From 7252a138e09897c0e5b8b80fb253aeba73c25836 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Mon, 23 Jan 2017 16:26:06 -0700 Subject: [PATCH] ASN1 object functions --- src/ssl.c | 522 +++++++++++++++++++++++++++++++++++--- tests/api.c | 27 ++ wolfcrypt/src/asn.c | 17 +- wolfssl/openssl/evp.h | 1 + wolfssl/openssl/objects.h | 1 + wolfssl/openssl/rsa.h | 7 - wolfssl/openssl/ssl.h | 14 + wolfssl/wolfcrypt/asn.h | 10 +- 8 files changed, 550 insertions(+), 49 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 4a03f4083..154e32f1e 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -14315,7 +14315,6 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) if (line != NULL) { *line = (int)wc_last_error_line; - } return wc_last_error; @@ -24989,18 +24988,494 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) WOLFSSL_STUB("wolfSSL_X509_NAME_add_entry"); return SSL_FAILURE; } + + void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME* name) + { + WOLFSSL_ENTER("wolfSSL_X509_NAME_free"); + FreeX509Name(name, NULL); + XFREE(name, NULL, DYNAMIC_TYPE_X509); + } #endif /* ifndef NO_CERTS */ - #ifndef NO_CERTS - void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME *name){ - FreeX509Name(name, NULL); - WOLFSSL_ENTER("wolfSSL_X509_NAME_free"); - } - #endif /* NO_CERTS */ -#if defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE) || \ - defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \ - defined(HAVE_POCO_LIB) || defined (WOLFSSL_HAPROXY) + /* NID variables are dependent on compatibility header files currently */ + WOLFSSL_ASN1_OBJECT* wolfSSL_OBJ_nid2obj(int id) + { + word32 oidSz = 0; + const byte* oid; + word32 type = 0; + WOLFSSL_ASN1_OBJECT* obj; + byte objBuf[MAX_OID_SZ + MAX_LENGTH_SZ + 1]; /* +1 for object tag */ + word32 objSz = 0; + const char* sName; + + WOLFSSL_ENTER("wolfSSL_OBJ_nid2obj()"); + + /* get OID type */ + switch (id) { + /* oidHashType */ + #ifdef WOLFSSL_MD2 + case NID_md2: + id = MD2h; + type = oidHashType; + sName = "md2"; + break; + #endif + #ifndef NO_MD5 + case NID_md5: + id = MD5h; + type = oidHashType; + sName = "md5"; + break; + #endif + #ifndef NO_SHA + case NID_sha1: + id = SHAh; + type = oidHashType; + sName = "sha"; + break; + #endif + case NID_sha224: + id = SHA224h; + type = oidHashType; + sName = "sha224"; + break; + #ifndef NO_SHA256 + case NID_sha256: + id = SHA256h; + type = oidHashType; + sName = "sha256"; + break; + #endif + #ifdef WOLFSSL_SHA384 + case NID_sha384: + id = SHA384h; + type = oidHashType; + sName = "sha384"; + break; + #endif + #ifdef WOLFSSL_SHA512 + case NID_sha512: + id = SHA512h; + type = oidHashType; + sName = "sha512"; + break; + #endif + + /* oidSigType */ + #ifndef NO_DSA + case CTC_SHAwDSA: + sName = "shaWithDSA"; + type = oidSigType; + break; + + #endif /* NO_DSA */ + #ifndef NO_RSA + case CTC_MD2wRSA: + sName = "md2WithRSA"; + type = oidSigType; + break; + + case CTC_MD5wRSA: + sName = "md5WithRSA"; + type = oidSigType; + break; + + case CTC_SHAwRSA: + sName = "shaWithRSA"; + type = oidSigType; + break; + + case CTC_SHA224wRSA: + sName = "sha224WithRSA"; + type = oidSigType; + break; + + case CTC_SHA256wRSA: + sName = "sha256WithRSA"; + type = oidSigType; + break; + + case CTC_SHA384wRSA: + sName = "sha384WithRSA"; + type = oidSigType; + break; + + case CTC_SHA512wRSA: + sName = "sha512WithRSA"; + type = oidSigType; + break; + + #endif /* NO_RSA */ + #ifdef HAVE_ECC + case CTC_SHAwECDSA: + sName = "shaWithECDSA"; + type = oidSigType; + break; + + case CTC_SHA224wECDSA: + sName = "sha224WithECDSA"; + type = oidSigType; + break; + + case CTC_SHA256wECDSA: + sName = "sha256WithECDSA"; + type = oidSigType; + break; + + case CTC_SHA384wECDSA: + sName = "sha384WithECDSA"; + type = oidSigType; + break; + + case CTC_SHA512wECDSA: + sName = "sha512WithECDSA"; + type = oidSigType; + break; + #endif /* HAVE_ECC */ + + /* oidKeyType */ + #ifndef NO_DSA + case DSAk: + sName = "DSA key"; + type = oidKeyType; + break; + #endif /* NO_DSA */ + #ifndef NO_RSA + case RSAk: + sName = "RSA key"; + type = oidKeyType; + break; + #endif /* NO_RSA */ + #ifdef HAVE_NTRU + case NTRUk: + sName = "NTRU key"; + type = oidKeyType; + break; + #endif /* HAVE_NTRU */ + #ifdef HAVE_ECC + case ECDSAk: + sName = "ECDSA key"; + type = oidKeyType; + break; + #endif /* HAVE_ECC */ + + /* oidBlkType */ + case AES128CBCb: + sName = "AES-128-CBC"; + type = oidBlkType; + break; + + case AES192CBCb: + sName = "AES-192-CBC"; + type = oidBlkType; + break; + + case AES256CBCb: + sName = "AES-256-CBC"; + type = oidBlkType; + break; + + case NID_des: + id = DESb; + sName = "DES-CBC"; + type = oidBlkType; + break; + + case NID_des3: + id = DES3b; + sName = "DES3-CBC"; + type = oidBlkType; + break; + + #ifdef HAVE_OCSP + case NID_id_pkix_OCSP_basic: + id = OCSP_BASIC_OID; + sName = "OCSP_basic"; + type = oidOcspType; + break; + + case OCSP_NONCE_OID: + sName = "OCSP_nonce"; + type = oidOcspType; + break; + #endif /* HAVE_OCSP */ + + /* oidCertExtType */ + case BASIC_CA_OID: + sName = "X509 basic ca"; + type = oidCertExtType; + break; + + case ALT_NAMES_OID: + sName = "X509 alt names"; + type = oidCertExtType; + break; + + case CRL_DIST_OID: + sName = "X509 crl"; + type = oidCertExtType; + break; + + case AUTH_INFO_OID: + sName = "X509 auth info"; + type = oidCertExtType; + break; + + case AUTH_KEY_OID: + sName = "X509 auth key"; + type = oidCertExtType; + break; + + case SUBJ_KEY_OID: + sName = "X509 subject key"; + type = oidCertExtType; + break; + + case KEY_USAGE_OID: + sName = "X509 key usage"; + type = oidCertExtType; + break; + + case INHIBIT_ANY_OID: + id = INHIBIT_ANY_OID; + sName = "X509 inhibit any"; + type = oidCertExtType; + break; + + case NID_ext_key_usage: + id = KEY_USAGE_OID; + sName = "X509 ext key usage"; + type = oidCertExtType; + break; + + case NID_name_constraints: + id = NAME_CONS_OID; + sName = "X509 name constraints"; + type = oidCertExtType; + break; + + case NID_certificate_policies: + id = CERT_POLICY_OID; + sName = "X509 certificate policies"; + type = oidCertExtType; + break; + + /* oidCertAuthInfoType */ + case AIA_OCSP_OID: + sName = "Cert Auth OCSP"; + type = oidCertAuthInfoType; + break; + + case AIA_CA_ISSUER_OID: + sName = "Cert Auth CA Issuer"; + type = oidCertAuthInfoType; + break; + + /* oidCertPolicyType */ + case NID_any_policy: + id = CP_ANY_OID; + sName = "Cert any policy"; + type = oidCertPolicyType; + break; + + /* oidCertAltNameType */ + case NID_hw_name_oid: + id = HW_NAME_OID; + sName = "Hardware name"; + type = oidCertAltNameType; + break; + + /* oidCertKeyUseType */ + case NID_anyExtendedKeyUsage: + id = EKU_ANY_OID; + sName = "Cert any extended key"; + type = oidCertKeyUseType; + break; + + case EKU_SERVER_AUTH_OID: + sName = "Cert server auth key"; + type = oidCertKeyUseType; + break; + + case EKU_CLIENT_AUTH_OID: + sName = "Cert client auth key"; + type = oidCertKeyUseType; + break; + + case EKU_OCSP_SIGN_OID: + sName = "Cert OCSP sign key"; + type = oidCertKeyUseType; + break; + + /* oidKdfType */ + case PBKDF2_OID: + sName = "PBKDFv2"; + type = oidKdfType; + break; + + /* oidPBEType */ + case PBE_SHA1_RC4_128: + sName = "PBE shaWithRC4-128"; + type = oidPBEType; + break; + + case PBE_SHA1_DES: + sName = "PBE shaWithDES"; + type = oidPBEType; + break; + + case PBE_SHA1_DES3: + sName = "PBE shaWithDES3"; + type = oidPBEType; + break; + + /* oidKeyWrapType */ + case AES128_WRAP: + sName = "AES-128 wrap"; + type = oidKeyWrapType; + break; + + case AES192_WRAP: + sName = "AES-192 wrap"; + type = oidKeyWrapType; + break; + + case AES256_WRAP: + sName = "AES-256 wrap"; + type = oidKeyWrapType; + break; + + /* oidCmsKeyAgreeType */ + case dhSinglePass_stdDH_sha1kdf_scheme: + sName = "DH-SHA kdf"; + type = oidCmsKeyAgreeType; + break; + + case dhSinglePass_stdDH_sha224kdf_scheme: + sName = "DH-SHA224 kdf"; + type = oidCmsKeyAgreeType; + break; + + case dhSinglePass_stdDH_sha256kdf_scheme: + sName = "DH-SHA256 kdf"; + type = oidCmsKeyAgreeType; + break; + + case dhSinglePass_stdDH_sha384kdf_scheme: + sName = "DH-SHA384 kdf"; + type = oidCmsKeyAgreeType; + break; + + case dhSinglePass_stdDH_sha512kdf_scheme: + sName = "DH-SHA512 kdf"; + type = oidCmsKeyAgreeType; + break; + + default: + WOLFSSL_MSG("NID not in table"); + return NULL; + } + + #ifdef HAVE_ECC + if (type == 0 && wc_ecc_get_oid(id, &oid, &oidSz) > 0) { + type = oidCurveType; + } + #endif /* HAVE_ECC */ + + if (XSTRLEN(sName) > WOLFSSL_MAX_SNAME - 1) { + WOLFSSL_MSG("Attempted short name is too large"); + return NULL; + } + + oid = OidFromId(id, type, &oidSz); + + /* set object ID to buffer */ + obj = wolfSSL_ASN1_OBJECT_new(); + if (obj == NULL) { + WOLFSSL_MSG("Issue creating WOLFSSL_ASN1_OBJECT struct"); + return NULL; + } + obj->type = id; + obj->dynamic = 1; + XMEMCPY(obj->sName, (char*)sName, XSTRLEN((char*)sName)); + + objBuf[0] = ASN_OBJECT_ID; objSz++; + objSz += SetLength(oidSz, objBuf + 1); + XMEMCPY(objBuf + objSz, oid, oidSz); + objSz += oidSz; + obj->objSz = objSz; + + obj->obj = (byte*)XMALLOC(obj->objSz, NULL, DYNAMIC_TYPE_ASN1); + if (obj->obj == NULL) { + wolfSSL_ASN1_OBJECT_free(obj); + return NULL; + } + XMEMCPY(obj->obj, objBuf, obj->objSz); + + (void)type; + + return obj; + } + + + /* if no_name is one than use numerical form otherwise can be short name. */ + int wolfSSL_OBJ_obj2txt(char *buf, int bufLen, WOLFSSL_ASN1_OBJECT *a, int no_name) + { + int bufSz; + + WOLFSSL_ENTER("wolfSSL_OBJ_obj2txt()"); + + if (buf == NULL || bufLen <= 1 || a == NULL) { + WOLFSSL_MSG("Bad input argument"); + return SSL_FAILURE; + } + + if (no_name == 1) { + int length; + word32 idx = 0; + + if (a->obj[idx++] != ASN_OBJECT_ID) { + WOLFSSL_MSG("Bad ASN1 Object"); + return SSL_FAILURE; + } + + if (GetLength((const byte*)a->obj, &idx, &length, + a->objSz) < 0 || length < 0) { + return ASN_PARSE_E; + } + + if (bufLen < MAX_OID_STRING_SZ) { + bufSz = bufLen - 1; + } + else { + bufSz = MAX_OID_STRING_SZ; + } + + if ((bufSz = DecodePolicyOID(buf, (word32)bufSz, a->obj + idx, + (word32)length)) <= 0) { + WOLFSSL_MSG("Error decoding OID"); + return SSL_FAILURE; + } + + } + else { /* return short name */ + if (XSTRLEN(a->sName) + 1 < (word32)bufLen - 1) { + bufSz = (int)XSTRLEN(a->sName); + } + else { + bufSz = bufLen - 1; + } + XMEMCPY(buf, a->sName, bufSz); + } + + buf[bufSz] = '\0'; + return bufSz; + } + +#if defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE) || \ + defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(HAVE_POCO_LIB) \ + || defined(WOLFSSL_HAPROXY) unsigned char *wolfSSL_SHA1(const unsigned char *d, size_t n, unsigned char *md) { @@ -25123,27 +25598,6 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) return 0; } - WOLFSSL_ASN1_OBJECT* wolfSSL_OBJ_nid2obj(int n) - { - (void)n; - - WOLFSSL_STUB("wolfSSL_OBJ_nid2obj"); - - return NULL; - } - - int wolfSSL_OBJ_obj2txt(char *buf, int buf_len, WOLFSSL_ASN1_OBJECT *a, int no_name) - { - (void)buf; - (void)buf_len; - (void)a; - (void)no_name; - - WOLFSSL_STUB("wolfSSL_OBJ_obj2txt"); - - return 0; - } - char * wolfSSL_OBJ_nid2ln(int n) { (void)n; @@ -25161,9 +25615,13 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) return 0; } + + /* compatibility function. It's intended use is to remove OID's from an + * internal table that have been added with OBJ_create. wolfSSL manages it's + * own interenal OID values and does not currently support OBJ_create. */ void wolfSSL_OBJ_cleanup(void) { - WOLFSSL_STUB("wolfSSL_OBJ_cleanup"); + WOLFSSL_ENTER("wolfSSL_OBJ_cleanup()"); } diff --git a/tests/api.c b/tests/api.c index 7a76392ff..e1125ad8e 100644 --- a/tests/api.c +++ b/tests/api.c @@ -222,6 +222,7 @@ #include #include #include + #include #ifndef NO_DES3 #include #endif @@ -14890,6 +14891,30 @@ static void test_wolfSSL_HMAC(void) } +static void test_wolfSSL_OBJ(void) +{ + #if defined(OPENSSL_EXTRA) && !defined(NO_SHA256) + ASN1_OBJECT* obj = NULL; + char buf[50]; + + printf(testingFmt, "wolfSSL_OBJ()"); + + AssertIntEQ(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1), SSL_FAILURE); + AssertNotNull(obj = OBJ_nid2obj(NID_any_policy)); + AssertIntEQ(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1), 11); + AssertIntGT(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 0), 0); + ASN1_OBJECT_free(obj); + + AssertNotNull(obj = OBJ_nid2obj(NID_sha256)); + AssertIntEQ(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1), 22); + AssertIntGT(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 0), 0); + ASN1_OBJECT_free(obj); + + printf(resultFmt, passed); + #endif +} + + static void test_no_op_functions(void) { #if defined(OPENSSL_EXTRA) @@ -14901,6 +14926,7 @@ static void test_no_op_functions(void) OpenSSL_add_all_ciphers(); CRYPTO_malloc_init(); + wolfSSL_OBJ_nid2obj(1); printf(resultFmt, passed); #endif } @@ -15691,6 +15717,7 @@ void ApiTest(void) test_wolfSSL_pkcs8(); test_wolfSSL_ERR_put_error(); test_wolfSSL_HMAC(); + test_wolfSSL_OBJ(); /* test the no op functions for compatibility */ test_no_op_functions(); diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 70c3ea3b9..307036a29 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -849,7 +849,7 @@ static const byte pbeSha1Des[] = {42, 134, 72, 134, 247, 13, 1, 5, 10}; static const byte pbeSha1RC4128[] = {42, 134, 72, 134, 247, 13, 1, 12, 1, 1}; static const byte pbeSha1Des3[] = {42, 134, 72, 134, 247, 13, 1, 12, 1, 3}; -static const byte* OidFromId(word32 id, word32 type, word32* oidSz) +const byte* OidFromId(word32 id, word32 type, word32* oidSz) { const byte* oid = NULL; @@ -2484,7 +2484,7 @@ int ToTraditionalEnc(byte* input, word32 sz,const char* password,int passwordSz) ERROR_OUT(ASN_PARSE_E, exit_tte); } - if (GetAlgoId(input, &inOutIdx, &oid, oidSigType, sz) < 0) { + if (GetAlgoId(input, &inOutIdx, &oid, oidIgnoreType, sz) < 0) { ERROR_OUT(ASN_PARSE_E, exit_tte); } @@ -2767,7 +2767,7 @@ int DecryptContent(byte* input, word32 sz,const char* password,int passwordSz) byte cbcIv[MAX_IV_SIZE]; #endif - if (GetAlgoId(input, &inOutIdx, &oid, oidSigType, sz) < 0) { + if (GetAlgoId(input, &inOutIdx, &oid, oidIgnoreType, sz) < 0) { ERROR_OUT(ASN_PARSE_E, exit_dc); } @@ -5762,8 +5762,7 @@ static int DecodeNameConstraints(byte* input, int sz, DecodedCert* cert) } #endif /* IGNORE_NAME_CONSTRAINTS */ - -#if defined(WOLFSSL_CERT_EXT) && !defined(WOLFSSL_SEP) +#if (defined(WOLFSSL_CERT_EXT) && !defined(WOLFSSL_SEP)) || defined(OPENSSL_EXTRA) static int Word32ToString(char* d, word32 number) { @@ -5799,7 +5798,7 @@ static int Word32ToString(char* d, word32 number) /* Decode ITU-T X.690 OID format to a string representation * return string length */ -static int DecodePolicyOID(char *out, word32 outSz, byte *in, word32 inSz) +int DecodePolicyOID(char *out, word32 outSz, byte *in, word32 inSz) { word32 val, idx = 0, nb_bytes; size_t w_bytes = 0; @@ -5846,7 +5845,7 @@ static int DecodePolicyOID(char *out, word32 outSz, byte *in, word32 inSz) w_bytes += Word32ToString(out+w_bytes, val); } - return 0; + return (int)w_bytes; } #endif /* WOLFSSL_CERT_EXT && !WOLFSSL_SEP */ @@ -5908,8 +5907,8 @@ static int DecodePolicyOID(char *out, word32 outSz, byte *in, word32 inSz) break; #elif defined(WOLFSSL_CERT_EXT) /* decode cert policy */ - if (DecodePolicyOID(cert->extCertPolicies[cert->extCertPoliciesNb], - MAX_CERTPOL_SZ, input + idx, length) != 0) { + if (DecodePolicyOID(cert->extCertPolicies[cert->extCertPoliciesNb], MAX_CERTPOL_SZ, + input + idx, length) <= 0) { WOLFSSL_MSG("\tCouldn't decode CertPolicy"); return ASN_PARSE_E; } diff --git a/wolfssl/openssl/evp.h b/wolfssl/openssl/evp.h index 0e2d85128..9c0094c9e 100644 --- a/wolfssl/openssl/evp.h +++ b/wolfssl/openssl/evp.h @@ -154,6 +154,7 @@ enum { EVP_PKEY_EC = 18, IDEA_CBC_TYPE = 19, NID_sha1 = 64, + NID_sha224 = 65, NID_md2 = 3, NID_md5 = 4, NID_hmac = 855, diff --git a/wolfssl/openssl/objects.h b/wolfssl/openssl/objects.h index eb0d64122..fd823c1fe 100644 --- a/wolfssl/openssl/objects.h +++ b/wolfssl/openssl/objects.h @@ -38,6 +38,7 @@ #define OBJ_nid2obj wolfSSL_OBJ_nid2obj #define OBJ_obj2txt wolfSSL_OBJ_obj2txt #define OBJ_cleanup wolfSSL_OBJ_cleanup +#define ASN1_OBJECT_free wolfSSL_ASN1_OBJECT_free #ifdef __cplusplus diff --git a/wolfssl/openssl/rsa.h b/wolfssl/openssl/rsa.h index ba013826c..3aa46dc3e 100644 --- a/wolfssl/openssl/rsa.h +++ b/wolfssl/openssl/rsa.h @@ -35,13 +35,6 @@ #define RSA_PKCS1_PADDING WC_RSA_PKCSV15_PAD #define RSA_PKCS1_OAEP_PADDING WC_RSA_OAEP_PAD -/* rsaTypes */ -enum { - NID_sha256 = 672, - NID_sha384 = 673, - NID_sha512 = 674 -}; - #ifndef WOLFSSL_RSA_TYPE_DEFINED /* guard on redeclaration */ typedef struct WOLFSSL_RSA WOLFSSL_RSA; #define WOLFSSL_RSA_TYPE_DEFINED diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 022ac8fbd..cbfaf4ffc 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -558,6 +558,20 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define NID_commonName 0x03 /* matchs ASN_COMMON_NAME in asn.h */ +/* NIDs */ +enum { + NID_des = 66, + NID_des3 = 67, + NID_sha256 = 672, + NID_sha384 = 673, + NID_sha512 = 674, + NID_hw_name_oid = 73, + NID_id_pkix_OCSP_basic = 74, + NID_any_policy = 75, + NID_anyExtendedKeyUsage = 76, +}; + + #define PEM_read_bio_DHparams wolfSSL_PEM_read_bio_DHparams #define PEM_read_bio_DSAparams wolfSSL_PEM_read_bio_DSAparams #define PEM_write_bio_X509_REQ wolfSSL_PEM_write_bio_X509_REQ diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 310f611d9..68a5e6adb 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -178,6 +178,10 @@ enum Misc_ASN { #endif /* Max total extensions, id + len + others */ #endif +#if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) + MAX_OID_SZ = 32, /* Max DER length of OID*/ + MAX_OID_STRING_SZ = 64, /* Max string length representation of OID*/ +#endif #ifdef WOLFSSL_CERT_EXT MAX_KID_SZ = 45, /* Max encoded KID length (SHA-256 case) */ MAX_KEYUSAGE_SZ = 18, /* Max encoded Key Usage length */ @@ -650,10 +654,12 @@ struct DecodedCert { SignatureCtx sigCtx; }; - +#define WOLFSSL_MAX_SNAME 40 struct WOLFSSL_ASN1_OBJECT { void* heap; byte* obj; + /* sName is short name i.e sha256 rather than oid (null terminated) */ + char sName[WOLFSSL_MAX_SNAME]; int type; /* oid */ word32 objSz; byte dynamic; /* if 1 then obj was dynamiclly created, 0 otherwise */ @@ -753,9 +759,11 @@ WOLFSSL_ASN_API void InitDecodedCert(DecodedCert*, byte*, word32, void*); WOLFSSL_ASN_API void FreeDecodedCert(DecodedCert*); WOLFSSL_ASN_API int ParseCert(DecodedCert*, int type, int verify, void* cm); +WOLFSSL_LOCAL int DecodePolicyOID(char *o, word32 oSz, byte *in, word32 inSz); WOLFSSL_LOCAL int ParseCertRelative(DecodedCert*,int type,int verify,void* cm); WOLFSSL_LOCAL int DecodeToKey(DecodedCert*, int verify); +WOLFSSL_LOCAL const byte* OidFromId(word32 id, word32 type, word32* oidSz); WOLFSSL_LOCAL Signer* MakeSigner(void*); WOLFSSL_LOCAL void FreeSigner(Signer*, void*); WOLFSSL_LOCAL void FreeSignerTable(Signer**, int, void*);