIC_TYPE_X509_EXT);
@ -10694,12 +10715,24 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
x509->authKeyIdSet = dCert->extAuthKeyIdSet;
x509->authKeyIdCrit = dCert->extAuthKeyIdCrit;
if (dCert->extAuthKeyIdSrc != NULL && dCert->extAuthKeyIdSz != 0) {
x509->authKeyId = (byte*)XMALLOC(dCert->extAuthKeyIdSz, x509->heap,
DYNAMIC_TYPE_X509_EXT);
if (x509->authKeyId != NULL) {
XMEMCPY(x509->authKeyId,
dCert->extAuthKeyIdSrc, dCert->extAuthKeyIdSz);
x509->authKeyIdSz = dCert->extAuthKeyIdSz;
if (dCert->extRawAuthKeyIdSrc != NULL &&
dCert->extAuthKeyIdSrc > dCert->extRawAuthKeyIdSrc &&
dCert->extAuthKeyIdSrc <
(dCert->extRawAuthKeyIdSrc + dCert->extRawAuthKeyIdSz)) {
/* Confirmed: extAuthKeyIdSrc points inside extRawAuthKeyIdSrc */
x509->authKeyIdSrc = (byte*)XMALLOC(dCert->extRawAuthKeyIdSz,
x509->heap, DYNAMIC_TYPE_X509_EXT);
if (x509->authKeyIdSrc != NULL) {
XMEMCPY(x509->authKeyIdSrc, dCert->extRawAuthKeyIdSrc,
dCert->extRawAuthKeyIdSz);
x509->authKeyIdSrcSz = dCert->extRawAuthKeyIdSz;
/* Set authKeyId to same offset inside authKeyIdSrc */
x509->authKeyId = x509->authKeyIdSrc +
(dCert->extAuthKeyIdSrc - dCert->extRawAuthKeyIdSrc);
x509->authKeyIdSz = dCert->extAuthKeyIdSz;
}
else
ret = MEMORY_E;
}
else
ret = MEMORY_E;
@ -10725,6 +10758,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
if (x509->extKeyUsageSrc != NULL) {
XMEMCPY(x509->extKeyUsageSrc, dCert->extExtKeyUsageSrc,
dCert->extExtKeyUsageSz);
x509->extKeyUsage = dCert->extExtKeyUsage;
x509->extKeyUsageSz = dCert->extExtKeyUsageSz;
x509->extKeyUsageCrit = dCert->extExtKeyUsageCrit;
x509->extKeyUsageCount = dCert->extExtKeyUsageCount;
@ -10733,6 +10767,9 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
ret = MEMORY_E;
}
}
#ifndef IGNORE_NETSCAPE_CERT_TYPE
x509->nsCertType = dCert->nsCertType;
#endif
#if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT)
x509->certPolicySet = dCert->extCertPolicySet;
x509->certPolicyCrit = dCert->extCertPolicyCrit;

101
src/ssl.c
View File

@ -8839,58 +8839,24 @@ unsigned int wolfSSL_X509_get_key_usage(WOLFSSL_X509* x509)
unsigned int wolfSSL_X509_get_extended_key_usage(WOLFSSL_X509* x509)
{
int ret = 0;
int rc;
word32 idx = 0;
word32 oid;
WOLFSSL_ENTER("wolfSSL_X509_get_extended_key_usage");
if (x509 == NULL) {
WOLFSSL_MSG("x509 is NULL");
}
else if (x509->extKeyUsageSrc != NULL) {
while (idx < x509->extKeyUsageSz) {
rc = GetObjectId(x509->extKeyUsageSrc, &idx, &oid,
oidCertKeyUseType, x509->extKeyUsageSz);
if (rc == ASN_UNKNOWN_OID_E) {
continue;
}
else if (rc < 0) {
WOLFSSL_MSG("GetObjectId failed");
ret = -1;
break;
}
switch (oid) {
case EKU_ANY_OID:
ret |= XKU_ANYEKU;
break;
case EKU_SERVER_AUTH_OID:
ret |= XKU_SSL_SERVER;
break;
case EKU_CLIENT_AUTH_OID:
ret |= XKU_SSL_CLIENT;
break;
case EKU_CODESIGNING_OID:
ret |= XKU_CODE_SIGN;
break;
case EKU_EMAILPROTECT_OID:
ret |= XKU_SMIME;
break;
case EKU_TIMESTAMP_OID:
ret |= XKU_TIMESTAMP;
break;
case EKU_OCSP_SIGN_OID:
ret |= XKU_OCSP_SIGN;
break;
default:
break;
}
}
}
else {
WOLFSSL_MSG("x509->extKeyUsageSrc is NULL");
ret = -1;
if (x509 != NULL) {
if (x509->extKeyUsage & EXTKEYUSE_OCSP_SIGN)
ret |= XKU_OCSP_SIGN;
if (x509->extKeyUsage & EXTKEYUSE_TIMESTAMP)
ret |= XKU_TIMESTAMP;
if (x509->extKeyUsage & EXTKEYUSE_EMAILPROT)
ret |= XKU_SMIME;
if (x509->extKeyUsage & EXTKEYUSE_CODESIGN)
ret |= XKU_CODE_SIGN;
if (x509->extKeyUsage & EXTKEYUSE_CLIENT_AUTH)
ret |= XKU_SSL_CLIENT;
if (x509->extKeyUsage & EXTKEYUSE_SERVER_AUTH)
ret |= XKU_SSL_SERVER;
if (x509->extKeyUsage & EXTKEYUSE_ANY)
ret |= XKU_ANYEKU;
}
WOLFSSL_LEAVE("wolfSSL_X509_get_extended_key_usage", ret);
@ -9792,6 +9758,13 @@ int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext, int lo
switch (ext->obj->type) {
case NID_authority_key_identifier:
if (x509->authKeyIdSrc != NULL) {
/* If authKeyId points into authKeyIdSrc then free it and
* revert to old functionality */
XFREE(x509->authKeyIdSrc, x509->heap, DYNAMIC_TYPE_X509_EXT);
x509->authKeyIdSrc = NULL;
x509->authKeyId = NULL;
}
if (asn1_string_copy_to_buffer(&ext->value, &x509->authKeyId,
&x509->authKeyIdSz, x509->heap) != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("asn1_string_copy_to_buffer error");
@ -31420,6 +31393,8 @@ const WOLFSSL_ObjectInfo wolfssl_object_info[] = {
{ NID_localityName, NID_localityName, oidCertNameType, "L", "localityName"},
{ NID_stateOrProvinceName, NID_stateOrProvinceName, oidCertNameType, "ST",
"stateOrProvinceName"},
{ NID_streetAddress, NID_streetAddress, oidCertNameType, "street",
"streetAddress"},
{ NID_organizationName, NID_organizationName, oidCertNameType, "O",
"organizationName"},
{ NID_organizationalUnitName, NID_organizationalUnitName, oidCertNameType,
@ -31436,6 +31411,7 @@ const WOLFSSL_ObjectInfo wolfssl_object_info[] = {
"jurisdictionCountryName"},
{ NID_jurisdictionStateOrProvinceName, NID_jurisdictionStateOrProvinceName,
oidCertNameType, "jurisdictionST", "jurisdictionStateOrProvinceName"},
{ NID_postalCode, NID_postalCode, oidCertNameType, "postalCode", "postalCode"},
#ifdef WOLFSSL_CERT_REQ
{ NID_pkcs9_challengePassword, CHALLENGE_PASSWORD_OID,
@ -41881,11 +41857,21 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
return WOLFSSL_FAILURE;
}
if (x509->authKeyIdSz < CTC_MAX_AKID_SIZE) {
if (x509->authKeyIdSz < sizeof(cert->akid)) {
#ifndef WOLFSSL_ASN_TEMPLATE
/* Not supported with WOLFSSL_ASN_TEMPLATE at the moment. */
if (x509->authKeyIdSrc) {
XMEMCPY(cert->akid, x509->authKeyIdSrc, x509->authKeyIdSrcSz);
cert->akidSz = (int)x509->authKeyIdSrcSz;
cert->rawAkid = 1;
}
else
#endif
if (x509->authKeyId) {
XMEMCPY(cert->akid, x509->authKeyId, x509->authKeyIdSz);
cert->akidSz = (int)x509->authKeyIdSz;
cert->rawAkid = 0;
}
cert->akidSz = (int)x509->authKeyIdSz;
}
else {
WOLFSSL_MSG("Auth Key ID too large");
@ -41906,6 +41892,17 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
cert->certPoliciesNb = (word16)x509->certPoliciesNb;
cert->keyUsage = x509->keyUsage;
cert->extKeyUsage = x509->extKeyUsage;
cert->nsCertType = x509->nsCertType;
if (x509->rawCRLInfo != NULL) {
if (x509->rawCRLInfoSz > CTC_MAX_CRLINFO_SZ) {
WOLFSSL_MSG("CRL Info too large");
return WOLFSSL_FAILURE;
}
XMEMCPY(cert->crlInfo, x509->rawCRLInfo, x509->rawCRLInfoSz);
cert->crlInfoSz = x509->rawCRLInfoSz;
}
#endif /* WOLFSSL_CERT_EXT */
#ifdef WOLFSSL_CERT_REQ
@ -42445,12 +42442,14 @@ static int ConvertNIDToWolfSSL(int nid)
case NID_countryName: return ASN_COUNTRY_NAME;
case NID_localityName: return ASN_LOCALITY_NAME;
case NID_stateOrProvinceName: return ASN_STATE_NAME;
case NID_streetAddress: return ASN_STREET_ADDR;
case NID_organizationName: return ASN_ORG_NAME;
case NID_organizationalUnitName: return ASN_ORGUNIT_NAME;
case NID_emailAddress: return ASN_EMAIL_NAME;
case NID_serialNumber: return ASN_SERIAL_NUMBER;
case NID_businessCategory: return ASN_BUS_CAT;
case NID_domainComponent: return ASN_DOMAIN_COMPONENT;
case NID_postalCode: return ASN_POSTAL_CODE;
default:
WOLFSSL_MSG("Attribute NID not found");
return -1;

417
tests/api.c
View File

@ -343,8 +343,11 @@
#endif
#if (defined(SESSION_CERTS) && defined(TEST_PEER_CERT_CHAIN)) || \
defined(HAVE_SESSION_TICKET)
/* for testing SSL_get_peer_cert_chain, or SESSION_TICKET_HINT_DEFAULT */
defined(HAVE_SESSION_TICKET) || (defined(OPENSSL_EXTRA) && \
defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) && \
!defined(WOLFSSL_ASN_TEMPLATE))
/* for testing SSL_get_peer_cert_chain, or SESSION_TICKET_HINT_DEFAULT,
* or for setting authKeyIdSrc in WOLFSSL_X509 */
#include "wolfssl/internal.h"
#endif
@ -35677,140 +35680,208 @@ static void test_wolfSSL_X509_sign2(void)
time_t t;
const unsigned char expected[] = {
0x30, 0x82, 0x04, 0x25, 0x30, 0x82, 0x03, 0x0D,
0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00,
0xF1, 0x5C, 0x99, 0x43, 0x66, 0x3D, 0x96, 0x04,
0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30,
0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03,
0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08,
0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E,
0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55,
0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65,
0x6D, 0x61, 0x6E, 0x31, 0x11, 0x30, 0x0F, 0x06,
0x03, 0x55, 0x04, 0x0A, 0x0C, 0x08, 0x53, 0x61,
0x77, 0x74, 0x6F, 0x6F, 0x74, 0x68, 0x31, 0x13,
0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C,
0x0A, 0x43, 0x6F, 0x6E, 0x73, 0x75, 0x6C, 0x74,
0x69, 0x6E, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06,
0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77,
0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73,
0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30,
0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7,
0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E,
0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73,
0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x1E,
0x17, 0x0D, 0x30, 0x30, 0x30, 0x32, 0x31, 0x35,
0x32, 0x30, 0x33, 0x30, 0x30, 0x30, 0x5A, 0x17,
0x0D, 0x30, 0x31, 0x30, 0x32, 0x31, 0x34, 0x32,
0x30, 0x33, 0x30, 0x30, 0x30, 0x5A, 0x30, 0x81,
0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55,
0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10,
0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C,
0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61,
0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04,
0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D,
0x61, 0x6E, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03,
0x55, 0x04, 0x0A, 0x0C, 0x0C, 0x77, 0x6F, 0x6C,
0x66, 0x53, 0x53, 0x4C, 0x5F, 0x32, 0x30, 0x34,
0x38, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55,
0x04, 0x0B, 0x0C, 0x10, 0x50, 0x72, 0x6F, 0x67,
0x72, 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x2D,
0x32, 0x30, 0x34, 0x38, 0x31, 0x18, 0x30, 0x16,
0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77,
0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73,
0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F,
0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69,
0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66,
0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30,
0x82, 0x01, 0x22, 0x30, 0x0D, 0x06, 0x09, 0x2A,
0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01,
0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00, 0x30,
0x82, 0x01, 0x0A, 0x02, 0x82, 0x01, 0x01, 0x00,
0xC3, 0x03, 0xD1, 0x2B, 0xFE, 0x39, 0xA4, 0x32,
0x45, 0x3B, 0x53, 0xC8, 0x84, 0x2B, 0x2A, 0x7C,
0x74, 0x9A, 0xBD, 0xAA, 0x2A, 0x52, 0x07, 0x47,
0xD6, 0xA6, 0x36, 0xB2, 0x07, 0x32, 0x8E, 0xD0,
0xBA, 0x69, 0x7B, 0xC6, 0xC3, 0x44, 0x9E, 0xD4,
0x81, 0x48, 0xFD, 0x2D, 0x68, 0xA2, 0x8B, 0x67,
0xBB, 0xA1, 0x75, 0xC8, 0x36, 0x2C, 0x4A, 0xD2,
0x1B, 0xF7, 0x8B, 0xBA, 0xCF, 0x0D, 0xF9, 0xEF,
0xEC, 0xF1, 0x81, 0x1E, 0x7B, 0x9B, 0x03, 0x47,
0x9A, 0xBF, 0x65, 0xCC, 0x7F, 0x65, 0x24, 0x69,
0xA6, 0xE8, 0x14, 0x89, 0x5B, 0xE4, 0x34, 0xF7,
0xC5, 0xB0, 0x14, 0x93, 0xF5, 0x67, 0x7B, 0x3A,
0x7A, 0x78, 0xE1, 0x01, 0x56, 0x56, 0x91, 0xA6,
0x13, 0x42, 0x8D, 0xD2, 0x3C, 0x40, 0x9C, 0x4C,
0xEF, 0xD1, 0x86, 0xDF, 0x37, 0x51, 0x1B, 0x0C,
0xA1, 0x3B, 0xF5, 0xF1, 0xA3, 0x4A, 0x35, 0xE4,
0xE1, 0xCE, 0x96, 0xDF, 0x1B, 0x7E, 0xBF, 0x4E,
0x97, 0xD0, 0x10, 0xE8, 0xA8, 0x08, 0x30, 0x81,
0xAF, 0x20, 0x0B, 0x43, 0x14, 0xC5, 0x74, 0x67,
0xB4, 0x32, 0x82, 0x6F, 0x8D, 0x86, 0xC2, 0x88,
0x40, 0x99, 0x36, 0x83, 0xBA, 0x1E, 0x40, 0x72,
0x22, 0x17, 0xD7, 0x52, 0x65, 0x24, 0x73, 0xB0,
0xCE, 0xEF, 0x19, 0xCD, 0xAE, 0xFF, 0x78, 0x6C,
0x7B, 0xC0, 0x12, 0x03, 0xD4, 0x4E, 0x72, 0x0D,
0x50, 0x6D, 0x3B, 0xA3, 0x3B, 0xA3, 0x99, 0x5E,
0x9D, 0xC8, 0xD9, 0x0C, 0x85, 0xB3, 0xD9, 0x8A,
0xD9, 0x54, 0x26, 0xDB, 0x6D, 0xFA, 0xAC, 0xBB,
0xFF, 0x25, 0x4C, 0xC4, 0xD1, 0x79, 0xF4, 0x71,
0xD3, 0x86, 0x40, 0x18, 0x13, 0xB0, 0x63, 0xB5,
0x72, 0x4E, 0x30, 0xC4, 0x97, 0x84, 0x86, 0x2D,
0x56, 0x2F, 0xD7, 0x15, 0xF7, 0x7F, 0xC0, 0xAE,
0xF5, 0xFC, 0x5B, 0xE5, 0xFB, 0xA1, 0xBA, 0xD3,
0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x6E, 0x30,
0x6C, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13,
0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30,
0x1C, 0x06, 0x03, 0x55, 0x1D, 0x11, 0x04, 0x15,
0x30, 0x13, 0x82, 0x0B, 0x65, 0x78, 0x61, 0x6D,
0x70, 0x6C, 0x65, 0x2E, 0x63, 0x6F, 0x6D, 0x87,
0x04, 0x7F, 0x00, 0x00, 0x01, 0x30, 0x1D, 0x06,
0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14,
0x33, 0xD8, 0x45, 0x66, 0xD7, 0x68, 0x87, 0x18,
0x7E, 0x54, 0x0D, 0x70, 0x27, 0x91, 0xC7, 0x26,
0xD7, 0x85, 0x65, 0xC0, 0x30, 0x1F, 0x06, 0x03,
0x55, 0x1D, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80,
0x14, 0x33, 0xD8, 0x45, 0x66, 0xD7, 0x68, 0x87,
0x18, 0x7E, 0x54, 0x0D, 0x70, 0x27, 0x91, 0xC7,
0x26, 0xD7, 0x85, 0x65, 0xC0, 0x30, 0x0D, 0x06,
0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01,
0x01, 0x0B, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01,
0x00, 0x79, 0x81, 0x5D, 0xAB, 0xDB, 0x44, 0x70,
0xD6, 0x39, 0x4F, 0xA6, 0xBA, 0x09, 0x99, 0xBB,
0xCB, 0x82, 0xF9, 0x17, 0x34, 0xBD, 0x3E, 0xB1,
0x18, 0xA8, 0xF9, 0x10, 0x16, 0x2A, 0xE0, 0x74,
0xC6, 0xCF, 0xB3, 0x5F, 0xC6, 0x2C, 0xFB, 0xE3,
0x5D, 0x38, 0x2B, 0x99, 0x02, 0x98, 0x9D, 0x55,
0x95, 0x65, 0xC3, 0xEB, 0x77, 0x13, 0xA0, 0x75,
0x35, 0x68, 0x1F, 0x08, 0xE8, 0x82, 0x3E, 0xF1,
0xEF, 0x4B, 0xE7, 0x6E, 0xAD, 0xC1, 0x7C, 0x57,
0xCE, 0xF5, 0x24, 0x4E, 0x2F, 0xC4, 0xF7, 0x46,
0xED, 0x0E, 0x27, 0x1D, 0xD2, 0x12, 0x5D, 0x9A,
0xE5, 0x82, 0xB8, 0x92, 0x42, 0x8F, 0x9E, 0x4D,
0x9B, 0x31, 0x85, 0x2E, 0xE0, 0x5E, 0x83, 0xFB,
0xA4, 0x33, 0x32, 0x34, 0x2A, 0xAD, 0x38, 0x7A,
0x6D, 0xD5, 0x02, 0xAE, 0x77, 0xCB, 0x26, 0x76,
0x7B, 0xFA, 0xE0, 0x91, 0x9B, 0x6F, 0xF4, 0xC4,
0xA1, 0x54, 0xB1, 0x13, 0x80, 0x6E, 0xFB, 0x70,
0x4C, 0x7F, 0x4F, 0x58, 0x39, 0xFA, 0x5B, 0x3D,
0x60, 0x63, 0xDF, 0xEF, 0x90, 0xB3, 0x9B, 0x9A,
0xEE, 0x8E, 0x34, 0xFB, 0x8B, 0x75, 0x5F, 0xC7,
0xE4, 0xDB, 0x7C, 0x63, 0x84, 0xE4, 0x6C, 0xC7,
0xD8, 0xC8, 0xA9, 0xA4, 0x42, 0x64, 0x93, 0x65,
0x17, 0x58, 0xC2, 0x51, 0x3E, 0x8E, 0x2A, 0x68,
0x37, 0xC6, 0x59, 0x75, 0x68, 0xD4, 0x16, 0x6A,
0x17, 0x87, 0xC0, 0xA8, 0x9A, 0x1F, 0x07, 0xCF,
0x43, 0x58, 0xF4, 0xEA, 0xFE, 0xFB, 0xB2, 0x3F,
0x7E, 0xC0, 0xF4, 0x83, 0x67, 0x85, 0x30, 0xF2,
0xE1, 0x60, 0x37, 0x39, 0x45, 0x2A, 0x21, 0x51,
0x0C, 0x4F, 0xFB, 0x0C, 0x0A, 0xFA, 0x7D, 0xD9,
0xB4, 0x72, 0x86, 0x9C, 0x0D, 0x2A, 0x25, 0x0E,
0xBB, 0x45, 0xEC, 0x5D, 0xFB, 0x7A, 0xAA, 0x67,
0x49, 0x4F, 0x36, 0xAB, 0xDE, 0x4B, 0x57, 0x35,
0xF3
#ifndef WOLFSSL_ASN_TEMPLATE
0x30, 0x82, 0x04, 0xfd, 0x30, 0x82, 0x03, 0xe5, 0xa0, 0x03, 0x02, 0x01,
0x02, 0x02, 0x09, 0x00, 0xf1, 0x5c, 0x99, 0x43, 0x66, 0x3d, 0x96, 0x04,
0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
0x0b, 0x05, 0x00, 0x30, 0x81, 0x94, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,
0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06,
0x03, 0x55, 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e,
0x61, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07,
0x42, 0x6f, 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x11, 0x30, 0x0f, 0x06,
0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6f, 0x6f,
0x74, 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c,
0x0a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x74, 0x69, 0x6e, 0x67, 0x31,
0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x77,
0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f,
0x6d, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77,
0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e,
0x17, 0x0d, 0x30, 0x30, 0x30, 0x32, 0x31, 0x35, 0x32, 0x30, 0x33, 0x30,
0x30, 0x30, 0x5a, 0x17, 0x0d, 0x30, 0x31, 0x30, 0x32, 0x31, 0x34, 0x32,
0x30, 0x33, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x81, 0x9e, 0x31, 0x0b, 0x30,
0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10,
0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e,
0x74, 0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04,
0x07, 0x0c, 0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x15,
0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0c, 0x77, 0x6f, 0x6c,
0x66, 0x53, 0x53, 0x4c, 0x5f, 0x32, 0x30, 0x34, 0x38, 0x31, 0x19, 0x30,
0x17, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x10, 0x50, 0x72, 0x6f, 0x67,
0x72, 0x61, 0x6d, 0x6d, 0x69, 0x6e, 0x67, 0x2d, 0x32, 0x30, 0x34, 0x38,
0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77,
0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63,
0x6f, 0x6d, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40,
0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30,
0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30,
0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc3, 0x03, 0xd1, 0x2b,
0xfe, 0x39, 0xa4, 0x32, 0x45, 0x3b, 0x53, 0xc8, 0x84, 0x2b, 0x2a, 0x7c,
0x74, 0x9a, 0xbd, 0xaa, 0x2a, 0x52, 0x07, 0x47, 0xd6, 0xa6, 0x36, 0xb2,
0x07, 0x32, 0x8e, 0xd0, 0xba, 0x69, 0x7b, 0xc6, 0xc3, 0x44, 0x9e, 0xd4,
0x81, 0x48, 0xfd, 0x2d, 0x68, 0xa2, 0x8b, 0x67, 0xbb, 0xa1, 0x75, 0xc8,
0x36, 0x2c, 0x4a, 0xd2, 0x1b, 0xf7, 0x8b, 0xba, 0xcf, 0x0d, 0xf9, 0xef,
0xec, 0xf1, 0x81, 0x1e, 0x7b, 0x9b, 0x03, 0x47, 0x9a, 0xbf, 0x65, 0xcc,
0x7f, 0x65, 0x24, 0x69, 0xa6, 0xe8, 0x14, 0x89, 0x5b, 0xe4, 0x34, 0xf7,
0xc5, 0xb0, 0x14, 0x93, 0xf5, 0x67, 0x7b, 0x3a, 0x7a, 0x78, 0xe1, 0x01,
0x56, 0x56, 0x91, 0xa6, 0x13, 0x42, 0x8d, 0xd2, 0x3c, 0x40, 0x9c, 0x4c,
0xef, 0xd1, 0x86, 0xdf, 0x37, 0x51, 0x1b, 0x0c, 0xa1, 0x3b, 0xf5, 0xf1,
0xa3, 0x4a, 0x35, 0xe4, 0xe1, 0xce, 0x96, 0xdf, 0x1b, 0x7e, 0xbf, 0x4e,
0x97, 0xd0, 0x10, 0xe8, 0xa8, 0x08, 0x30, 0x81, 0xaf, 0x20, 0x0b, 0x43,
0x14, 0xc5, 0x74, 0x67, 0xb4, 0x32, 0x82, 0x6f, 0x8d, 0x86, 0xc2, 0x88,
0x40, 0x99, 0x36, 0x83, 0xba, 0x1e, 0x40, 0x72, 0x22, 0x17, 0xd7, 0x52,
0x65, 0x24, 0x73, 0xb0, 0xce, 0xef, 0x19, 0xcd, 0xae, 0xff, 0x78, 0x6c,
0x7b, 0xc0, 0x12, 0x03, 0xd4, 0x4e, 0x72, 0x0d, 0x50, 0x6d, 0x3b, 0xa3,
0x3b, 0xa3, 0x99, 0x5e, 0x9d, 0xc8, 0xd9, 0x0c, 0x85, 0xb3, 0xd9, 0x8a,
0xd9, 0x54, 0x26, 0xdb, 0x6d, 0xfa, 0xac, 0xbb, 0xff, 0x25, 0x4c, 0xc4,
0xd1, 0x79, 0xf4, 0x71, 0xd3, 0x86, 0x40, 0x18, 0x13, 0xb0, 0x63, 0xb5,
0x72, 0x4e, 0x30, 0xc4, 0x97, 0x84, 0x86, 0x2d, 0x56, 0x2f, 0xd7, 0x15,
0xf7, 0x7f, 0xc0, 0xae, 0xf5, 0xfc, 0x5b, 0xe5, 0xfb, 0xa1, 0xba, 0xd3,
0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x44, 0x30, 0x82, 0x01,
0x40, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03,
0x01, 0x01, 0xff, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x15,
0x30, 0x13, 0x82, 0x0b, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e,
0x63, 0x6f, 0x6d, 0x87, 0x04, 0x7f, 0x00, 0x00, 0x01, 0x30, 0x1d, 0x06,
0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x33, 0xd8, 0x45, 0x66,
0xd7, 0x68, 0x87, 0x18, 0x7e, 0x54, 0x0d, 0x70, 0x27, 0x91, 0xc7, 0x26,
0xd7, 0x85, 0x65, 0xc0, 0x30, 0x81, 0xd3, 0x06, 0x03, 0x55, 0x1d, 0x23,
0x04, 0x81, 0xcb, 0x30, 0x81, 0xc8, 0x80, 0x14, 0x33, 0xd8, 0x45, 0x66,
0xd7, 0x68, 0x87, 0x18, 0x7e, 0x54, 0x0d, 0x70, 0x27, 0x91, 0xc7, 0x26,
0xd7, 0x85, 0x65, 0xc0, 0xa1, 0x81, 0xa4, 0xa4, 0x81, 0xa1, 0x30, 0x81,
0x9e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c,
0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e,
0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d,
0x61, 0x6e, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c,
0x0c, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x5f, 0x32, 0x30, 0x34,
0x38, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x10,
0x50, 0x72, 0x6f, 0x67, 0x72, 0x61, 0x6d, 0x6d, 0x69, 0x6e, 0x67, 0x2d,
0x32, 0x30, 0x34, 0x38, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04,
0x03, 0x0c, 0x0f, 0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73,
0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09,
0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69,
0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e,
0x63, 0x6f, 0x6d, 0x82, 0x09, 0x00, 0xf1, 0x5c, 0x99, 0x43, 0x66, 0x3d,
0x96, 0x04, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x16, 0x30,
0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06,
0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0d, 0x06,
0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00,
0x03, 0x82, 0x01, 0x01, 0x00, 0x59, 0x2e, 0xd1, 0xec, 0xbc, 0x99, 0xfe,
0x50, 0x38, 0x47, 0x47, 0x88, 0x51, 0xcf, 0xe4, 0x88, 0x76, 0xdf, 0x89,
0x8f, 0xea, 0x91, 0xbc, 0xd6, 0xc6, 0x91, 0xc9, 0xcc, 0x33, 0x77, 0x5d,
0xdd, 0x4b, 0xc9, 0xf6, 0x10, 0x54, 0xe2, 0x04, 0x89, 0x51, 0xdb, 0xe1,
0x00, 0x0c, 0x61, 0x03, 0x26, 0x86, 0x35, 0xac, 0x96, 0x23, 0x9d, 0xef,
0xd9, 0x95, 0xe4, 0xb4, 0x83, 0x9e, 0x0f, 0x47, 0x30, 0x08, 0x96, 0x28,
0x7f, 0x2d, 0xe3, 0x23, 0x30, 0x3b, 0xb0, 0x46, 0xe8, 0x21, 0x78, 0xb4,
0xc0, 0xbc, 0x9f, 0x60, 0x02, 0xd4, 0x16, 0x2d, 0xe5, 0x5a, 0x00, 0x65,
0x15, 0x95, 0x81, 0x93, 0x80, 0x06, 0x3e, 0xf7, 0xdf, 0x0c, 0x2b, 0x3f,
0x14, 0xfc, 0xc3, 0x79, 0xfd, 0x59, 0x5c, 0xa7, 0xc3, 0xe0, 0xa8, 0xd4,
0x53, 0x4f, 0x13, 0x0a, 0xa3, 0xfe, 0x1d, 0x63, 0x4e, 0x84, 0xb2, 0x98,
0x19, 0x06, 0xe0, 0x60, 0x3a, 0xc9, 0x49, 0x73, 0x00, 0xe3, 0x72, 0x2f,
0x68, 0x27, 0x9f, 0x14, 0x18, 0xb7, 0x57, 0xb9, 0x1d, 0xa8, 0xb3, 0x05,
0x6c, 0xf5, 0x4b, 0x0e, 0xac, 0x26, 0x7a, 0xfe, 0xc1, 0xab, 0x1f, 0x27,
0xf1, 0x1e, 0x21, 0x33, 0x31, 0xb6, 0x43, 0xb0, 0xf8, 0x74, 0x69, 0x6a,
0xb1, 0x9b, 0xcb, 0xe4, 0xd3, 0xa2, 0x8e, 0x8a, 0x55, 0xef, 0x81, 0xf3,
0x4a, 0x44, 0x90, 0x4d, 0x08, 0xb8, 0x31, 0x90, 0x1a, 0x82, 0x52, 0x56,
0xeb, 0xf0, 0x50, 0x5b, 0x9f, 0x87, 0x98, 0x54, 0xfe, 0x6a, 0x60, 0x41,
0x16, 0xdb, 0xdc, 0xff, 0x89, 0x4c, 0x98, 0x00, 0xb1, 0x87, 0x6c, 0xe7,
0xec, 0xba, 0x3b, 0xa4, 0xfe, 0xa1, 0xfd, 0x26, 0x19, 0x7c, 0x2d, 0x14,
0x91, 0x91, 0x61, 0x30, 0x3e, 0xf4, 0x5c, 0x97, 0x4c, 0x06, 0x84, 0xab,
0x94, 0xa8, 0x17, 0x6c, 0xec, 0x19, 0xc0, 0x87, 0xd0
#else
0x30, 0x82, 0x04, 0x46, 0x30, 0x82, 0x03, 0x2e, 0xa0, 0x03, 0x02, 0x01,
0x02, 0x02, 0x09, 0x00, 0xf1, 0x5c, 0x99, 0x43, 0x66, 0x3d, 0x96, 0x04,
0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
0x0b, 0x05, 0x00, 0x30, 0x81, 0x94, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,
0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06,
0x03, 0x55, 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e,
0x61, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07,
0x42, 0x6f, 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x11, 0x30, 0x0f, 0x06,
0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6f, 0x6f,
0x74, 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c,
0x0a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x74, 0x69, 0x6e, 0x67, 0x31,
0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x77,
0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f,
0x6d, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77,
0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e,
0x17, 0x0d, 0x30, 0x30, 0x30, 0x32, 0x31, 0x35, 0x32, 0x30, 0x33, 0x30,
0x30, 0x30, 0x5a, 0x17, 0x0d, 0x30, 0x31, 0x30, 0x32, 0x31, 0x34, 0x32,
0x30, 0x33, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x81, 0x9e, 0x31, 0x0b, 0x30,
0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10,
0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e,
0x74, 0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04,
0x07, 0x0c, 0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x15,
0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0c, 0x77, 0x6f, 0x6c,
0x66, 0x53, 0x53, 0x4c, 0x5f, 0x32, 0x30, 0x34, 0x38, 0x31, 0x19, 0x30,
0x17, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x10, 0x50, 0x72, 0x6f, 0x67,
0x72, 0x61, 0x6d, 0x6d, 0x69, 0x6e, 0x67, 0x2d, 0x32, 0x30, 0x34, 0x38,
0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77,
0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63,
0x6f, 0x6d, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40,
0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30,
0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30,
0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc3, 0x03, 0xd1, 0x2b,
0xfe, 0x39, 0xa4, 0x32, 0x45, 0x3b, 0x53, 0xc8, 0x84, 0x2b, 0x2a, 0x7c,
0x74, 0x9a, 0xbd, 0xaa, 0x2a, 0x52, 0x07, 0x47, 0xd6, 0xa6, 0x36, 0xb2,
0x07, 0x32, 0x8e, 0xd0, 0xba, 0x69, 0x7b, 0xc6, 0xc3, 0x44, 0x9e, 0xd4,
0x81, 0x48, 0xfd, 0x2d, 0x68, 0xa2, 0x8b, 0x67, 0xbb, 0xa1, 0x75, 0xc8,
0x36, 0x2c, 0x4a, 0xd2, 0x1b, 0xf7, 0x8b, 0xba, 0xcf, 0x0d, 0xf9, 0xef,
0xec, 0xf1, 0x81, 0x1e, 0x7b, 0x9b, 0x03, 0x47, 0x9a, 0xbf, 0x65, 0xcc,
0x7f, 0x65, 0x24, 0x69, 0xa6, 0xe8, 0x14, 0x89, 0x5b, 0xe4, 0x34, 0xf7,
0xc5, 0xb0, 0x14, 0x93, 0xf5, 0x67, 0x7b, 0x3a, 0x7a, 0x78, 0xe1, 0x01,
0x56, 0x56, 0x91, 0xa6, 0x13, 0x42, 0x8d, 0xd2, 0x3c, 0x40, 0x9c, 0x4c,
0xef, 0xd1, 0x86, 0xdf, 0x37, 0x51, 0x1b, 0x0c, 0xa1, 0x3b, 0xf5, 0xf1,
0xa3, 0x4a, 0x35, 0xe4, 0xe1, 0xce, 0x96, 0xdf, 0x1b, 0x7e, 0xbf, 0x4e,
0x97, 0xd0, 0x10, 0xe8, 0xa8, 0x08, 0x30, 0x81, 0xaf, 0x20, 0x0b, 0x43,
0x14, 0xc5, 0x74, 0x67, 0xb4, 0x32, 0x82, 0x6f, 0x8d, 0x86, 0xc2, 0x88,
0x40, 0x99, 0x36, 0x83, 0xba, 0x1e, 0x40, 0x72, 0x22, 0x17, 0xd7, 0x52,
0x65, 0x24, 0x73, 0xb0, 0xce, 0xef, 0x19, 0xcd, 0xae, 0xff, 0x78, 0x6c,
0x7b, 0xc0, 0x12, 0x03, 0xd4, 0x4e, 0x72, 0x0d, 0x50, 0x6d, 0x3b, 0xa3,
0x3b, 0xa3, 0x99, 0x5e, 0x9d, 0xc8, 0xd9, 0x0c, 0x85, 0xb3, 0xd9, 0x8a,
0xd9, 0x54, 0x26, 0xdb, 0x6d, 0xfa, 0xac, 0xbb, 0xff, 0x25, 0x4c, 0xc4,
0xd1, 0x79, 0xf4, 0x71, 0xd3, 0x86, 0x40, 0x18, 0x13, 0xb0, 0x63, 0xb5,
0x72, 0x4e, 0x30, 0xc4, 0x97, 0x84, 0x86, 0x2d, 0x56, 0x2f, 0xd7, 0x15,
0xf7, 0x7f, 0xc0, 0xae, 0xf5, 0xfc, 0x5b, 0xe5, 0xfb, 0xa1, 0xba, 0xd3,
0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x81, 0x8e, 0x30, 0x81, 0x8b, 0x30,
0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01,
0xff, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x15, 0x30, 0x13,
0x87, 0x04, 0x7f, 0x00, 0x00, 0x01, 0x82, 0x0b, 0x65, 0x78, 0x61, 0x6d,
0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1d, 0x06, 0x03, 0x55,
0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x33, 0xd8, 0x45, 0x66, 0xd7, 0x68,
0x87, 0x18, 0x7e, 0x54, 0x0d, 0x70, 0x27, 0x91, 0xc7, 0x26, 0xd7, 0x85,
0x65, 0xc0, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30,
0x16, 0x80, 0x14, 0x33, 0xd8, 0x45, 0x66, 0xd7, 0x68, 0x87, 0x18, 0x7e,
0x54, 0x0d, 0x70, 0x27, 0x91, 0xc7, 0x26, 0xd7, 0x85, 0x65, 0xc0, 0x30,
0x1d, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08,
0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06,
0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86,
0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01,
0x01, 0x00, 0x74, 0x83, 0x39, 0xc0, 0x03, 0x76, 0xfa, 0xdd, 0x8b, 0x00,
0xfa, 0xaa, 0x5b, 0xdb, 0x56, 0xef, 0x2c, 0x26, 0x9a, 0xc2, 0x07, 0xdb,
0xfd, 0x10, 0xd0, 0x55, 0xb9, 0xe2, 0x9e, 0xe7, 0x34, 0x26, 0x8b, 0xd2,
0x62, 0x49, 0x86, 0x93, 0x8c, 0x6c, 0x41, 0x02, 0xdf, 0x7e, 0x99, 0xf7,
0x7e, 0x1f, 0xda, 0x08, 0xad, 0x4d, 0x91, 0xdf, 0x11, 0x39, 0x6d, 0x90,
0xf5, 0xfe, 0x91, 0xee, 0xc7, 0x44, 0xd2, 0x0f, 0xd1, 0x2d, 0xe2, 0xb8,
0xf2, 0x89, 0x50, 0x9f, 0x55, 0xf3, 0x44, 0x44, 0x07, 0xd9, 0xd9, 0x71,
0x68, 0xe6, 0xd6, 0xa8, 0x09, 0x01, 0xe6, 0x03, 0xd4, 0x5a, 0x57, 0xf3,
0x8a, 0xab, 0x53, 0xe7, 0x71, 0x03, 0x65, 0xe3, 0x20, 0x57, 0xaf, 0x2a,
0xbb, 0xc0, 0x1f, 0xe3, 0x2a, 0xcf, 0xbd, 0x39, 0x26, 0x4d, 0x58, 0x18,
0x8c, 0x98, 0x22, 0x42, 0xf0, 0xaa, 0x20, 0x8f, 0xa2, 0x4c, 0x81, 0x8b,
0xe1, 0x4a, 0xa4, 0xb1, 0x4e, 0x22, 0x8f, 0x09, 0xd9, 0x4c, 0x9d, 0x35,
0xc7, 0x92, 0xc7, 0x77, 0xaf, 0x42, 0x0b, 0x38, 0x2c, 0xeb, 0xb8, 0xd4,
0x67, 0xa6, 0xd4, 0x70, 0x79, 0x0f, 0x9a, 0xf9, 0xad, 0xd4, 0x7b, 0x21,
0x25, 0xb5, 0xa6, 0xa1, 0x7b, 0xf5, 0xb4, 0x1d, 0x06, 0x9a, 0xad, 0xeb,
0xc5, 0xe4, 0x39, 0xd6, 0xea, 0xd9, 0x15, 0xbf, 0x49, 0x32, 0x97, 0xe5,
0x52, 0x52, 0x11, 0x7e, 0x2b, 0x32, 0x07, 0x44, 0x81, 0x37, 0x2e, 0xd4,
0xa4, 0x1e, 0x32, 0xbf, 0x2f, 0xbd, 0xac, 0xcc, 0xb3, 0x77, 0x82, 0xae,
0xbb, 0xf0, 0x37, 0xc0, 0x10, 0x4b, 0x64, 0xcf, 0x8e, 0xd7, 0x25, 0x59,
0xf8, 0xaa, 0x83, 0xad, 0xeb, 0x7d, 0x00, 0x8b, 0x3e, 0xb8, 0x91, 0x3c,
0x6c, 0x4c, 0x35, 0x53, 0x36, 0xa4, 0x02, 0xb8, 0xbe, 0x2d, 0x34, 0xb4,
0x26, 0x03, 0x6b, 0x92, 0x2e, 0xd6
#endif
};
printf(testingFmt, "wolfSSL_X509_sign2");
@ -37526,6 +37597,79 @@ static void test_wolfSSL_i2t_ASN1_OBJECT(void)
#endif /* OPENSSL_EXTRA && WOLFSSL_CERT_EXT && WOLFSSL_CERT_GEN */
}
static void test_wolfSSL_PEM_write_bio_X509(void)
{
#if defined(OPENSSL_EXTRA) && \
defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)
/* This test contains the hard coded expected
* lengths. Update if necessary */
BIO* input;
BIO* output;
X509* x509 = NULL;
printf(testingFmt, "wolfSSL_PEM_write_bio_X509()");
AssertNotNull(input = BIO_new_file(
"certs/test/cert-ext-multiple.pem", "rb"));
AssertIntEQ(wolfSSL_BIO_get_len(input), 2004);
AssertNotNull(output = BIO_new(wolfSSL_BIO_s_mem()));
AssertNotNull(PEM_read_bio_X509(input, &x509, NULL, NULL));
AssertIntEQ(PEM_write_bio_X509(output, x509), WOLFSSL_SUCCESS);
#ifndef WOLFSSL_ASN_TEMPLATE
/* WOLFSSL_ASN_TEMPLATE doesn't support writing the full AKID */
/* Check that we generate the same output as was the input. */
AssertIntEQ(wolfSSL_BIO_get_len(output),
#ifdef WOLFSSL_ALT_NAMES
/* Here we copy the validity struct from the original */
2004
#else
/* Only difference is that we generate the validity in generalized
* time. Generating UTCTime vs Generalized time should be fixed in
* the future */
2009
#endif
);
/* Reset output buffer */
BIO_free(output);
AssertNotNull(output = BIO_new(wolfSSL_BIO_s_mem()));
/* Test forcing the AKID to be generated just from KeyIdentifier */
if (x509->authKeyIdSrc != NULL) {
XMEMMOVE(x509->authKeyIdSrc, x509->authKeyId, x509->authKeyIdSz);
x509->authKeyId = x509->authKeyIdSrc;
x509->authKeyIdSrc = NULL;
x509->authKeyIdSrcSz = 0;
}
AssertIntEQ(PEM_write_bio_X509(output, x509), WOLFSSL_SUCCESS);
#endif
/* Check that we generate a smaller output since the AKID will
* only contain the KeyIdentifier without any additional
* information */
AssertIntEQ(wolfSSL_BIO_get_len(output),
#ifdef WOLFSSL_ALT_NAMES
/* Here we copy the validity struct from the original */
1692
#else
/* UTCTime vs Generalized time */
1696
#endif
);
BIO_free(input);
BIO_free(output);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_NAME_ENTRY(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \
@ -51454,6 +51598,7 @@ void ApiTest(void)
test_wolfSSL_OBJ_txt2nid();
test_wolfSSL_OBJ_txt2obj();
test_wolfSSL_i2t_ASN1_OBJECT();
test_wolfSSL_PEM_write_bio_X509();
test_wolfSSL_X509_NAME_ENTRY();
test_wolfSSL_X509_set_name();
test_wolfSSL_X509_set_notAfter();

486
wolfcrypt/src/asn.c
View File

@ -3239,7 +3239,7 @@ word32 SetBitString(word32 len, byte unusedBits, byte* output)
idx += ASN_TAG_SZ;
/* Encode length - passing NULL for output will not encode.
* Add one to length for unsued bits. */
* Add one to length for unused bits. */
idx += SetLength(len + 1, output ? output + idx : NULL);
if (output) {
/* Write out unused bits. */
@ -10113,8 +10113,6 @@ static int GetHashId(const byte* id, int length, byte* hash)
#endif /* !NO_CERTS */
#ifdef WOLFSSL_ASN_TEMPLATE
/* Id for street address - not used. */
#define ASN_STREET 9
/* Id for email address. */
#define ASN_EMAIL 0x100
/* Id for user id. */
@ -10146,6 +10144,10 @@ static int GetHashId(const byte* id, int length, byte* hash)
#define GetCertNameSubjectNID(id) \
(certNameSubject[(id) - 3].nid)
#define ValidCertNameSubject(id) \
((id - 3) >= 0 && (id - 3) < certNameSubjectSz && \
(certNameSubject[(id) - 3].strLen > 0))
/* Mapping of certificate name component to useful information. */
typedef struct CertNameData {
/* Type string of name component. */
@ -10240,16 +10242,16 @@ static const CertNameData certNameSubject[] = {
NID_stateOrProvinceName
#endif
},
/* Undefined - Street */
/* Street Address */
{
NULL, 0,
"/street=", 8,
#ifdef WOLFSSL_CERT_GEN
0,
0,
0,
OFFSETOF(DecodedCert, subjectStreet),
OFFSETOF(DecodedCert, subjectStreetLen),
OFFSETOF(DecodedCert, subjectStreetEnc),
#endif
#ifdef WOLFSSL_X509_NAME_AVAILABLE
0,
NID_streetAddress
#endif
},
/* Organization Name */
@ -10328,10 +10330,43 @@ static const CertNameData certNameSubject[] = {
#endif
#ifdef WOLFSSL_X509_NAME_AVAILABLE
NID_businessCategory
#endif
},
/* Undefined */
{
NULL, 0,
#ifdef WOLFSSL_CERT_GEN
0,
0,
0,
#endif
#ifdef WOLFSSL_X509_NAME_AVAILABLE
0,
#endif
},
/* Postal Code */
{
"/postalCode=", 12,
#ifdef WOLFSSL_CERT_GEN
#ifdef WOLFSSL_CERT_EXT
OFFSETOF(DecodedCert, subjectPC),
OFFSETOF(DecodedCert, subjectPCLen),
OFFSETOF(DecodedCert, subjectPCEnc),
#else
0,
0,
0,
#endif
#endif
#ifdef WOLFSSL_X509_NAME_AVAILABLE
NID_postalCode
#endif
},
};
static const int certNameSubjectSz =
sizeof(certNameSubject) / sizeof(CertNameData);
/* Full email OID. */
static const byte emailOid[] = {
0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01
@ -10527,8 +10562,7 @@ static int GetRDN(DecodedCert* cert, char* full, word32* idx, int* nid,
if ((oidSz == 3) && (oid[0] == 0x55) && (oid[1] == 0x04)) {
id = oid[2];
/* Check range of supported ids in table. */
if (((id >= ASN_COMMON_NAME) && (id <= ASN_ORGUNIT_NAME) &&
(id != ASN_STREET)) || (id == ASN_BUS_CAT)) {
if (ValidCertNameSubject(id)) {
/* Get the type string, length and NID from table. */
typeStr = GetCertNameSubjectStr(id);
typeStrLen = GetCertNameSubjectStrLen(id);
@ -10593,6 +10627,9 @@ static int GetRDN(DecodedCert* cert, char* full, word32* idx, int* nid,
WOLFSSL_MSG("Unknown Jurisdiction, skipping");
}
}
else {
ret = 0;
}
if ((ret == 0) && (typeStr != NULL)) {
/* OID type to store for subject name and add to full string. */
@ -10838,6 +10875,22 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
nid = NID_stateOrProvinceName;
#endif /* OPENSSL_EXTRA */
}
else if (id == ASN_STREET_ADDR) {
copy = WOLFSSL_STREET_ADDR_NAME;
copyLen = sizeof(WOLFSSL_STREET_ADDR_NAME) - 1;
#ifdef WOLFSSL_CERT_GEN
if (nameType == SUBJECT) {
cert->subjectStreet = (char*)&input[srcIdx];
cert->subjectStreetLen = strLen;
cert->subjectStreetEnc = b;
}
#endif /* WOLFSSL_CERT_GEN */
#if (defined(OPENSSL_EXTRA) || \
defined(OPENSSL_EXTRA_X509_SMALL)) \
&& !defined(WOLFCRYPT_ONLY)
nid = NID_streetAddress;
#endif /* OPENSSL_EXTRA */
}
else if (id == ASN_ORG_NAME) {
copy = WOLFSSL_ORG_NAME;
copyLen = sizeof(WOLFSSL_ORG_NAME) - 1;
@ -10903,6 +10956,22 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
#endif /* OPENSSL_EXTRA */
}
#endif /* WOLFSSL_CERT_EXT */
else if (id == ASN_POSTAL_CODE) {
copy = WOLFSSL_POSTAL_NAME;
copyLen = sizeof(WOLFSSL_POSTAL_NAME) - 1;
#ifdef WOLFSSL_CERT_GEN
if (nameType == SUBJECT) {
cert->subjectPC = (char*)&input[srcIdx];
cert->subjectPCLen = strLen;
cert->subjectPCEnc = b;
}
#endif /* WOLFSSL_CERT_GEN */
#if (defined(OPENSSL_EXTRA) || \
defined(OPENSSL_EXTRA_X509_SMALL)) \
&& !defined(WOLFCRYPT_ONLY)
nid = NID_postalCode;
#endif /* OPENSSL_EXTRA */
}
}
#ifdef WOLFSSL_CERT_EXT
else if ((srcIdx + ASN_JOI_PREFIX_SZ + 2 <= (word32)maxIdx) &&
@ -14533,6 +14602,9 @@ static int DecodeCrlDist(const byte* input, int sz, DecodedCert* cert)
WOLFSSL_ENTER("DecodeCrlDist");
cert->extCrlInfoRaw = input;
cert->extCrlInfoRawSz = sz;
/* Unwrap the list of Distribution Points*/
if (GetSequence(input, &idx, &length, sz) < 0)
return ASN_PARSE_E;
@ -14625,6 +14697,9 @@ static int DecodeCrlDist(const byte* input, int sz, DecodedCert* cert)
CALLOC_ASNGETDATA(dataASN, crlDistASN_Length, ret, cert->heap);
cert->extCrlInfoRaw = input;
cert->extCrlInfoRawSz = sz;
if (ret == 0) {
/* Get the GeneralName choice */
GetASN_Choice(&dataASN[4], generalNameChoice);
@ -14869,6 +14944,8 @@ static int DecodeAuthKeyId(const byte* input, int sz, DecodedCert* cert)
}
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
cert->extRawAuthKeyIdSrc = input;
cert->extRawAuthKeyIdSz = sz;
cert->extAuthKeyIdSrc = &input[idx];
cert->extAuthKeyIdSz = length;
#endif /* OPENSSL_EXTRA */
@ -14895,7 +14972,9 @@ static int DecodeAuthKeyId(const byte* input, int sz, DecodedCert* cert)
}
else {
#ifdef OPENSSL_EXTRA
/* Store the autority key id. */
/* Store the authority key id. */
cert->extRawAuthKeyIdSrc = input;
cert->extRawAuthKeyIdSz = sz;
GetASN_GetConstRef(&dataASN[1], &cert->extAuthKeyIdSrc,
&cert->extAuthKeyIdSz);
#endif /* OPENSSL_EXTRA */
@ -15163,6 +15242,58 @@ static int DecodeExtKeyUsage(const byte* input, int sz, DecodedCert* cert)
#endif /* WOLFSSL_ASN_TEMPLATE */
}
#ifndef IGNORE_NETSCAPE_CERT_TYPE
#ifdef WOLFSSL_ASN_TEMPLATE
/* ASN.1 template for Netscape Certificate Type
* https://docs.oracle.com/cd/E19957-01/816-5533-10/ext.htm#1033183
*/
static const ASNItem nsCertTypeASN[] = {
/* 0 */ { 0, ASN_BIT_STRING, 0, 0, 0 },
};
/* Number of items in ASN.1 template for nsCertType. */
#define nsCertTypeASN_Length (sizeof(nsCertTypeASN) / sizeof(ASNItem))
#endif
static int DecodeNsCertType(const byte* input, int sz, DecodedCert* cert)
{
#ifndef WOLFSSL_ASN_TEMPLATE
word32 idx = 0;
int len = 0;
WOLFSSL_ENTER("DecodeNsCertType");
if (CheckBitString(input, &idx, &len, (word32)sz, 0, NULL) < 0) {
return ASN_PARSE_E;
}
/* Don't need to worry about unused bits as CheckBitString makes sure
* they're zero. */
cert->nsCertType = input[idx];
return 0;
#else
DECL_ASNGETDATA(dataASN, nsCertTypeASN_Length);
int ret = 0;
word32 idx = 0;
WOLFSSL_ENTER("DecodeNsCertType");
(void)cert;
CALLOC_ASNGETDATA(dataASN, nsCertTypeASN_Length, ret, cert->heap);
if (ret == 0)
ret = GetASN_Items(nsCertTypeASN, dataASN, nsCertTypeASN_Length, 1,
input, &idx, sz);
if (ret == 0)
cert->nsCertType = dataASN[0].data.buffer.data[0];
FREE_ASNGETDATA(dataASN, cert->heap);
return ret;
#endif
}
#endif
#ifndef IGNORE_NAME_CONSTRAINTS
#ifdef WOLFSSL_ASN_TEMPLATE
@ -15976,11 +16107,8 @@ static int DecodeExtensionType(const byte* input, int length, word32 oid,
#ifndef IGNORE_NETSCAPE_CERT_TYPE
/* Netscape's certificate type. */
case NETSCAPE_CT_OID:
WOLFSSL_MSG("Netscape certificate type extension not supported "
"yet.");
if (CheckBitString(input, &idx, &length, length, 0, NULL) < 0) {
if (DecodeNsCertType(input, length, cert) < 0)
ret = ASN_PARSE_E;
}
break;
#endif
#ifdef HAVE_OCSP
@ -19927,10 +20055,14 @@ typedef struct DerCert {
byte extensions[MAX_EXTENSIONS_SZ]; /* all extensions */
#ifdef WOLFSSL_CERT_EXT
byte skid[MAX_KID_SZ]; /* Subject Key Identifier extension */
byte akid[MAX_KID_SZ]; /* Authority Key Identifier extension */
byte akid[MAX_KID_SZ + sizeof(CertName)]; /* Authority Key Identifier extension */
byte keyUsage[MAX_KEYUSAGE_SZ]; /* Key Usage extension */
byte extKeyUsage[MAX_EXTKEYUSAGE_SZ]; /* Extended Key Usage extension */
#ifndef IGNORE_NETSCAPE_CERT_TYPE
byte nsCertType[MAX_NSCERTTYPE_SZ]; /* Extended Key Usage extension */
#endif
byte certPolicies[MAX_CERTPOL_NB*MAX_CERTPOL_SZ]; /* Certificate Policies */
byte crlInfo[CTC_MAX_CRLINFO_SZ]; /* CRL Distribution Points */
#endif
#ifdef WOLFSSL_CERT_REQ
byte attrib[MAX_ATTRIB_SZ]; /* Cert req attributes encoded */
@ -19952,7 +20084,12 @@ typedef struct DerCert {
int akidSz; /* encoded SKID extension length */
int keyUsageSz; /* encoded KeyUsage extension length */
int extKeyUsageSz; /* encoded ExtendedKeyUsage extension length */
#ifndef IGNORE_NETSCAPE_CERT_TYPE
int nsCertTypeSz; /* encoded Netscape Certifcate Type
* extension length */
#endif
int certPoliciesSz; /* encoded CertPolicies extension length*/
int crlInfoSz; /* encoded CRL Dist Points length */
#endif
#ifdef WOLFSSL_ALT_NAMES
int altNamesSz; /* encoded AltNames extension length */
@ -20621,28 +20758,34 @@ const char* GetOneCertName(CertName* name, int idx)
return name->state;
case 2:
return name->locality;
return name->street;
case 3:
return name->sur;
return name->locality;
case 4:
return name->org;
return name->sur;
case 5:
return name->unit;
return name->org;
case 6:
return name->commonName;
return name->unit;
case 7:
return name->serialDev;
return name->commonName;
case 8:
return name->serialDev;
case 9:
return name->postalCode;
case 10:
#ifdef WOLFSSL_CERT_EXT
return name->busCat;
case 9:
case 11:
#endif
return name->email;
@ -20663,28 +20806,34 @@ static char GetNameType(CertName* name, int idx)
return name->stateEnc;
case 2:
return name->localityEnc;
return name->postalCodeEnc;
case 3:
return name->surEnc;
return name->localityEnc;
case 4:
return name->orgEnc;
return name->surEnc;
case 5:
return name->unitEnc;
return name->orgEnc;
case 6:
return name->commonNameEnc;
return name->unitEnc;
case 7:
return name->serialDevEnc;
return name->commonNameEnc;
case 8:
return name->serialDevEnc;
case 9:
return name->postalCodeEnc;
case 10:
#ifdef WOLFSSL_CERT_EXT
return name->busCatEnc;
case 9:
case 11:
#endif
/* FALL THROUGH */
/* The last index, email name, does not have encoding type.
@ -20706,28 +20855,34 @@ byte GetCertNameId(int idx)
return ASN_STATE_NAME;
case 2:
return ASN_LOCALITY_NAME;
return ASN_STREET_ADDR;
case 3:
return ASN_SUR_NAME;
return ASN_LOCALITY_NAME;
case 4:
return ASN_ORG_NAME;
return ASN_SUR_NAME;
case 5:
return ASN_ORGUNIT_NAME;
return ASN_ORG_NAME;
case 6:
return ASN_COMMON_NAME;
return ASN_ORGUNIT_NAME;
case 7:
return ASN_SERIAL_NUMBER;
return ASN_COMMON_NAME;
case 8:
return ASN_SERIAL_NUMBER;
case 9:
return ASN_POSTAL_CODE;
case 10:
#ifdef WOLFSSL_CERT_EXT
return ASN_BUS_CAT;
case 9:
case 11:
#endif
return ASN_EMAIL_NAME;
@ -20890,36 +21045,55 @@ static int SetSKID(byte* output, word32 outSz, const byte *input, word32 length)
/* encode Authority Key Identifier, return total bytes written
* RFC5280 : non-critical */
static int SetAKID(byte* output, word32 outSz,
byte *input, word32 length, void* heap)
static int SetAKID(byte* output, word32 outSz, byte *input, word32 length,
byte rawAkid)
{
byte *enc_val;
int ret, enc_valSz;
const byte akid_oid[] = { 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04 };
int enc_valSz, inSeqSz;
byte enc_val_buf[MAX_KID_SZ];
byte* enc_val;
const byte akid_oid[] = { 0x06, 0x03, 0x55, 0x1d, 0x23 };
const byte akid_cs[] = { 0x80 };
(void)heap;
word32 idx;
if (output == NULL || input == NULL)
return BAD_FUNC_ARG;
enc_valSz = length + 3 + sizeof(akid_cs);
enc_val = (byte *)XMALLOC(enc_valSz, heap, DYNAMIC_TYPE_TMP_BUFFER);
if (enc_val == NULL)
return MEMORY_E;
if (rawAkid) {
enc_val = input;
enc_valSz = length;
}
else {
enc_val = enc_val_buf;
enc_valSz = length + 3 + sizeof(akid_cs);
if (enc_valSz > (int)sizeof(enc_val_buf))
return BAD_FUNC_ARG;
/* sequence for ContentSpec & value */
ret = SetOidValue(enc_val, enc_valSz, akid_cs, sizeof(akid_cs),
input, length);
if (ret > 0) {
enc_valSz = ret;
ret = SetOidValue(output, outSz, akid_oid, sizeof(akid_oid),
enc_val, enc_valSz);
/* sequence for ContentSpec & value */
enc_valSz = SetOidValue(enc_val, enc_valSz, akid_cs, sizeof(akid_cs),
input, length);
if (enc_valSz <= 0)
return enc_valSz;
}
XFREE(enc_val, heap, DYNAMIC_TYPE_TMP_BUFFER);
return ret;
/* The size of the extension sequence contents */
inSeqSz = sizeof(akid_oid) + SetOctetString(enc_valSz, NULL) +
enc_valSz;
if (SetSequence(inSeqSz, NULL) + inSeqSz > outSz)
return BAD_FUNC_ARG;
/* Write out the sequence header */
idx = SetSequence(inSeqSz, output);
/* Write out OID */
XMEMCPY(output + idx, akid_oid, sizeof(akid_oid));
idx += sizeof(akid_oid);
/* Write out AKID */
idx += SetOctetString(enc_valSz, output + idx);
XMEMCPY(output + idx, enc_val, enc_valSz);
return idx + enc_valSz;
}
/* encode Key Usage, return total bytes written
@ -21163,6 +21337,89 @@ static int SetExtKeyUsage(Cert* cert, byte* output, word32 outSz, byte input)
#endif
}
#ifndef IGNORE_NETSCAPE_CERT_TYPE
#ifndef WOLFSSL_ASN_TEMPLATE
static int SetNsCertType(Cert* cert, byte* output, word32 outSz, byte input)
{
word32 idx;
byte unusedBits = 0;
byte nsCertType = input;
word32 totalSz;
word32 bitStrSz;
const byte nscerttype_oid[] = { 0x06, 0x09, 0x60, 0x86, 0x48, 0x01,
0x86, 0xF8, 0x42, 0x01, 0x01 };
if (cert == NULL || output == NULL ||
input == 0)
return BAD_FUNC_ARG;
totalSz = sizeof(nscerttype_oid);
/* Get amount of lsb zero's */
for (;(input & 1) == 0; input >>= 1)
unusedBits++;
/* 1 byte of NS Cert Type extension */
bitStrSz = SetBitString(1, unusedBits, NULL) + 1;
totalSz += SetOctetString(bitStrSz, NULL) + bitStrSz;
if (SetSequence(totalSz, NULL) + totalSz > outSz)
return BAD_FUNC_ARG;
/* 1. Seq + Total Len */
idx = SetSequence(totalSz, output);
/* 2. Object ID */
XMEMCPY(&output[idx], nscerttype_oid, sizeof(nscerttype_oid));
idx += sizeof(nscerttype_oid);
/* 3. Octet String */
idx += SetOctetString(bitStrSz, &output[idx]);
/* 4. Bit String */
idx += SetBitString(1, unusedBits, &output[idx]);
output[idx++] = nsCertType;
return idx;
}
#endif
#endif
#ifndef WOLFSSL_ASN_TEMPLATE
static int SetCRLInfo(Cert* cert, byte* output, word32 outSz, byte* input,
int inSz)
{
word32 idx;
word32 totalSz;
const byte crlinfo_oid[] = { 0x06, 0x03, 0x55, 0x1D, 0x1F };
if (cert == NULL || output == NULL ||
input == 0 || inSz <= 0)
return BAD_FUNC_ARG;
totalSz = sizeof(crlinfo_oid) + SetOctetString(inSz, NULL) + inSz;
if (SetSequence(totalSz, NULL) + totalSz > outSz)
return BAD_FUNC_ARG;
/* 1. Seq + Total Len */
idx = SetSequence(totalSz, output);
/* 2. Object ID */
XMEMCPY(&output[idx], crlinfo_oid, sizeof(crlinfo_oid));
idx += sizeof(crlinfo_oid);
/* 3. Octet String */
idx += SetOctetString(inSz, &output[idx]);
/* 4. CRL Info */
XMEMCPY(&output[idx], input, inSz);
idx += inSz;
return idx;
}
#endif
/* encode Certificate Policies, return total bytes written
* each input value must be ITU-T X.690 formatted : a.b.c...
* input must be an array of values with a NULL terminated for the latest
@ -21625,6 +21882,7 @@ int wc_EncodeName(EncodedName* name, const char* nameStr, char nameType,
static const byte nameOid[NAME_ENTRIES - 1][NAME_OID_SZ] = {
{ 0x55, 0x04, ASN_COUNTRY_NAME },
{ 0x55, 0x04, ASN_STATE_NAME },
{ 0x55, 0x04, ASN_STREET_ADDR },
{ 0x55, 0x04, ASN_LOCALITY_NAME },
{ 0x55, 0x04, ASN_SUR_NAME },
{ 0x55, 0x04, ASN_ORG_NAME },
@ -21634,6 +21892,7 @@ static const byte nameOid[NAME_ENTRIES - 1][NAME_OID_SZ] = {
#ifdef WOLFSSL_CERT_EXT
{ 0x55, 0x04, ASN_BUS_CAT },
#endif
{ 0x55, 0x04, ASN_POSTAL_CODE },
/* Email OID is much longer. */
};
@ -22042,6 +22301,15 @@ static const ASNItem certExtsASN[] = {
/* 28 */ { 2, ASN_OBJECT_ID, 0, 0, 0 },
/* 29 */ { 2, ASN_OCTET_STRING, 0, 1, 0 },
/* 30 */ { 3, ASN_SEQUENCE, 0, 0, 0 },
/* Netscape Certificate Type */
/* 31 */ { 1, ASN_SEQUENCE, 1, 1, 0 },
/* 32 */ { 2, ASN_OBJECT_ID, 0, 0, 0 },
/* 33 */ { 2, ASN_OCTET_STRING, 0, 1, 0 },
/* 34 */ { 3, ASN_BIT_STRING, 0, 0, 0 },
/* 35 */ { 1, ASN_SEQUENCE, 1, 1, 0 },
/* 36 */ { 2, ASN_OBJECT_ID, 0, 0, 0 },
/* 37 */ { 2, ASN_OCTET_STRING, 0, 0, 0 },
#endif
};
@ -22064,6 +22332,9 @@ static int EncodeExtensions(Cert* cert, byte* output, word32 maxSz,
static const byte kuOID[] = { 0x55, 0x1d, 0x0f };
static const byte ekuOID[] = { 0x55, 0x1d, 0x25 };
static const byte cpOID[] = { 0x55, 0x1d, 0x20 };
static const byte nsCertOID[] = { 0x60, 0x86, 0x48, 0x01,
0x86, 0xF8, 0x42, 0x01, 0x01 };
static const byte crlInfoOID[] = { 0x55, 0x1D, 0x1F };
#endif
(void)forRequest;
@ -22156,6 +22427,28 @@ static int EncodeExtensions(Cert* cert, byte* output, word32 maxSz,
/* Don't write out Certificate Policies extension items. */
SetASNItem_NoOut(dataASN, 27, 30);
}
#ifndef IGNORE_NETSCAPE_CERT_TYPE
/* Netscape Certificate Type */
if (cert->nsCertType != 0) {
/* Set Netscape Certificate Type OID and data. */
SetASN_Buffer(&dataASN[32], nsCertOID, sizeof(nsCertOID));
SetASN_Buffer(&dataASN[34], &cert->nsCertType, 1);
}
else
#endif
{
/* Don't write out Netscape Certificate Type. */
SetASNItem_NoOut(dataASN, 31, 34);
}
if (cert->crlInfoSz > 0) {
/* Set CRL Distribution Points OID and data. */
SetASN_Buffer(&dataASN[36], crlInfoOID, sizeof(crlInfoOID));
SetASN_Buffer(&dataASN[37], cert->crlInfo, cert->crlInfoSz);
}
else {
/* Don't write out Netscape Certificate Type. */
SetASNItem_NoOut(dataASN, 35, 37);
}
#endif
}
@ -22179,7 +22472,7 @@ static int EncodeExtensions(Cert* cert, byte* output, word32 maxSz,
SetASN_Items(certExtsASN, dataASN, certExtsASN_Length, output);
#ifdef WOLFSSL_CERT_EXT
if (cert->keyUsage != 0){
if (cert->extKeyUsage != 0){
/* Encode Extended Key Usage into space provided. */
if (SetExtKeyUsage(cert, (byte*)dataASN[26].data.buffer.data,
dataASN[26].data.buffer.length, cert->extKeyUsage) <= 0) {
@ -22209,6 +22502,10 @@ static int EncodeExtensions(Cert* cert, byte* output, word32 maxSz,
#ifndef WOLFSSL_ASN_TEMPLATE
/* Set Date validity from now until now + daysValid
* return size in bytes written to output, 0 on error */
/* TODO https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.5
* "MUST always encode certificate validity dates through the year 2049 as
* UTCTime; certificate validity dates in 2050 or later MUST be encoded as
* GeneralizedTime." */
static int SetValidity(byte* output, int daysValid)
{
#ifndef NO_ASN_TIME
@ -22562,11 +22859,13 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
/* AKID */
if (cert->akidSz) {
/* check the provided AKID size */
if (cert->akidSz > (int)min(CTC_MAX_AKID_SIZE, sizeof(der->akid)))
if ((!cert->rawAkid &&
cert->akidSz > (int)min(CTC_MAX_AKID_SIZE, sizeof(der->akid))) ||
(cert->rawAkid && cert->akidSz > (int)sizeof(der->akid)))
return AKID_E;
der->akidSz = SetAKID(der->akid, sizeof(der->akid),
cert->akid, cert->akidSz, cert->heap);
der->akidSz = SetAKID(der->akid, sizeof(der->akid), cert->akid,
cert->akidSz, cert->rawAkid);
if (der->akidSz <= 0)
return AKID_E;
@ -22599,6 +22898,31 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
else
der->extKeyUsageSz = 0;
#ifndef IGNORE_NETSCAPE_CERT_TYPE
/* Netscape Certificate Type */
if (cert->nsCertType != 0) {
der->nsCertTypeSz = SetNsCertType(cert, der->nsCertType,
sizeof(der->nsCertType), cert->nsCertType);
if (der->nsCertTypeSz <= 0)
return EXTENSIONS_E;
der->extensionsSz += der->nsCertTypeSz;
}
else
der->nsCertTypeSz = 0;
#endif
if (cert->crlInfoSz > 0) {
der->crlInfoSz = SetCRLInfo(cert, der->crlInfo, sizeof(der->crlInfo),
cert->crlInfo, cert->crlInfoSz);
if (der->crlInfoSz <= 0)
return EXTENSIONS_E;
der->extensionsSz += der->crlInfoSz;
}
else
der->crlInfoSz = 0;
/* Certificate Policies */
if (cert->certPoliciesNb != 0) {
der->certPoliciesSz = SetCertificatePolicies(der->certPolicies,
@ -22664,6 +22988,15 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
return EXTENSIONS_E;
}
/* put CRL Distribution Points */
if (der->crlInfoSz) {
ret = SetExtensions(der->extensions, sizeof(der->extensions),
&der->extensionsSz,
der->crlInfo, der->crlInfoSz);
if (ret <= 0)
return EXTENSIONS_E;
}
/* put KeyUsage */
if (der->keyUsageSz) {
ret = SetExtensions(der->extensions, sizeof(der->extensions),
@ -22682,6 +23015,17 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
return EXTENSIONS_E;
}
/* put Netscape Cert Type */
#ifndef IGNORE_NETSCAPE_CERT_TYPE
if (der->nsCertTypeSz) {
ret = SetExtensions(der->extensions, sizeof(der->extensions),
&der->extensionsSz,
der->nsCertType, der->nsCertTypeSz);
if (ret <= 0)
return EXTENSIONS_E;
}
#endif
/* put Certificate Policies */
if (der->certPoliciesSz) {
ret = SetExtensions(der->extensions, sizeof(der->extensions),
@ -26957,16 +27301,20 @@ static int DecodeAsymKeyPublic(const byte* input, word32* inOutIdx, word32 inSz,
return ASN_PARSE_E;
/* key header */
ret = CheckBitString(input, inOutIdx, NULL, inSz, 1, NULL);
ret = CheckBitString(input, inOutIdx, &length, inSz, 1, NULL);
if (ret != 0)
return ret;
/* check that the value found is not too large for pubKey buffer */
if (inSz - *inOutIdx > *pubKeyLen)
if ((word32)length > *pubKeyLen)
return ASN_PARSE_E;
/* check that input buffer is exhausted */
if (*inOutIdx + (word32)length != inSz)
return ASN_PARSE_E;
/* This is the raw point data compressed or uncompressed. */
*pubKeyLen = inSz - *inOutIdx;
*pubKeyLen = length;
XMEMCPY(pubKey, input + *inOutIdx, *pubKeyLen);
#else
len = inSz - *inOutIdx;
@ -26982,9 +27330,11 @@ static int DecodeAsymKeyPublic(const byte* input, word32* inOutIdx, word32 inSz,
/* Decode Ed25519 private key. */
ret = GetASN_Items(edPubKeyASN, dataASN, edPubKeyASN_Length, 1, input,
inOutIdx, inSz);
if (ret != 0) {
if (ret != 0)
ret = ASN_PARSE_E;
/* check that input buffer is exhausted */
if (*inOutIdx != inSz)
ret = ASN_PARSE_E;
}
}
/* Check the public value length is correct. */
if ((ret == 0) && (dataASN[3].data.ref.length > *pubKeyLen)) {

4
wolfcrypt/test/test.c
View File

@ -12289,18 +12289,20 @@ static void initDefaultName(void)
static const CertName certDefaultName = {
"US", CTC_PRINTABLE, /* country */
"Oregon", CTC_UTF8, /* state */
"Main St", CTC_UTF8, /* street */
"Portland", CTC_UTF8, /* locality */
"Test", CTC_UTF8, /* sur */
"wolfSSL", CTC_UTF8, /* org */
"Development", CTC_UTF8, /* unit */
"www.wolfssl.com", CTC_UTF8, /* commonName */
"wolfSSL12345", CTC_PRINTABLE, /* serial number of device */
"12-456", CTC_PRINTABLE, /* Postal Code */
#ifdef WOLFSSL_CERT_EXT
"Private Organization", CTC_UTF8, /* businessCategory */
"US", CTC_PRINTABLE, /* jurisdiction country */
"Oregon", CTC_PRINTABLE, /* jurisdiction state */
#endif
"info@wolfssl.com" /* email */
"info@wolfssl.com", /* email */
};
#endif /* WOLFSSL_MULTI_ATTRIB */

10
wolfssl/internal.h
View File

@ -3854,12 +3854,14 @@ struct WOLFSSL_X509 {
#ifdef HAVE_EX_DATA
WOLFSSL_CRYPTO_EX_DATA ex_data;
#endif
byte* authKeyId;
byte* authKeyId; /* Points into authKeyIdSrc */
byte* authKeyIdSrc;
byte* subjKeyId;
byte* extKeyUsageSrc;
#ifdef OPENSSL_ALL
byte* subjAltNameSrc;
#endif
byte* rawCRLInfo;
byte* CRLInfo;
byte* authInfo;
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
@ -3868,12 +3870,18 @@ struct WOLFSSL_X509 {
#endif
word32 pathLength;
word16 keyUsage;
int rawCRLInfoSz;
int CRLInfoSz;
int authInfoSz;
word32 authKeyIdSz;
word32 authKeyIdSrcSz;
word32 subjKeyIdSz;
byte extKeyUsage;
word32 extKeyUsageSz;
word32 extKeyUsageCount;
#ifndef IGNORE_NETSCAPE_CERT_TYPE
byte nsCertType;
#endif
#ifdef OPENSSL_ALL
word32 subjAltNameSz;
#endif

4
wolfssl/openssl/x509v3.h
View File

@ -57,8 +57,8 @@
#define X509_PURPOSE_SSL_CLIENT 0
#define X509_PURPOSE_SSL_SERVER 1
#define NS_SSL_CLIENT 0
#define NS_SSL_SERVER 1
#define NS_SSL_CLIENT WC_NS_SSL_CLIENT
#define NS_SSL_SERVER WC_NS_SSL_SERVER
/* Forward reference */

43
wolfssl/wolfcrypt/asn.h
View File

@ -598,9 +598,11 @@ enum DN_Tags {
ASN_COUNTRY_NAME = 0x06, /* C */
ASN_LOCALITY_NAME = 0x07, /* L */
ASN_STATE_NAME = 0x08, /* ST */
ASN_STREET_ADDR = 0x09, /* street */
ASN_ORG_NAME = 0x0a, /* O */
ASN_ORGUNIT_NAME = 0x0b, /* OU */
ASN_BUS_CAT = 0x0f, /* businessCategory */
ASN_POSTAL_CODE = 0x11, /* postalCode */
ASN_EMAIL_NAME = 0x98, /* not oid number there is 97 in 2.5.4.0-97 */
/* pilot attribute types
@ -636,6 +638,9 @@ extern const WOLFSSL_ObjectInfo wolfssl_object_info[];
#define WOLFSSL_LN_LOCALITY_NAME "/localityName="
#define WOLFSSL_STATE_NAME "/ST="
#define WOLFSSL_LN_STATE_NAME "/stateOrProvinceName="
#define WOLFSSL_STREET_ADDR_NAME "/street="
#define WOLFSSL_LN_STREET_ADDR_NAME "/streetAddress="
#define WOLFSSL_POSTAL_NAME "/postalCode="
#define WOLFSSL_ORG_NAME "/O="
#define WOLFSSL_LN_ORG_NAME "/organizationName="
#define WOLFSSL_ORGUNIT_NAME "/OU="
@ -715,12 +720,14 @@ enum
NID_countryName = 0x06, /* C */
NID_localityName = 0x07, /* L */
NID_stateOrProvinceName = 0x08, /* ST */
NID_streetAddress = ASN_STREET_ADDR, /* street */
NID_organizationName = 0x0a, /* O */
NID_organizationalUnitName = 0x0b, /* OU */
NID_jurisdictionCountryName = 0xc,
NID_jurisdictionStateOrProvinceName = 0xd,
NID_businessCategory = ASN_BUS_CAT,
NID_domainComponent = ASN_DOMAIN_COMPONENT,
NID_postalCode = ASN_POSTAL_CODE, /* postalCode */
NID_favouriteDrink = 462,
NID_userId = 458,
NID_emailAddress = 0x30, /* emailAddress */
@ -857,6 +864,10 @@ enum Misc_ASN {
CTC_MAX_EKU_OID_SZ, /* Max encoded ExtKeyUsage
(SEQ/LEN + OBJID + OCTSTR/LEN + SEQ +
(6 * (SEQ + OID))) */
#ifndef IGNORE_NETSCAPE_CERT_TYPE
MAX_NSCERTTYPE_SZ = MAX_SEQ_SZ + 17, /* SEQ + OID + OCTET STR +
* NS BIT STR */
#endif
MAX_CERTPOL_NB = CTC_MAX_CERTPOL_NB,/* Max number of Cert Policy */
MAX_CERTPOL_SZ = CTC_MAX_CERTPOL_SZ,
#endif
@ -1127,6 +1138,15 @@ enum CsrAttrType {
#define EXTKEYUSE_SERVER_AUTH 0x02
#define EXTKEYUSE_ANY 0x01
#define WC_NS_SSL_CLIENT 0x80
#define WC_NS_SSL_SERVER 0x40
#define WC_NS_SMIME 0x20
#define WC_NS_OBJSIGN 0x10
#define WC_NS_SSL_CA 0x04
#define WC_NS_SMIME_CA 0x02
#define WC_NS_OBJSIGN_CA 0x01
typedef struct DNS_entry DNS_entry;
struct DNS_entry {
@ -1382,6 +1402,10 @@ struct DecodedCert {
const byte* extAuthInfoCaIssuer; /* Authority Info Access caIssuer URI */
int extAuthInfoCaIssuerSz; /* length of the caIssuer URI */
#endif
const byte* extCrlInfoRaw; /* Entire CRL Distribution Points
* Extension. This is useful when
* re-generating the DER. */
int extCrlInfoRawSz; /* length of the extension */
const byte* extCrlInfo; /* CRL Distribution Points */
int extCrlInfoSz; /* length of the URI */
byte extSubjKeyId[KEYID_SIZE]; /* Subject Key ID */
@ -1398,6 +1422,8 @@ struct DecodedCert {
const byte* extExtKeyUsageSrc;
word32 extExtKeyUsageSz;
word32 extExtKeyUsageCount;
const byte* extRawAuthKeyIdSrc;
word32 extRawAuthKeyIdSz;
const byte* extAuthKeyIdSrc;
word32 extAuthKeyIdSz;
const byte* extSubjKeyIdSrc;
@ -1437,6 +1463,9 @@ struct DecodedCert {
char* subjectST;
int subjectSTLen;
char subjectSTEnc;
char* subjectStreet;
int subjectStreetLen;
char subjectStreetEnc;
char* subjectO;
int subjectOLen;
char subjectOEnc;
@ -1457,9 +1486,12 @@ struct DecodedCert {
int subjectJSLen;
char subjectJSEnc;
#endif
char* subjectPC;
int subjectPCLen;
char subjectPCEnc;
char* subjectEmail;
int subjectEmailLen;
#endif /* WOLFSSL_CERT_GEN */
#endif /* defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) */
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
/* WOLFSSL_X509_NAME structures (used void* to avoid including ssl.h) */
void* issuerName;
@ -1476,7 +1508,10 @@ struct DecodedCert {
#ifdef WOLFSSL_CERT_EXT
char extCertPolicies[MAX_CERTPOL_NB][MAX_CERTPOL_SZ];
int extCertPoliciesNb;
#endif /* defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) */
#endif /* WOLFSSL_CERT_EXT */
#ifndef IGNORE_NETSCAPE_CERT_TYPE
byte nsCertType;
#endif
#ifdef WOLFSSL_CERT_REQ
/* CSR attributes */
@ -1880,9 +1915,9 @@ WOLFSSL_LOCAL int wc_MIME_free_hdrs(MimeHdr* head);
enum cert_enums {
#ifdef WOLFSSL_CERT_EXT
NAME_ENTRIES = 10,
NAME_ENTRIES = 12,
#else
NAME_ENTRIES = 9,
NAME_ENTRIES = 11,
#endif
JOINT_LEN = 2,
EMAIL_JOINT_LEN = 9,

20
wolfssl/wolfcrypt/asn_public.h
View File

@ -197,7 +197,9 @@ enum Ctc_Misc {
CTC_MAX_SKID_SIZE = 32, /* SHA256_DIGEST_SIZE */
CTC_MAX_AKID_SIZE = 32, /* SHA256_DIGEST_SIZE */
CTC_MAX_CERTPOL_SZ = 64,
CTC_MAX_CERTPOL_NB = 2 /* Max number of Certificate Policy */
CTC_MAX_CERTPOL_NB = 2, /* Max number of Certificate Policy */
CTC_MAX_CRLINFO_SZ = 200, /* Arbitrary size that should be enough for at
* least two distribution points. */
#endif /* WOLFSSL_CERT_EXT */
};
@ -305,6 +307,8 @@ typedef struct CertName {
char countryEnc;
char state[CTC_NAME_SIZE];
char stateEnc;
char street[CTC_NAME_SIZE];
char streetEnc;
char locality[CTC_NAME_SIZE];
char localityEnc;
char sur[CTC_NAME_SIZE];
@ -317,6 +321,8 @@ typedef struct CertName {
char commonNameEnc;
char serialDev[CTC_NAME_SIZE];
char serialDevEnc;
char postalCode[CTC_NAME_SIZE];
char postalCodeEnc;
#ifdef WOLFSSL_CERT_EXT
char busCat[CTC_NAME_SIZE];
char busCatEnc;
@ -357,10 +363,18 @@ typedef struct Cert {
#ifdef WOLFSSL_CERT_EXT
byte skid[CTC_MAX_SKID_SIZE]; /* Subject Key Identifier */
int skidSz; /* SKID size in bytes */
byte akid[CTC_MAX_AKID_SIZE]; /* Authority Key Identifier */
byte akid[CTC_MAX_AKID_SIZE + sizeof(CertName)]; /* Authority Key
* Identifier */
int akidSz; /* AKID size in bytes */
byte rawAkid; /* Set to true if akid is a
* AuthorityKeyIdentifier object.
* Set to false if akid is just a
* KeyIdentifier object. */
word16 keyUsage; /* Key Usage */
byte extKeyUsage; /* Extended Key Usage */
#ifndef IGNORE_NETSCAPE_CERT_TYPE
byte nsCertType; /* Netscape Certificate Type */
#endif
#ifdef WOLFSSL_EKU_OID
/* Extended Key Usage OIDs */
byte extKeyUsageOID[CTC_MAX_EKU_NB][CTC_MAX_EKU_OID_SZ];
@ -368,6 +382,8 @@ typedef struct Cert {
#endif
char certPolicies[CTC_MAX_CERTPOL_NB][CTC_MAX_CERTPOL_SZ];
word16 certPoliciesNb; /* Number of Cert Policy */
byte crlInfo[CTC_MAX_CRLINFO_SZ]; /* CRL Distribution points */
int crlInfoSz;
#endif
#if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) || \
defined(WOLFSSL_CERT_REQ)