mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2025-08-01 19:54:40 +02:00
fix X509 multiple OU's and refactor
This commit is contained in:
Jacob Barthelmeh
@@ -3331,12 +3331,9 @@ void InitX509Name(WOLFSSL_X509_NAME* name, int dynamicFlag)
|
|||||||
name->dynamicName = 0;
|
name->dynamicName = 0;
|
||||||
name->sz = 0;
|
name->sz = 0;
|
||||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||||
XMEMSET(&name->fullName, 0, sizeof(DecodedName));
|
XMEMSET(&name->entry, 0, sizeof(name->entry));
|
||||||
XMEMSET(&name->cnEntry, 0, sizeof(WOLFSSL_X509_NAME_ENTRY));
|
|
||||||
XMEMSET(&name->extra, 0, sizeof(name->extra));
|
|
||||||
name->cnEntry.value = &(name->cnEntry.data); /* point to internal data*/
|
|
||||||
name->cnEntry.nid = ASN_COMMON_NAME;
|
|
||||||
name->x509 = NULL;
|
name->x509 = NULL;
|
||||||
|
name->entrySz = 0;
|
||||||
#endif /* OPENSSL_EXTRA */
|
#endif /* OPENSSL_EXTRA */
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -3352,17 +3349,13 @@ void FreeX509Name(WOLFSSL_X509_NAME* name, void* heap)
|
|||||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||||
{
|
{
|
||||||
int i;
|
int i;
|
||||||
if (name->fullName.fullName != NULL) {
|
|
||||||
XFREE(name->fullName.fullName, heap, DYNAMIC_TYPE_X509);
|
|
||||||
name->fullName.fullName = NULL;
|
|
||||||
}
|
|
||||||
for (i = 0; i < MAX_NAME_ENTRIES; i++) {
|
for (i = 0; i < MAX_NAME_ENTRIES; i++) {
|
||||||
/* free ASN1 string data */
|
/* free ASN1 string data */
|
||||||
if (name->extra[i].set && name->extra[i].data.data != NULL) {
|
if (name->entry[i].set && name->entry[i].data.data != NULL) {
|
||||||
XFREE(name->extra[i].data.data, heap, DYNAMIC_TYPE_OPENSSL);
|
wolfSSL_ASN1_OBJECT_free(&name->entry[i].object);
|
||||||
|
XFREE(name->entry[i].data.data, heap, DYNAMIC_TYPE_OPENSSL);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
wolfSSL_ASN1_OBJECT_free(&name->cnEntry.object);
|
|
||||||
}
|
}
|
||||||
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
|
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
|
||||||
}
|
}
|
||||||
@@ -9519,33 +9512,20 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
|
|||||||
x509->issuer.name[ASN_NAME_MAX - 1] = '\0';
|
x509->issuer.name[ASN_NAME_MAX - 1] = '\0';
|
||||||
x509->issuer.sz = (int)XSTRLEN(x509->issuer.name) + 1;
|
x509->issuer.sz = (int)XSTRLEN(x509->issuer.name) + 1;
|
||||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||||
if (dCert->issuerName.fullName != NULL) {
|
if (dCert->issuerName != NULL) {
|
||||||
XMEMCPY(&x509->issuer.fullName,
|
wolfSSL_X509_set_issuer_name(x509, dCert->issuerName);
|
||||||
&dCert->issuerName, sizeof(DecodedName));
|
x509->issuer.x509 = x509;
|
||||||
x509->issuer.fullName.fullName = (char*)XMALLOC(
|
|
||||||
dCert->issuerName.fullNameLen, x509->heap,
|
|
||||||
DYNAMIC_TYPE_X509);
|
|
||||||
if (x509->issuer.fullName.fullName != NULL)
|
|
||||||
XMEMCPY(x509->issuer.fullName.fullName,
|
|
||||||
dCert->issuerName.fullName, dCert->issuerName.fullNameLen);
|
|
||||||
}
|
}
|
||||||
x509->issuer.x509 = x509;
|
|
||||||
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
|
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
|
||||||
|
|
||||||
XSTRNCPY(x509->subject.name, dCert->subject, ASN_NAME_MAX);
|
XSTRNCPY(x509->subject.name, dCert->subject, ASN_NAME_MAX);
|
||||||
x509->subject.name[ASN_NAME_MAX - 1] = '\0';
|
x509->subject.name[ASN_NAME_MAX - 1] = '\0';
|
||||||
x509->subject.sz = (int)XSTRLEN(x509->subject.name) + 1;
|
x509->subject.sz = (int)XSTRLEN(x509->subject.name) + 1;
|
||||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||||
if (dCert->subjectName.fullName != NULL) {
|
if (dCert->subjectName != NULL) {
|
||||||
XMEMCPY(&x509->subject.fullName,
|
wolfSSL_X509_set_subject_name(x509, dCert->subjectName);
|
||||||
&dCert->subjectName, sizeof(DecodedName));
|
x509->subject.x509 = x509;
|
||||||
x509->subject.fullName.fullName = (char*)XMALLOC(
|
|
||||||
dCert->subjectName.fullNameLen, x509->heap, DYNAMIC_TYPE_X509);
|
|
||||||
if (x509->subject.fullName.fullName != NULL)
|
|
||||||
XMEMCPY(x509->subject.fullName.fullName,
|
|
||||||
dCert->subjectName.fullName, dCert->subjectName.fullNameLen);
|
|
||||||
}
|
}
|
||||||
x509->subject.x509 = x509;
|
|
||||||
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
|
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
|
||||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX)
|
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX)
|
||||||
x509->subject.rawLen = min(dCert->subjectRawLen, sizeof(x509->subject.raw));
|
x509->subject.rawLen = min(dCert->subjectRawLen, sizeof(x509->subject.raw));
|
||||||
|
|||||||
18
tests/api.c
18
tests/api.c
@@ -24480,35 +24480,35 @@ static void test_wolfSSL_X509_NID(void)
|
|||||||
/* extract subjectName info */
|
/* extract subjectName info */
|
||||||
AssertNotNull(name = X509_get_subject_name(cert));
|
AssertNotNull(name = X509_get_subject_name(cert));
|
||||||
AssertIntEQ(X509_NAME_get_text_by_NID(name, -1, NULL, 0), -1);
|
AssertIntEQ(X509_NAME_get_text_by_NID(name, -1, NULL, 0), -1);
|
||||||
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, ASN_COMMON_NAME,
|
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_commonName,
|
||||||
NULL, 0)), 0);
|
NULL, 0)), 0);
|
||||||
AssertIntEQ(nameSz, 15);
|
AssertIntEQ(nameSz, 15);
|
||||||
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, ASN_COMMON_NAME,
|
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_commonName,
|
||||||
commonName, sizeof(commonName))), 0);
|
commonName, sizeof(commonName))), 0);
|
||||||
AssertIntEQ(nameSz, 15);
|
AssertIntEQ(nameSz, 15);
|
||||||
AssertIntEQ(XMEMCMP(commonName, "www.wolfssl.com", nameSz), 0);
|
AssertIntEQ(XMEMCMP(commonName, "www.wolfssl.com", nameSz), 0);
|
||||||
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, ASN_COMMON_NAME,
|
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_commonName,
|
||||||
commonName, 9)), 0);
|
commonName, 9)), 0);
|
||||||
AssertIntEQ(nameSz, 8);
|
AssertIntEQ(nameSz, 8);
|
||||||
AssertIntEQ(XMEMCMP(commonName, "www.wolf", nameSz), 0);
|
AssertIntEQ(XMEMCMP(commonName, "www.wolf", nameSz), 0);
|
||||||
|
|
||||||
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, ASN_COUNTRY_NAME,
|
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_countryName,
|
||||||
countryName, sizeof(countryName))), 0);
|
countryName, sizeof(countryName))), 0);
|
||||||
AssertIntEQ(XMEMCMP(countryName, "US", nameSz), 0);
|
AssertIntEQ(XMEMCMP(countryName, "US", nameSz), 0);
|
||||||
|
|
||||||
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, ASN_LOCALITY_NAME,
|
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_localityName,
|
||||||
localityName, sizeof(localityName))), 0);
|
localityName, sizeof(localityName))), 0);
|
||||||
AssertIntEQ(XMEMCMP(localityName, "Bozeman", nameSz), 0);
|
AssertIntEQ(XMEMCMP(localityName, "Bozeman", nameSz), 0);
|
||||||
|
|
||||||
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, ASN_STATE_NAME,
|
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_stateOrProvinceName,
|
||||||
stateName, sizeof(stateName))), 0);
|
stateName, sizeof(stateName))), 0);
|
||||||
AssertIntEQ(XMEMCMP(stateName, "Montana", nameSz), 0);
|
AssertIntEQ(XMEMCMP(stateName, "Montana", nameSz), 0);
|
||||||
|
|
||||||
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, ASN_ORG_NAME,
|
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_organizationName,
|
||||||
orgName, sizeof(orgName))), 0);
|
orgName, sizeof(orgName))), 0);
|
||||||
AssertIntEQ(XMEMCMP(orgName, "wolfSSL_2048", nameSz), 0);
|
AssertIntEQ(XMEMCMP(orgName, "wolfSSL_2048", nameSz), 0);
|
||||||
|
|
||||||
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, ASN_ORGUNIT_NAME,
|
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_organizationalUnitName,
|
||||||
orgUnit, sizeof(orgUnit))), 0);
|
orgUnit, sizeof(orgUnit))), 0);
|
||||||
AssertIntEQ(XMEMCMP(orgUnit, "Programming-2048", nameSz), 0);
|
AssertIntEQ(XMEMCMP(orgUnit, "Programming-2048", nameSz), 0);
|
||||||
|
|
||||||
@@ -25931,7 +25931,7 @@ static void test_wolfSSL_X509_sign(void)
|
|||||||
|
|
||||||
/* Set X509_NAME fields */
|
/* Set X509_NAME fields */
|
||||||
AssertNotNull(name = X509_NAME_new());
|
AssertNotNull(name = X509_NAME_new());
|
||||||
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "country", MBSTRING_UTF8,
|
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
|
||||||
(byte*)"US", 2, -1, 0), SSL_SUCCESS);
|
(byte*)"US", 2, -1, 0), SSL_SUCCESS);
|
||||||
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
|
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
|
||||||
(byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS);
|
(byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS);
|
||||||
|
|||||||
@@ -5044,10 +5044,10 @@ void FreeDecodedCert(DecodedCert* cert)
|
|||||||
XFREE(cert->hwSerialNum, cert->heap, DYNAMIC_TYPE_X509_EXT);
|
XFREE(cert->hwSerialNum, cert->heap, DYNAMIC_TYPE_X509_EXT);
|
||||||
#endif /* WOLFSSL_SEP */
|
#endif /* WOLFSSL_SEP */
|
||||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||||
if (cert->issuerName.fullName != NULL)
|
if (cert->issuerName != NULL)
|
||||||
XFREE(cert->issuerName.fullName, cert->heap, DYNAMIC_TYPE_X509);
|
wolfSSL_X509_NAME_free(cert->issuerName);
|
||||||
if (cert->subjectName.fullName != NULL)
|
if (cert->subjectName != NULL)
|
||||||
XFREE(cert->subjectName.fullName, cert->heap, DYNAMIC_TYPE_X509);
|
wolfSSL_X509_NAME_free(cert->subjectName);
|
||||||
#endif /* OPENSSL_EXTRA */
|
#endif /* OPENSSL_EXTRA */
|
||||||
#ifdef WOLFSSL_RENESAS_TSIP_TLS
|
#ifdef WOLFSSL_RENESAS_TSIP_TLS
|
||||||
if (cert->tsip_encRsaKeyIdx != NULL)
|
if (cert->tsip_encRsaKeyIdx != NULL)
|
||||||
@@ -5538,7 +5538,8 @@ int CalcHashId(const byte* data, word32 len, byte* hash)
|
|||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* process NAME, either issuer or subject */
|
/* process NAME, either issuer or subject
|
||||||
|
* returns 0 on success and negative values on fail */
|
||||||
static int GetName(DecodedCert* cert, int nameType, int maxIdx)
|
static int GetName(DecodedCert* cert, int nameType, int maxIdx)
|
||||||
{
|
{
|
||||||
int length; /* length of all distinguished names */
|
int length; /* length of all distinguished names */
|
||||||
@@ -5548,14 +5549,10 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
|
|||||||
byte* hash;
|
byte* hash;
|
||||||
word32 idx, localIdx = 0;
|
word32 idx, localIdx = 0;
|
||||||
byte tag;
|
byte tag;
|
||||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||||
DecodedName* dName =
|
WOLFSSL_X509_NAME* dName;
|
||||||
(nameType == ISSUER) ? &cert->issuerName : &cert->subjectName;
|
int nid;
|
||||||
int dcnum = 0;
|
#endif /* OPENSSL_EXTRA */
|
||||||
#ifdef OPENSSL_EXTRA
|
|
||||||
int count = 0;
|
|
||||||
#endif
|
|
||||||
#endif /* OPENSSL_EXTRA */
|
|
||||||
|
|
||||||
WOLFSSL_MSG("Getting Cert Name");
|
WOLFSSL_MSG("Getting Cert Name");
|
||||||
|
|
||||||
@@ -5612,6 +5609,12 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
|
|||||||
cert->subjectRawLen = length - cert->srcIdx;
|
cert->subjectRawLen = length - cert->srcIdx;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||||
|
dName = wolfSSL_X509_NAME_new();
|
||||||
|
if (dName == NULL) {
|
||||||
|
return MEMORY_E;
|
||||||
|
}
|
||||||
|
#endif /* OPENSSL_EXTRA */
|
||||||
|
|
||||||
while (cert->srcIdx < (word32)length) {
|
while (cert->srcIdx < (word32)length) {
|
||||||
byte b = 0;
|
byte b = 0;
|
||||||
@@ -5627,16 +5630,28 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
|
|||||||
WOLFSSL_MSG("Cert name lacks set header, trying sequence");
|
WOLFSSL_MSG("Cert name lacks set header, trying sequence");
|
||||||
}
|
}
|
||||||
|
|
||||||
if (GetSequence(cert->source, &cert->srcIdx, &dummy, maxIdx) <= 0)
|
if (GetSequence(cert->source, &cert->srcIdx, &dummy, maxIdx) <= 0) {
|
||||||
|
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||||
|
wolfSSL_X509_NAME_free(dName);
|
||||||
|
#endif /* OPENSSL_EXTRA */
|
||||||
return ASN_PARSE_E;
|
return ASN_PARSE_E;
|
||||||
|
}
|
||||||
|
|
||||||
ret = GetASNObjectId(cert->source, &cert->srcIdx, &oidSz, maxIdx);
|
ret = GetASNObjectId(cert->source, &cert->srcIdx, &oidSz, maxIdx);
|
||||||
if (ret != 0)
|
if (ret != 0) {
|
||||||
|
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||||
|
wolfSSL_X509_NAME_free(dName);
|
||||||
|
#endif /* OPENSSL_EXTRA */
|
||||||
return ret;
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
/* make sure there is room for joint */
|
/* make sure there is room for joint */
|
||||||
if ((cert->srcIdx + sizeof(joint)) > (word32)maxIdx)
|
if ((cert->srcIdx + sizeof(joint)) > (word32)maxIdx) {
|
||||||
|
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||||
|
wolfSSL_X509_NAME_free(dName);
|
||||||
|
#endif /* OPENSSL_EXTRA */
|
||||||
return ASN_PARSE_E;
|
return ASN_PARSE_E;
|
||||||
|
}
|
||||||
|
|
||||||
XMEMCPY(joint, &cert->source[cert->srcIdx], sizeof(joint));
|
XMEMCPY(joint, &cert->source[cert->srcIdx], sizeof(joint));
|
||||||
|
|
||||||
@@ -5646,6 +5661,9 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
|
|||||||
id = joint[2];
|
id = joint[2];
|
||||||
if (GetHeader(cert->source, &b, &cert->srcIdx, &strLen,
|
if (GetHeader(cert->source, &b, &cert->srcIdx, &strLen,
|
||||||
maxIdx, 1) < 0) {
|
maxIdx, 1) < 0) {
|
||||||
|
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||||
|
wolfSSL_X509_NAME_free(dName);
|
||||||
|
#endif /* OPENSSL_EXTRA */
|
||||||
return ASN_PARSE_E;
|
return ASN_PARSE_E;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -5658,10 +5676,9 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
|
|||||||
|
|
||||||
copy = WOLFSSL_COMMON_NAME;
|
copy = WOLFSSL_COMMON_NAME;
|
||||||
copyLen = sizeof(WOLFSSL_COMMON_NAME) - 1;
|
copyLen = sizeof(WOLFSSL_COMMON_NAME) - 1;
|
||||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||||
dName->cnIdx = cert->srcIdx;
|
nid = NID_commonName;
|
||||||
dName->cnLen = strLen;
|
#endif /* OPENSSL_EXTRA */
|
||||||
#endif /* OPENSSL_EXTRA */
|
|
||||||
}
|
}
|
||||||
else if (id == ASN_SUR_NAME) {
|
else if (id == ASN_SUR_NAME) {
|
||||||
copy = WOLFSSL_SUR_NAME;
|
copy = WOLFSSL_SUR_NAME;
|
||||||
@@ -5674,8 +5691,7 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
|
|||||||
}
|
}
|
||||||
#endif /* WOLFSSL_CERT_GEN */
|
#endif /* WOLFSSL_CERT_GEN */
|
||||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||||
dName->snIdx = cert->srcIdx;
|
nid = NID_surname;
|
||||||
dName->snLen = strLen;
|
|
||||||
#endif /* OPENSSL_EXTRA */
|
#endif /* OPENSSL_EXTRA */
|
||||||
}
|
}
|
||||||
else if (id == ASN_COUNTRY_NAME) {
|
else if (id == ASN_COUNTRY_NAME) {
|
||||||
@@ -5689,8 +5705,7 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
|
|||||||
}
|
}
|
||||||
#endif /* WOLFSSL_CERT_GEN */
|
#endif /* WOLFSSL_CERT_GEN */
|
||||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||||
dName->cIdx = cert->srcIdx;
|
nid = NID_countryName;
|
||||||
dName->cLen = strLen;
|
|
||||||
#endif /* OPENSSL_EXTRA */
|
#endif /* OPENSSL_EXTRA */
|
||||||
}
|
}
|
||||||
else if (id == ASN_LOCALITY_NAME) {
|
else if (id == ASN_LOCALITY_NAME) {
|
||||||
@@ -5704,8 +5719,7 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
|
|||||||
}
|
}
|
||||||
#endif /* WOLFSSL_CERT_GEN */
|
#endif /* WOLFSSL_CERT_GEN */
|
||||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||||
dName->lIdx = cert->srcIdx;
|
nid = NID_localityName;
|
||||||
dName->lLen = strLen;
|
|
||||||
#endif /* OPENSSL_EXTRA */
|
#endif /* OPENSSL_EXTRA */
|
||||||
}
|
}
|
||||||
else if (id == ASN_STATE_NAME) {
|
else if (id == ASN_STATE_NAME) {
|
||||||
@@ -5719,8 +5733,7 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
|
|||||||
}
|
}
|
||||||
#endif /* WOLFSSL_CERT_GEN */
|
#endif /* WOLFSSL_CERT_GEN */
|
||||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||||
dName->stIdx = cert->srcIdx;
|
nid = NID_stateOrProvinceName;
|
||||||
dName->stLen = strLen;
|
|
||||||
#endif /* OPENSSL_EXTRA */
|
#endif /* OPENSSL_EXTRA */
|
||||||
}
|
}
|
||||||
else if (id == ASN_ORG_NAME) {
|
else if (id == ASN_ORG_NAME) {
|
||||||
@@ -5734,8 +5747,7 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
|
|||||||
}
|
}
|
||||||
#endif /* WOLFSSL_CERT_GEN */
|
#endif /* WOLFSSL_CERT_GEN */
|
||||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||||
dName->oIdx = cert->srcIdx;
|
nid = NID_organizationName;
|
||||||
dName->oLen = strLen;
|
|
||||||
#endif /* OPENSSL_EXTRA */
|
#endif /* OPENSSL_EXTRA */
|
||||||
}
|
}
|
||||||
else if (id == ASN_ORGUNIT_NAME) {
|
else if (id == ASN_ORGUNIT_NAME) {
|
||||||
@@ -5749,8 +5761,7 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
|
|||||||
}
|
}
|
||||||
#endif /* WOLFSSL_CERT_GEN */
|
#endif /* WOLFSSL_CERT_GEN */
|
||||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||||
dName->ouIdx = cert->srcIdx;
|
nid = NID_organizationalUnitName;
|
||||||
dName->ouLen = strLen;
|
|
||||||
#endif /* OPENSSL_EXTRA */
|
#endif /* OPENSSL_EXTRA */
|
||||||
}
|
}
|
||||||
else if (id == ASN_SERIAL_NUMBER) {
|
else if (id == ASN_SERIAL_NUMBER) {
|
||||||
@@ -5764,8 +5775,7 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
|
|||||||
}
|
}
|
||||||
#endif /* WOLFSSL_CERT_GEN */
|
#endif /* WOLFSSL_CERT_GEN */
|
||||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||||
dName->snIdx = cert->srcIdx;
|
nid = NID_serialNumber;
|
||||||
dName->snLen = strLen;
|
|
||||||
#endif /* OPENSSL_EXTRA */
|
#endif /* OPENSSL_EXTRA */
|
||||||
}
|
}
|
||||||
#ifdef WOLFSSL_CERT_EXT
|
#ifdef WOLFSSL_CERT_EXT
|
||||||
@@ -5780,8 +5790,7 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
|
|||||||
}
|
}
|
||||||
#endif /* WOLFSSL_CERT_GEN */
|
#endif /* WOLFSSL_CERT_GEN */
|
||||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||||
dName->bcIdx = cert->srcIdx;
|
nid = NID_businessCategory;
|
||||||
dName->bcLen = strLen;
|
|
||||||
#endif /* OPENSSL_EXTRA */
|
#endif /* OPENSSL_EXTRA */
|
||||||
}
|
}
|
||||||
#endif /* WOLFSSL_CERT_EXT */
|
#endif /* WOLFSSL_CERT_EXT */
|
||||||
@@ -5798,8 +5807,12 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
|
|||||||
b = cert->source[cert->srcIdx++]; /* encoding */
|
b = cert->source[cert->srcIdx++]; /* encoding */
|
||||||
|
|
||||||
if (GetLength(cert->source, &cert->srcIdx, &strLen,
|
if (GetLength(cert->source, &cert->srcIdx, &strLen,
|
||||||
maxIdx) < 0)
|
maxIdx) < 0) {
|
||||||
|
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||||
|
wolfSSL_X509_NAME_free(dName);
|
||||||
|
#endif /* OPENSSL_EXTRA */
|
||||||
return ASN_PARSE_E;
|
return ASN_PARSE_E;
|
||||||
|
}
|
||||||
|
|
||||||
/* Check for jurisdiction of incorporation country name */
|
/* Check for jurisdiction of incorporation country name */
|
||||||
if (id == ASN_JOI_C) {
|
if (id == ASN_JOI_C) {
|
||||||
@@ -5813,8 +5826,7 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
|
|||||||
}
|
}
|
||||||
#endif /* WOLFSSL_CERT_GEN */
|
#endif /* WOLFSSL_CERT_GEN */
|
||||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||||
dName->jcIdx = cert->srcIdx;
|
nid = NID_jurisdictionCountryName;
|
||||||
dName->jcLen = strLen;
|
|
||||||
#endif /* OPENSSL_EXTRA */
|
#endif /* OPENSSL_EXTRA */
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -5830,8 +5842,7 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
|
|||||||
}
|
}
|
||||||
#endif /* WOLFSSL_CERT_GEN */
|
#endif /* WOLFSSL_CERT_GEN */
|
||||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||||
dName->jsIdx = cert->srcIdx;
|
nid = NID_jurisdictionStateOrProvinceName;
|
||||||
dName->jsLen = strLen;
|
|
||||||
#endif /* OPENSSL_EXTRA */
|
#endif /* OPENSSL_EXTRA */
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -5859,8 +5870,12 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
|
|||||||
|
|
||||||
cert->srcIdx += oidSz + 1;
|
cert->srcIdx += oidSz + 1;
|
||||||
|
|
||||||
if (GetLength(cert->source, &cert->srcIdx, &strLen, maxIdx) < 0)
|
if (GetLength(cert->source, &cert->srcIdx, &strLen, maxIdx) < 0) {
|
||||||
|
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||||
|
wolfSSL_X509_NAME_free(dName);
|
||||||
|
#endif /* OPENSSL_EXTRA */
|
||||||
return ASN_PARSE_E;
|
return ASN_PARSE_E;
|
||||||
|
}
|
||||||
|
|
||||||
if (strLen > (int)(ASN_NAME_MAX - idx)) {
|
if (strLen > (int)(ASN_NAME_MAX - idx)) {
|
||||||
WOLFSSL_MSG("ASN name too big, skipping");
|
WOLFSSL_MSG("ASN name too big, skipping");
|
||||||
@@ -5884,8 +5899,7 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
|
|||||||
}
|
}
|
||||||
#endif /* WOLFSSL_CERT_GEN */
|
#endif /* WOLFSSL_CERT_GEN */
|
||||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||||
dName->emailIdx = cert->srcIdx;
|
nid = NID_emailAddress;
|
||||||
dName->emailLen = strLen;
|
|
||||||
#endif /* OPENSSL_EXTRA */
|
#endif /* OPENSSL_EXTRA */
|
||||||
#ifndef IGNORE_NAME_CONSTRAINTS
|
#ifndef IGNORE_NAME_CONSTRAINTS
|
||||||
{
|
{
|
||||||
@@ -5895,6 +5909,10 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
|
|||||||
cert->heap, DYNAMIC_TYPE_ALTNAME);
|
cert->heap, DYNAMIC_TYPE_ALTNAME);
|
||||||
if (emailName == NULL) {
|
if (emailName == NULL) {
|
||||||
WOLFSSL_MSG("\tOut of Memory");
|
WOLFSSL_MSG("\tOut of Memory");
|
||||||
|
#if defined(OPENSSL_EXTRA) || \
|
||||||
|
defined(OPENSSL_EXTRA_X509_SMALL)
|
||||||
|
wolfSSL_X509_NAME_free(dName);
|
||||||
|
#endif /* OPENSSL_EXTRA */
|
||||||
return MEMORY_E;
|
return MEMORY_E;
|
||||||
}
|
}
|
||||||
emailName->type = 0;
|
emailName->type = 0;
|
||||||
@@ -5903,6 +5921,10 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
|
|||||||
if (emailName->name == NULL) {
|
if (emailName->name == NULL) {
|
||||||
WOLFSSL_MSG("\tOut of Memory");
|
WOLFSSL_MSG("\tOut of Memory");
|
||||||
XFREE(emailName, cert->heap, DYNAMIC_TYPE_ALTNAME);
|
XFREE(emailName, cert->heap, DYNAMIC_TYPE_ALTNAME);
|
||||||
|
#if defined(OPENSSL_EXTRA) || \
|
||||||
|
defined(OPENSSL_EXTRA_X509_SMALL)
|
||||||
|
wolfSSL_X509_NAME_free(dName);
|
||||||
|
#endif /* OPENSSL_EXTRA */
|
||||||
return MEMORY_E;
|
return MEMORY_E;
|
||||||
}
|
}
|
||||||
emailName->len = strLen;
|
emailName->len = strLen;
|
||||||
@@ -5923,8 +5945,7 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
|
|||||||
copyLen = sizeof(WOLFSSL_USER_ID) - 1;
|
copyLen = sizeof(WOLFSSL_USER_ID) - 1;
|
||||||
#if defined(OPENSSL_EXTRA) || \
|
#if defined(OPENSSL_EXTRA) || \
|
||||||
defined(OPENSSL_EXTRA_X509_SMALL)
|
defined(OPENSSL_EXTRA_X509_SMALL)
|
||||||
dName->uidIdx = cert->srcIdx;
|
nid = NID_userId;
|
||||||
dName->uidLen = strLen;
|
|
||||||
#endif /* OPENSSL_EXTRA */
|
#endif /* OPENSSL_EXTRA */
|
||||||
break;
|
break;
|
||||||
|
|
||||||
@@ -5933,15 +5954,16 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
|
|||||||
copyLen = sizeof(WOLFSSL_DOMAIN_COMPONENT) - 1;
|
copyLen = sizeof(WOLFSSL_DOMAIN_COMPONENT) - 1;
|
||||||
#if defined(OPENSSL_EXTRA) || \
|
#if defined(OPENSSL_EXTRA) || \
|
||||||
defined(OPENSSL_EXTRA_X509_SMALL)
|
defined(OPENSSL_EXTRA_X509_SMALL)
|
||||||
dName->dcIdx[dcnum] = cert->srcIdx;
|
nid = NID_domainComponent;
|
||||||
dName->dcLen[dcnum] = strLen;
|
|
||||||
dName->dcNum = dcnum + 1;
|
|
||||||
dcnum++;
|
|
||||||
#endif /* OPENSSL_EXTRA */
|
#endif /* OPENSSL_EXTRA */
|
||||||
break;
|
break;
|
||||||
|
|
||||||
default:
|
default:
|
||||||
WOLFSSL_MSG("Unknown pilot attribute type");
|
WOLFSSL_MSG("Unknown pilot attribute type");
|
||||||
|
#if defined(OPENSSL_EXTRA) || \
|
||||||
|
defined(OPENSSL_EXTRA_X509_SMALL)
|
||||||
|
wolfSSL_X509_NAME_free(dName);
|
||||||
|
#endif /* OPENSSL_EXTRA */
|
||||||
return ASN_PARSE_E;
|
return ASN_PARSE_E;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -5956,174 +5978,28 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
|
|||||||
idx += copyLen;
|
idx += copyLen;
|
||||||
XMEMCPY(&full[idx], &cert->source[cert->srcIdx], strLen);
|
XMEMCPY(&full[idx], &cert->source[cert->srcIdx], strLen);
|
||||||
idx += strLen;
|
idx += strLen;
|
||||||
|
|
||||||
#ifdef OPENSSL_EXTRA
|
|
||||||
if (count < DOMAIN_COMPONENT_MAX) {
|
|
||||||
/* store order that DN was parsed */
|
|
||||||
dName->loc[count++] = id;
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
}
|
}
|
||||||
|
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||||
|
if (wolfSSL_X509_NAME_add_entry_by_NID(dName, nid, MBSTRING_UTF8,
|
||||||
|
&cert->source[cert->srcIdx], strLen, -1, -1) !=
|
||||||
|
WOLFSSL_SUCCESS) {
|
||||||
|
wolfSSL_X509_NAME_free(dName);
|
||||||
|
return ASN_PARSE_E;
|
||||||
|
}
|
||||||
|
#endif /* OPENSSL_EXTRA */
|
||||||
cert->srcIdx += strLen;
|
cert->srcIdx += strLen;
|
||||||
}
|
}
|
||||||
full[idx++] = 0;
|
full[idx++] = 0;
|
||||||
#if defined(OPENSSL_EXTRA)
|
|
||||||
/* store order that DN was parsed */
|
|
||||||
dName->locSz = count;
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
|
||||||
{
|
|
||||||
int totalLen = 0;
|
|
||||||
int i = 0;
|
|
||||||
|
|
||||||
if (dName->cnLen != 0)
|
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||||
totalLen += dName->cnLen + 4;
|
if (nameType == ISSUER) {
|
||||||
if (dName->snLen != 0)
|
cert->issuerName = dName;
|
||||||
totalLen += dName->snLen + 4;
|
|
||||||
if (dName->cLen != 0)
|
|
||||||
totalLen += dName->cLen + 3;
|
|
||||||
if (dName->lLen != 0)
|
|
||||||
totalLen += dName->lLen + 3;
|
|
||||||
if (dName->stLen != 0)
|
|
||||||
totalLen += dName->stLen + 4;
|
|
||||||
if (dName->oLen != 0)
|
|
||||||
totalLen += dName->oLen + 3;
|
|
||||||
if (dName->ouLen != 0)
|
|
||||||
totalLen += dName->ouLen + 4;
|
|
||||||
if (dName->emailLen != 0)
|
|
||||||
totalLen += dName->emailLen + 14;
|
|
||||||
if (dName->uidLen != 0)
|
|
||||||
totalLen += dName->uidLen + 5;
|
|
||||||
if (dName->serialLen != 0)
|
|
||||||
totalLen += dName->serialLen + 14;
|
|
||||||
if (dName->dcNum != 0){
|
|
||||||
for (i = 0;i < dName->dcNum;i++)
|
|
||||||
totalLen += dName->dcLen[i] + 4;
|
|
||||||
}
|
|
||||||
|
|
||||||
dName->fullName = (char*)XMALLOC(totalLen + 1, cert->heap,
|
|
||||||
DYNAMIC_TYPE_X509);
|
|
||||||
if (dName->fullName != NULL) {
|
|
||||||
idx = 0;
|
|
||||||
|
|
||||||
if (dName->cnLen != 0) {
|
|
||||||
dName->entryCount++;
|
|
||||||
XMEMCPY(&dName->fullName[idx], WOLFSSL_COMMON_NAME, 4);
|
|
||||||
dName->cnNid = wc_OBJ_sn2nid((const char *)WOLFSSL_COMMON_NAME);
|
|
||||||
idx += 4;
|
|
||||||
XMEMCPY(&dName->fullName[idx],
|
|
||||||
&cert->source[dName->cnIdx], dName->cnLen);
|
|
||||||
dName->cnIdx = idx;
|
|
||||||
idx += dName->cnLen;
|
|
||||||
}
|
|
||||||
if (dName->snLen != 0) {
|
|
||||||
dName->entryCount++;
|
|
||||||
XMEMCPY(&dName->fullName[idx], WOLFSSL_SUR_NAME, 4);
|
|
||||||
dName->snNid = wc_OBJ_sn2nid((const char *)WOLFSSL_SUR_NAME);
|
|
||||||
idx += 4;
|
|
||||||
XMEMCPY(&dName->fullName[idx],
|
|
||||||
&cert->source[dName->snIdx], dName->snLen);
|
|
||||||
dName->snIdx = idx;
|
|
||||||
idx += dName->snLen;
|
|
||||||
}
|
|
||||||
if (dName->cLen != 0) {
|
|
||||||
dName->entryCount++;
|
|
||||||
XMEMCPY(&dName->fullName[idx], WOLFSSL_COUNTRY_NAME, 3);
|
|
||||||
dName->cNid = wc_OBJ_sn2nid((const char *)WOLFSSL_COUNTRY_NAME);
|
|
||||||
idx += 3;
|
|
||||||
XMEMCPY(&dName->fullName[idx],
|
|
||||||
&cert->source[dName->cIdx], dName->cLen);
|
|
||||||
dName->cIdx = idx;
|
|
||||||
idx += dName->cLen;
|
|
||||||
}
|
|
||||||
if (dName->lLen != 0) {
|
|
||||||
dName->entryCount++;
|
|
||||||
XMEMCPY(&dName->fullName[idx], WOLFSSL_LOCALITY_NAME, 3);
|
|
||||||
dName->lNid = wc_OBJ_sn2nid((const char *)WOLFSSL_LOCALITY_NAME);
|
|
||||||
idx += 3;
|
|
||||||
XMEMCPY(&dName->fullName[idx],
|
|
||||||
&cert->source[dName->lIdx], dName->lLen);
|
|
||||||
dName->lIdx = idx;
|
|
||||||
idx += dName->lLen;
|
|
||||||
}
|
|
||||||
if (dName->stLen != 0) {
|
|
||||||
dName->entryCount++;
|
|
||||||
XMEMCPY(&dName->fullName[idx], WOLFSSL_STATE_NAME, 4);
|
|
||||||
dName->stNid = wc_OBJ_sn2nid((const char *)WOLFSSL_STATE_NAME);
|
|
||||||
idx += 4;
|
|
||||||
XMEMCPY(&dName->fullName[idx],
|
|
||||||
&cert->source[dName->stIdx], dName->stLen);
|
|
||||||
dName->stIdx = idx;
|
|
||||||
idx += dName->stLen;
|
|
||||||
}
|
|
||||||
if (dName->oLen != 0) {
|
|
||||||
dName->entryCount++;
|
|
||||||
XMEMCPY(&dName->fullName[idx], WOLFSSL_ORG_NAME, 3);
|
|
||||||
dName->oNid = wc_OBJ_sn2nid((const char *)WOLFSSL_ORG_NAME);
|
|
||||||
idx += 3;
|
|
||||||
XMEMCPY(&dName->fullName[idx],
|
|
||||||
&cert->source[dName->oIdx], dName->oLen);
|
|
||||||
dName->oIdx = idx;
|
|
||||||
idx += dName->oLen;
|
|
||||||
}
|
|
||||||
if (dName->ouLen != 0) {
|
|
||||||
dName->entryCount++;
|
|
||||||
XMEMCPY(&dName->fullName[idx], WOLFSSL_ORGUNIT_NAME, 4);
|
|
||||||
dName->ouNid = wc_OBJ_sn2nid((const char *)WOLFSSL_ORGUNIT_NAME);
|
|
||||||
idx += 4;
|
|
||||||
XMEMCPY(&dName->fullName[idx],
|
|
||||||
&cert->source[dName->ouIdx], dName->ouLen);
|
|
||||||
dName->ouIdx = idx;
|
|
||||||
idx += dName->ouLen;
|
|
||||||
}
|
|
||||||
if (dName->emailLen != 0) {
|
|
||||||
dName->entryCount++;
|
|
||||||
XMEMCPY(&dName->fullName[idx], "/emailAddress=", 14);
|
|
||||||
dName->emailNid = wc_OBJ_sn2nid((const char *)"/emailAddress=");
|
|
||||||
idx += 14;
|
|
||||||
XMEMCPY(&dName->fullName[idx],
|
|
||||||
&cert->source[dName->emailIdx], dName->emailLen);
|
|
||||||
dName->emailIdx = idx;
|
|
||||||
idx += dName->emailLen;
|
|
||||||
}
|
|
||||||
for (i = 0;i < dName->dcNum;i++){
|
|
||||||
if (dName->dcLen[i] != 0) {
|
|
||||||
dName->entryCount++;
|
|
||||||
XMEMCPY(&dName->fullName[idx], WOLFSSL_DOMAIN_COMPONENT, 4);
|
|
||||||
idx += 4;
|
|
||||||
XMEMCPY(&dName->fullName[idx],
|
|
||||||
&cert->source[dName->dcIdx[i]], dName->dcLen[i]);
|
|
||||||
dName->dcIdx[i] = idx;
|
|
||||||
idx += dName->dcLen[i];
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if (dName->uidLen != 0) {
|
|
||||||
dName->entryCount++;
|
|
||||||
XMEMCPY(&dName->fullName[idx], "/UID=", 5);
|
|
||||||
dName->uidNid = wc_OBJ_sn2nid((const char *)"/UID=");
|
|
||||||
idx += 5;
|
|
||||||
XMEMCPY(&dName->fullName[idx],
|
|
||||||
&cert->source[dName->uidIdx], dName->uidLen);
|
|
||||||
dName->uidIdx = idx;
|
|
||||||
idx += dName->uidLen;
|
|
||||||
}
|
|
||||||
if (dName->serialLen != 0) {
|
|
||||||
dName->entryCount++;
|
|
||||||
XMEMCPY(&dName->fullName[idx], WOLFSSL_SERIAL_NUMBER, 14);
|
|
||||||
dName->serialNid = wc_OBJ_sn2nid((const char *)WOLFSSL_SERIAL_NUMBER);
|
|
||||||
idx += 14;
|
|
||||||
XMEMCPY(&dName->fullName[idx],
|
|
||||||
&cert->source[dName->serialIdx], dName->serialLen);
|
|
||||||
dName->serialIdx = idx;
|
|
||||||
idx += dName->serialLen;
|
|
||||||
}
|
|
||||||
dName->fullName[idx] = '\0';
|
|
||||||
dName->fullNameLen = totalLen;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
#endif /* OPENSSL_EXTRA */
|
else {
|
||||||
|
cert->subjectName = dName;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -12033,7 +11909,7 @@ typedef struct EncodedName {
|
|||||||
|
|
||||||
|
|
||||||
/* Get Which Name from index */
|
/* Get Which Name from index */
|
||||||
static const char* GetOneName(CertName* name, int idx)
|
const char* GetOneCertName(CertName* name, int idx)
|
||||||
{
|
{
|
||||||
switch (idx) {
|
switch (idx) {
|
||||||
case 0:
|
case 0:
|
||||||
@@ -12122,7 +11998,7 @@ static char GetNameType(CertName* name, int idx)
|
|||||||
|
|
||||||
|
|
||||||
/* Get ASN Name from index */
|
/* Get ASN Name from index */
|
||||||
static byte GetNameId(int idx)
|
byte GetCertNameId(int idx)
|
||||||
{
|
{
|
||||||
switch (idx) {
|
switch (idx) {
|
||||||
case 0:
|
case 0:
|
||||||
@@ -12164,6 +12040,7 @@ static byte GetNameId(int idx)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
Extensions ::= SEQUENCE OF Extension
|
Extensions ::= SEQUENCE OF Extension
|
||||||
|
|
||||||
@@ -12757,10 +12634,10 @@ int SetName(byte* output, word32 outputSz, CertName* name)
|
|||||||
|
|
||||||
for (i = 0; i < NAME_ENTRIES; i++) {
|
for (i = 0; i < NAME_ENTRIES; i++) {
|
||||||
int ret;
|
int ret;
|
||||||
const char* nameStr = GetOneName(name, i);
|
const char* nameStr = GetOneCertName(name, i);
|
||||||
|
|
||||||
ret = wc_EncodeName(&names[i], nameStr, GetNameType(name, i),
|
ret = wc_EncodeName(&names[i], nameStr, GetNameType(name, i),
|
||||||
GetNameId(i));
|
GetCertNameId(i));
|
||||||
if (ret < 0) {
|
if (ret < 0) {
|
||||||
#ifdef WOLFSSL_SMALL_STACK
|
#ifdef WOLFSSL_SMALL_STACK
|
||||||
XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
@@ -12801,7 +12678,7 @@ int SetName(byte* output, word32 outputSz, CertName* name)
|
|||||||
|
|
||||||
for (i = 0; i < NAME_ENTRIES; i++) {
|
for (i = 0; i < NAME_ENTRIES; i++) {
|
||||||
#ifdef WOLFSSL_MULTI_ATTRIB
|
#ifdef WOLFSSL_MULTI_ATTRIB
|
||||||
type = GetNameId(i);
|
type = GetCertNameId(i);
|
||||||
|
|
||||||
/* list all DC values before OUs */
|
/* list all DC values before OUs */
|
||||||
if (type == ASN_ORGUNIT_NAME) {
|
if (type == ASN_ORGUNIT_NAME) {
|
||||||
|
|||||||
@@ -3593,9 +3593,8 @@ struct WOLFSSL_X509_NAME {
|
|||||||
char staticName[ASN_NAME_MAX];
|
char staticName[ASN_NAME_MAX];
|
||||||
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
|
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
|
||||||
!defined(NO_ASN)
|
!defined(NO_ASN)
|
||||||
DecodedName fullName;
|
int entrySz; /* number of entries */
|
||||||
WOLFSSL_X509_NAME_ENTRY cnEntry;
|
WOLFSSL_X509_NAME_ENTRY entry[MAX_NAME_ENTRIES]; /* all entries i.e. CN */
|
||||||
WOLFSSL_X509_NAME_ENTRY extra[MAX_NAME_ENTRIES]; /* extra entries added */
|
|
||||||
WOLFSSL_X509* x509; /* x509 that struct belongs to */
|
WOLFSSL_X509* x509; /* x509 that struct belongs to */
|
||||||
#endif /* OPENSSL_EXTRA */
|
#endif /* OPENSSL_EXTRA */
|
||||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX)
|
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX)
|
||||||
|
|||||||
@@ -233,6 +233,7 @@ enum
|
|||||||
NID_jurisdictionStateOrProvinceName = 0xd,
|
NID_jurisdictionStateOrProvinceName = 0xd,
|
||||||
NID_businessCategory = ASN_BUS_CAT,
|
NID_businessCategory = ASN_BUS_CAT,
|
||||||
NID_domainComponent = ASN_DOMAIN_COMPONENT,
|
NID_domainComponent = ASN_DOMAIN_COMPONENT,
|
||||||
|
NID_userId = 458,
|
||||||
NID_emailAddress = 0x30, /* emailAddress */
|
NID_emailAddress = 0x30, /* emailAddress */
|
||||||
NID_id_on_dnsSRV = 82, /* 1.3.6.1.5.5.7.8.7 */
|
NID_id_on_dnsSRV = 82, /* 1.3.6.1.5.5.7.8.7 */
|
||||||
NID_ms_upn = 265, /* 1.3.6.1.4.1.311.20.2.3 */
|
NID_ms_upn = 265, /* 1.3.6.1.4.1.311.20.2.3 */
|
||||||
@@ -356,7 +357,7 @@ enum Misc_ASN {
|
|||||||
MAX_CERTPOL_SZ = CTC_MAX_CERTPOL_SZ,
|
MAX_CERTPOL_SZ = CTC_MAX_CERTPOL_SZ,
|
||||||
#endif
|
#endif
|
||||||
MAX_AIA_SZ = 2, /* Max Authority Info Access extension size*/
|
MAX_AIA_SZ = 2, /* Max Authority Info Access extension size*/
|
||||||
MAX_NAME_ENTRIES = 5, /* extra entries added to x509 name struct */
|
MAX_NAME_ENTRIES = 13, /* entries added to x509 name struct */
|
||||||
OCSP_NONCE_EXT_SZ = 35, /* OCSP Nonce Extension size */
|
OCSP_NONCE_EXT_SZ = 35, /* OCSP Nonce Extension size */
|
||||||
MAX_OCSP_EXT_SZ = 58, /* Max OCSP Extension length */
|
MAX_OCSP_EXT_SZ = 58, /* Max OCSP Extension length */
|
||||||
MAX_OCSP_NONCE_SZ = 16, /* OCSP Nonce size */
|
MAX_OCSP_NONCE_SZ = 16, /* OCSP Nonce size */
|
||||||
@@ -611,64 +612,6 @@ struct Base_entry {
|
|||||||
byte type; /* Name base type (DNS or RFC822) */
|
byte type; /* Name base type (DNS or RFC822) */
|
||||||
};
|
};
|
||||||
|
|
||||||
#define DOMAIN_COMPONENT_MAX 10
|
|
||||||
#define DN_NAMES_MAX 9
|
|
||||||
|
|
||||||
struct DecodedName {
|
|
||||||
char* fullName;
|
|
||||||
int fullNameLen;
|
|
||||||
int entryCount;
|
|
||||||
int cnIdx;
|
|
||||||
int cnLen;
|
|
||||||
int cnNid;
|
|
||||||
int snIdx;
|
|
||||||
int snLen;
|
|
||||||
int snNid;
|
|
||||||
int cIdx;
|
|
||||||
int cLen;
|
|
||||||
int cNid;
|
|
||||||
int lIdx;
|
|
||||||
int lLen;
|
|
||||||
int lNid;
|
|
||||||
int stIdx;
|
|
||||||
int stLen;
|
|
||||||
int stNid;
|
|
||||||
int oIdx;
|
|
||||||
int oLen;
|
|
||||||
int oNid;
|
|
||||||
int ouIdx;
|
|
||||||
int ouLen;
|
|
||||||
#ifdef WOLFSSL_CERT_EXT
|
|
||||||
int bcIdx;
|
|
||||||
int bcLen;
|
|
||||||
int jcIdx;
|
|
||||||
int jcLen;
|
|
||||||
int jsIdx;
|
|
||||||
int jsLen;
|
|
||||||
#endif
|
|
||||||
int ouNid;
|
|
||||||
int emailIdx;
|
|
||||||
int emailLen;
|
|
||||||
int emailNid;
|
|
||||||
int uidIdx;
|
|
||||||
int uidLen;
|
|
||||||
int uidNid;
|
|
||||||
int serialIdx;
|
|
||||||
int serialLen;
|
|
||||||
int serialNid;
|
|
||||||
int dcIdx[DOMAIN_COMPONENT_MAX];
|
|
||||||
int dcLen[DOMAIN_COMPONENT_MAX];
|
|
||||||
int dcNum;
|
|
||||||
int dcMode;
|
|
||||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
|
||||||
/* hold the location / order with which each of the DN tags was found
|
|
||||||
*
|
|
||||||
* example of ASN_DOMAIN_COMPONENT at index 0 if first found and so on.
|
|
||||||
*/
|
|
||||||
int loc[DOMAIN_COMPONENT_MAX + DN_NAMES_MAX];
|
|
||||||
int locSz;
|
|
||||||
#endif
|
|
||||||
};
|
|
||||||
|
|
||||||
enum SignatureState {
|
enum SignatureState {
|
||||||
SIG_STATE_BEGIN,
|
SIG_STATE_BEGIN,
|
||||||
@@ -786,7 +729,6 @@ struct CertSignCtx {
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
typedef struct DecodedCert DecodedCert;
|
typedef struct DecodedCert DecodedCert;
|
||||||
typedef struct DecodedName DecodedName;
|
|
||||||
typedef struct Signer Signer;
|
typedef struct Signer Signer;
|
||||||
#ifdef WOLFSSL_TRUST_PEER_CERT
|
#ifdef WOLFSSL_TRUST_PEER_CERT
|
||||||
typedef struct TrustedPeerCert TrustedPeerCert;
|
typedef struct TrustedPeerCert TrustedPeerCert;
|
||||||
@@ -913,8 +855,9 @@ struct DecodedCert {
|
|||||||
int subjectEmailLen;
|
int subjectEmailLen;
|
||||||
#endif /* WOLFSSL_CERT_GEN */
|
#endif /* WOLFSSL_CERT_GEN */
|
||||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||||
DecodedName issuerName;
|
/* WOLFSSL_X509_NAME structures (used void* to avoid including ssl.h) */
|
||||||
DecodedName subjectName;
|
void* issuerName;
|
||||||
|
void* subjectName;
|
||||||
#endif /* OPENSSL_EXTRA */
|
#endif /* OPENSSL_EXTRA */
|
||||||
#ifdef WOLFSSL_SEP
|
#ifdef WOLFSSL_SEP
|
||||||
int deviceTypeSz;
|
int deviceTypeSz;
|
||||||
@@ -1126,6 +1069,8 @@ WOLFSSL_LOCAL int wc_OBJ_sn2nid(const char *sn);
|
|||||||
/* ASN.1 helper functions */
|
/* ASN.1 helper functions */
|
||||||
#ifdef WOLFSSL_CERT_GEN
|
#ifdef WOLFSSL_CERT_GEN
|
||||||
WOLFSSL_ASN_API int SetName(byte* output, word32 outputSz, CertName* name);
|
WOLFSSL_ASN_API int SetName(byte* output, word32 outputSz, CertName* name);
|
||||||
|
WOLFSSL_LOCAL const char* GetOneCertName(CertName* name, int idx);
|
||||||
|
WOLFSSL_LOCAL byte GetCertNameId(int idx);
|
||||||
#endif
|
#endif
|
||||||
WOLFSSL_LOCAL int GetShortInt(const byte* input, word32* inOutIdx, int* number,
|
WOLFSSL_LOCAL int GetShortInt(const byte* input, word32* inOutIdx, int* number,
|
||||||
word32 maxIdx);
|
word32 maxIdx);
|
||||||
|
|||||||
Reference in New Issue
Block a user