mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2025-08-03 12:44:45 +02:00
update OID check for domain component
This commit is contained in:
Jacob Barthelmeh
@@ -14936,8 +14936,8 @@ static void ExternalFreeX509(WOLFSSL_X509* x509)
|
|||||||
textSz = name->fullName.dcLen;
|
textSz = name->fullName.dcLen;
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
WOLFSSL_MSG("Unknown NID value");
|
WOLFSSL_MSG("Entry type not found");
|
||||||
return -1;
|
return SSL_FATAL_ERROR;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* if buf is NULL return size of buffer needed (minus null char) */
|
/* if buf is NULL return size of buffer needed (minus null char) */
|
||||||
|
|||||||
@@ -3895,17 +3895,6 @@ static int GetName(DecodedCert* cert, int nameType)
|
|||||||
dName->snLen = strLen;
|
dName->snLen = strLen;
|
||||||
#endif /* OPENSSL_EXTRA */
|
#endif /* OPENSSL_EXTRA */
|
||||||
}
|
}
|
||||||
else if (id == ASN_DOMAIN_COMPONENT) {
|
|
||||||
if (!tooBig) {
|
|
||||||
XMEMCPY(&full[idx], "/domainComponent=", 17);
|
|
||||||
idx += 17;
|
|
||||||
copy = TRUE;
|
|
||||||
}
|
|
||||||
#ifdef OPENSSL_EXTRA
|
|
||||||
dName->dcIdx = cert->srcIdx;
|
|
||||||
dName->dcLen = strLen;
|
|
||||||
#endif /* OPENSSL_EXTRA */
|
|
||||||
}
|
|
||||||
if (copy && !tooBig) {
|
if (copy && !tooBig) {
|
||||||
XMEMCPY(&full[idx], &cert->source[cert->srcIdx], strLen);
|
XMEMCPY(&full[idx], &cert->source[cert->srcIdx], strLen);
|
||||||
idx += strLen;
|
idx += strLen;
|
||||||
@@ -3916,14 +3905,18 @@ static int GetName(DecodedCert* cert, int nameType)
|
|||||||
else {
|
else {
|
||||||
/* skip */
|
/* skip */
|
||||||
byte email = FALSE;
|
byte email = FALSE;
|
||||||
byte uid = FALSE;
|
byte pilot = FALSE;
|
||||||
|
byte id = 0;
|
||||||
int adv;
|
int adv;
|
||||||
|
|
||||||
if (joint[0] == 0x2a && joint[1] == 0x86) /* email id hdr */
|
if (joint[0] == 0x2a && joint[1] == 0x86) /* email id hdr */
|
||||||
email = TRUE;
|
email = TRUE;
|
||||||
|
|
||||||
if (joint[0] == 0x9 && joint[1] == 0x92) /* uid id hdr */
|
if (joint[0] == 0x9 && joint[1] == 0x92) { /* uid id hdr */
|
||||||
uid = TRUE;
|
/* last value of OID is the type of pilot attribute */
|
||||||
|
id = cert->source[cert->srcIdx + oidSz - 1];
|
||||||
|
pilot = TRUE;
|
||||||
|
}
|
||||||
|
|
||||||
cert->srcIdx += oidSz + 1;
|
cert->srcIdx += oidSz + 1;
|
||||||
|
|
||||||
@@ -3986,22 +3979,38 @@ static int GetName(DecodedCert* cert, int nameType)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (uid) {
|
if (pilot) {
|
||||||
if ( (5 + adv) > (int)(ASN_NAME_MAX - idx)) {
|
if ( (5 + adv) > (int)(ASN_NAME_MAX - idx)) {
|
||||||
WOLFSSL_MSG("ASN name too big, skipping");
|
WOLFSSL_MSG("ASN name too big, skipping");
|
||||||
tooBig = TRUE;
|
tooBig = TRUE;
|
||||||
}
|
}
|
||||||
if (!tooBig) {
|
if (!tooBig) {
|
||||||
XMEMCPY(&full[idx], "/UID=", 5);
|
switch (id) {
|
||||||
idx += 5;
|
case ASN_USER_ID:
|
||||||
|
XMEMCPY(&full[idx], "/UID=", 5);
|
||||||
|
idx += 5;
|
||||||
|
#ifdef OPENSSL_EXTRA
|
||||||
|
dName->uidIdx = cert->srcIdx;
|
||||||
|
dName->uidLen = adv;
|
||||||
|
#endif /* OPENSSL_EXTRA */
|
||||||
|
break;
|
||||||
|
|
||||||
|
case ASN_DOMAIN_COMPONENT:
|
||||||
|
XMEMCPY(&full[idx], "/DC=", 4);
|
||||||
|
idx += 4;
|
||||||
|
#ifdef OPENSSL_EXTRA
|
||||||
|
dName->dcIdx = cert->srcIdx;
|
||||||
|
dName->dcLen = adv;
|
||||||
|
#endif /* OPENSSL_EXTRA */
|
||||||
|
break;
|
||||||
|
|
||||||
|
default:
|
||||||
|
WOLFSSL_MSG("Unknown pilot attribute type");
|
||||||
|
return ASN_PARSE_E;
|
||||||
|
}
|
||||||
XMEMCPY(&full[idx], &cert->source[cert->srcIdx], adv);
|
XMEMCPY(&full[idx], &cert->source[cert->srcIdx], adv);
|
||||||
idx += adv;
|
idx += adv;
|
||||||
}
|
}
|
||||||
#ifdef OPENSSL_EXTRA
|
|
||||||
dName->uidIdx = cert->srcIdx;
|
|
||||||
dName->uidLen = adv;
|
|
||||||
#endif /* OPENSSL_EXTRA */
|
|
||||||
}
|
}
|
||||||
|
|
||||||
cert->srcIdx += adv;
|
cert->srcIdx += adv;
|
||||||
@@ -4033,6 +4042,8 @@ static int GetName(DecodedCert* cert, int nameType)
|
|||||||
totalLen += dName->uidLen + 5;
|
totalLen += dName->uidLen + 5;
|
||||||
if (dName->serialLen != 0)
|
if (dName->serialLen != 0)
|
||||||
totalLen += dName->serialLen + 14;
|
totalLen += dName->serialLen + 14;
|
||||||
|
if (dName->dcLen != 0)
|
||||||
|
totalLen += dName->dcLen + 4;
|
||||||
|
|
||||||
dName->fullName = (char*)XMALLOC(totalLen + 1, cert->heap,
|
dName->fullName = (char*)XMALLOC(totalLen + 1, cert->heap,
|
||||||
DYNAMIC_TYPE_X509);
|
DYNAMIC_TYPE_X509);
|
||||||
@@ -4111,6 +4122,15 @@ static int GetName(DecodedCert* cert, int nameType)
|
|||||||
dName->emailIdx = idx;
|
dName->emailIdx = idx;
|
||||||
idx += dName->emailLen;
|
idx += dName->emailLen;
|
||||||
}
|
}
|
||||||
|
if (dName->dcLen != 0) {
|
||||||
|
dName->entryCount++;
|
||||||
|
XMEMCPY(&dName->fullName[idx], "/DC=", 4);
|
||||||
|
idx += 4;
|
||||||
|
XMEMCPY(&dName->fullName[idx],
|
||||||
|
&cert->source[dName->dcIdx], dName->dcLen);
|
||||||
|
dName->dcIdx = idx;
|
||||||
|
idx += dName->dcLen;
|
||||||
|
}
|
||||||
if (dName->uidLen != 0) {
|
if (dName->uidLen != 0) {
|
||||||
dName->entryCount++;
|
dName->entryCount++;
|
||||||
XMEMCPY(&dName->fullName[idx], "/UID=", 5);
|
XMEMCPY(&dName->fullName[idx], "/UID=", 5);
|
||||||
|
|||||||
@@ -556,19 +556,7 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY;
|
|||||||
#define SSL_dup_CA_list wolfSSL_dup_CA_list
|
#define SSL_dup_CA_list wolfSSL_dup_CA_list
|
||||||
|
|
||||||
|
|
||||||
#define NID_commonName 0x03 /* matchs ASN_COMMON_NAME in asn.h */
|
|
||||||
#define NID_domainComponent 0x10
|
|
||||||
/* matchs ASN_DOMAIN_COMPONENT in asn.h */
|
|
||||||
|
|
||||||
/* matchs ASN_..._NAME in asn.h */
|
|
||||||
#define NID_commonName 0x03 /* CN */
|
|
||||||
#define NID_surname 0x04, /* SN */
|
|
||||||
#define NID_serialNumber 0x05, /* serialNumber */
|
|
||||||
#define NID_countryName 0x06, /* C */
|
|
||||||
#define NID_localityName 0x07, /* L */
|
|
||||||
#define NID_stateOrProvinceName 0x08, /* ST */
|
|
||||||
#define NID_organizationName 0x0a, /* O */
|
|
||||||
#define NID_organizationalUnitName 0x0b, /* OU */
|
|
||||||
|
|
||||||
/* NIDs */
|
/* NIDs */
|
||||||
enum {
|
enum {
|
||||||
@@ -779,6 +767,18 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING;
|
|||||||
#define NID_policy_constraints 150
|
#define NID_policy_constraints 150
|
||||||
#define NID_inhibit_any_policy 168 /* 2.5.29.54 */
|
#define NID_inhibit_any_policy 168 /* 2.5.29.54 */
|
||||||
#define NID_tlsfeature 92 /* id-pe 24 */
|
#define NID_tlsfeature 92 /* id-pe 24 */
|
||||||
|
#define NID_commonName 0x03 /* matchs ASN_COMMON_NAME in asn.h */
|
||||||
|
#define NID_domainComponent 0x19
|
||||||
|
/* matchs ASN_DOMAIN_COMPONENT in asn.h */
|
||||||
|
|
||||||
|
/* matchs ASN_..._NAME in asn.h */
|
||||||
|
#define NID_surname 0x04, /* SN */
|
||||||
|
#define NID_serialNumber 0x05, /* serialNumber */
|
||||||
|
#define NID_countryName 0x06, /* C */
|
||||||
|
#define NID_localityName 0x07, /* L */
|
||||||
|
#define NID_stateOrProvinceName 0x08, /* ST */
|
||||||
|
#define NID_organizationName 0x0a, /* O */
|
||||||
|
#define NID_organizationalUnitName 0x0b, /* OU */
|
||||||
|
|
||||||
|
|
||||||
#define SSL_CTX_set_msg_callback wolfSSL_CTX_set_msg_callback
|
#define SSL_CTX_set_msg_callback wolfSSL_CTX_set_msg_callback
|
||||||
@@ -786,24 +786,6 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING;
|
|||||||
#define SSL_CTX_set_msg_callback_arg wolfSSL_CTX_set_msg_callback_arg
|
#define SSL_CTX_set_msg_callback_arg wolfSSL_CTX_set_msg_callback_arg
|
||||||
#define SSL_set_msg_callback_arg wolfSSL_set_msg_callback_arg
|
#define SSL_set_msg_callback_arg wolfSSL_set_msg_callback_arg
|
||||||
|
|
||||||
/* certificate extension NIDs */
|
|
||||||
#define NID_basic_constraints 133
|
|
||||||
#define NID_key_usage 129 /* 2.5.29.15 */
|
|
||||||
#define NID_ext_key_usage 151 /* 2.5.29.37 */
|
|
||||||
#define NID_subject_key_identifier 128
|
|
||||||
#define NID_authority_key_identifier 149
|
|
||||||
#define NID_private_key_usage_period 130 /* 2.5.29.16 */
|
|
||||||
#define NID_subject_alt_name 131
|
|
||||||
#define NID_issuer_alt_name 132
|
|
||||||
#define NID_info_access 69
|
|
||||||
#define NID_sinfo_access 79 /* id-pe 11 */
|
|
||||||
#define NID_name_constraints 144 /* 2.5.29.30 */
|
|
||||||
#define NID_certificate_policies 146
|
|
||||||
#define NID_policy_mappings 147
|
|
||||||
#define NID_policy_constraints 150
|
|
||||||
#define NID_inhibit_any_policy 168 /* 2.5.29.54 */
|
|
||||||
#define NID_tlsfeature 92 /* id-pe 24 */
|
|
||||||
|
|
||||||
|
|
||||||
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \
|
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \
|
||||||
defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_EXTRA)
|
defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_EXTRA)
|
||||||
|
|||||||
@@ -10,6 +10,10 @@
|
|||||||
#include <wolfssl/wolfcrypt/types.h>
|
#include <wolfssl/wolfcrypt/types.h>
|
||||||
#include <wolfssl/wolfcrypt/error-crypt.h>
|
#include <wolfssl/wolfcrypt/error-crypt.h>
|
||||||
#include <wolfssl/wolfcrypt/random.h>
|
#include <wolfssl/wolfcrypt/random.h>
|
||||||
|
#include <wolfssl/wolfcrypt/mem_track.h>
|
||||||
|
#if defined(OPENSSL_EXTRA) && defined(SHOW_CERTS)
|
||||||
|
#include <wolfssl/openssl/ssl.h> /* for domain component NID value */
|
||||||
|
#endif
|
||||||
|
|
||||||
#ifdef ATOMIC_USER
|
#ifdef ATOMIC_USER
|
||||||
#include <wolfssl/wolfcrypt/aes.h>
|
#include <wolfssl/wolfcrypt/aes.h>
|
||||||
@@ -124,7 +128,6 @@
|
|||||||
#ifdef HAVE_CAVIUM
|
#ifdef HAVE_CAVIUM
|
||||||
#include <wolfssl/wolfcrypt/port/cavium/cavium_nitrox.h>
|
#include <wolfssl/wolfcrypt/port/cavium/cavium_nitrox.h>
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef _MSC_VER
|
#ifdef _MSC_VER
|
||||||
/* disable conversion warning */
|
/* disable conversion warning */
|
||||||
/* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */
|
/* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */
|
||||||
@@ -522,11 +525,24 @@ static INLINE void ShowX509(WOLFSSL_X509* x509, const char* hdr)
|
|||||||
#if defined(OPENSSL_EXTRA) && defined(SHOW_CERTS)
|
#if defined(OPENSSL_EXTRA) && defined(SHOW_CERTS)
|
||||||
{
|
{
|
||||||
WOLFSSL_BIO* bio;
|
WOLFSSL_BIO* bio;
|
||||||
|
char buf[256]; /* should be size of ASN_NAME_MAX */
|
||||||
|
int textSz;
|
||||||
|
|
||||||
|
|
||||||
|
/* print out domain component if certificate has it */
|
||||||
|
textSz = wolfSSL_X509_NAME_get_text_by_NID(
|
||||||
|
wolfSSL_X509_get_subject_name(x509), NID_domainComponent,
|
||||||
|
buf, sizeof(buf));
|
||||||
|
if (textSz > 0) {
|
||||||
|
printf("Domain Component = %s\n", buf);
|
||||||
|
}
|
||||||
|
|
||||||
bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file());
|
bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file());
|
||||||
wolfSSL_BIO_set_fp(bio, stdout, BIO_NOCLOSE);
|
if (bio != NULL) {
|
||||||
wolfSSL_X509_print(bio, x509);
|
wolfSSL_BIO_set_fp(bio, stdout, BIO_NOCLOSE);
|
||||||
wolfSSL_BIO_free(bio);
|
wolfSSL_X509_print(bio, x509);
|
||||||
|
wolfSSL_BIO_free(bio);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -104,8 +104,12 @@ enum DN_Tags {
|
|||||||
ASN_STATE_NAME = 0x08, /* ST */
|
ASN_STATE_NAME = 0x08, /* ST */
|
||||||
ASN_ORG_NAME = 0x0a, /* O */
|
ASN_ORG_NAME = 0x0a, /* O */
|
||||||
ASN_ORGUNIT_NAME = 0x0b, /* OU */
|
ASN_ORGUNIT_NAME = 0x0b, /* OU */
|
||||||
ASN_DOMAIN_COMPONENT = 0x10, /* DC */
|
ASN_EMAIL_NAME = 0x98, /* not oid number there is 97 in 2.5.4.0-97 */
|
||||||
ASN_EMAIL_NAME = 0x98 /* not oid number there is 97 in 2.5.4.0-97 */
|
|
||||||
|
/* pilot attribute types
|
||||||
|
* OID values of 0.9.2342.19200300.100.1.* */
|
||||||
|
ASN_USER_ID = 0x01, /* UID */
|
||||||
|
ASN_DOMAIN_COMPONENT = 0x19 /* DC */
|
||||||
};
|
};
|
||||||
|
|
||||||
enum PBES {
|
enum PBES {
|
||||||
|
|||||||
Reference in New Issue
Block a user