wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-03 20:54:41 +02:00
Code Issues Packages Projects Releases Wiki Activity

Maintenance: X509

Browse Source 
1. Add a test for the new alt name handling.
2. Added an API to set altnames in a WOLFSSL_X509 struct. Just adds
DNS_entries.
3. Removed the "static" from a bunch of constant byte arrays used inside
some of the ASN.1 code.
This commit is contained in:
John Safranek
2020-01-10 16:06:26 -08:00
parent 5dcffa6b40
commit 8d1b20706c
4 changed files with 77 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
src/ssl.c
View File

@@ -9743,6 +9743,46 @@ err:
return NULL; return NULL;
} }
int wolfSSL_X509_add_altname(WOLFSSL_X509* x509, const char* name, int type)
{
DNS_entry* newAltName = NULL;
char* nameCopy = NULL;
word32 nameSz;
if (x509 == NULL)
return WOLFSSL_FAILURE;
if (name == NULL)
return WOLFSSL_SUCCESS;
nameSz = (word32)XSTRLEN(name);
if (nameSz == 0)
return WOLFSSL_SUCCESS;
newAltName = (DNS_entry*)XMALLOC(sizeof(DNS_entry),
x509->heap, DYNAMIC_TYPE_ALTNAME);
if (newAltName == NULL)
return WOLFSSL_FAILURE;
nameCopy = (char*)XMALLOC(nameSz + 1, x509->heap, DYNAMIC_TYPE_ALTNAME);
if (nameCopy == NULL) {
XFREE(newAltName, x509->heap, DYNAMIC_TYPE_ALTNAME);
return WOLFSSL_FAILURE;
}
XSTRNCPY(nameCopy, name, nameSz);
newAltName->next = x509->altNames;
newAltName->type = type;
newAltName->len = nameSz;
newAltName->name = nameCopy;
x509->altNames = newAltName;
return WOLFSSL_SUCCESS;
}
#ifndef NO_WOLFSSL_STUB #ifndef NO_WOLFSSL_STUB
int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext, int loc) int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext, int loc)
{ {

21
tests/api.c
View File

@@ -22443,6 +22443,22 @@ static void test_wolfSSL_X509_sign(void)
/* Set subject name, add pubkey, and sign certificate */ /* Set subject name, add pubkey, and sign certificate */
AssertIntEQ(X509_set_subject_name(x509, name), SSL_SUCCESS); AssertIntEQ(X509_set_subject_name(x509, name), SSL_SUCCESS);
AssertIntEQ(X509_set_pubkey(x509, pub), SSL_SUCCESS); AssertIntEQ(X509_set_pubkey(x509, pub), SSL_SUCCESS);
#ifdef WOLFSSL_ALT_NAMES
/* Add some subject alt names */
AssertIntNE(wolfSSL_X509_add_altname(NULL,
NULL, ASN_DNS_TYPE), SSL_SUCCESS);
AssertIntEQ(wolfSSL_X509_add_altname(x509,
NULL, ASN_DNS_TYPE), SSL_SUCCESS);
AssertIntEQ(wolfSSL_X509_add_altname(x509,
"sphygmomanometer",
ASN_DNS_TYPE), SSL_SUCCESS);
AssertIntEQ(wolfSSL_X509_add_altname(x509,
"supercalifragilisticexpialidocious",
ASN_DNS_TYPE), SSL_SUCCESS);
AssertIntEQ(wolfSSL_X509_add_altname(x509,
"Llanfairpwllgwyngyllgogerychwyrndrobwllllantysiliogogogoch",
ASN_DNS_TYPE), SSL_SUCCESS);
#endif /* WOLFSSL_ALT_NAMES */
/* Test invalid parameters */ /* Test invalid parameters */
AssertIntEQ(X509_sign(NULL, priv, EVP_sha256()), 0); AssertIntEQ(X509_sign(NULL, priv, EVP_sha256()), 0);
AssertIntEQ(X509_sign(x509, NULL, EVP_sha256()), 0); AssertIntEQ(X509_sign(x509, NULL, EVP_sha256()), 0);
@@ -22461,8 +22477,13 @@ static void test_wolfSSL_X509_sign(void)
XFCLOSE(tmpFile); XFCLOSE(tmpFile);
#endif #endif
#ifndef WOLFSSL_ALT_NAMES
/* Valid case - size should be 798 */ /* Valid case - size should be 798 */
AssertIntEQ(ret, 798); AssertIntEQ(ret, 798);
#else /* WOLFSSL_ALT_NAMES */
/* Valid case - size should be 927 */
AssertIntEQ(ret, 927);
#endif /* WOLFSSL_ALT_NAMES */
X509_NAME_free(name); X509_NAME_free(name);
EVP_PKEY_free(priv); EVP_PKEY_free(priv);

30
wolfcrypt/src/asn.c
View File

@@ -5408,7 +5408,7 @@ WOLFSSL_API int EccEnumToNID(int n)
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
WOLFSSL_LOCAL int wc_OBJ_sn2nid(const char *sn) WOLFSSL_LOCAL int wc_OBJ_sn2nid(const char *sn)
{ {
static const struct { const struct {
const char *sn; const char *sn;
int nid; int nid;
} sn2nid[] = { } sn2nid[] = {
@@ -11867,7 +11867,7 @@ static int SetExtensionsHeader(byte* out, word32 outSz, int extSz)
/* encode CA basic constraint true, return total bytes written */ /* encode CA basic constraint true, return total bytes written */
static int SetCa(byte* out, word32 outSz) static int SetCa(byte* out, word32 outSz)
{ {
static const byte ca[] = { 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, const byte ca[] = { 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04,
0x05, 0x30, 0x03, 0x01, 0x01, 0xff }; 0x05, 0x30, 0x03, 0x01, 0x01, 0xff };
if (out == NULL) if (out == NULL)
@@ -11916,7 +11916,7 @@ static int SetSKID(byte* output, word32 outSz, const byte *input, word32 length)
byte skid_len[1 + MAX_LENGTH_SZ]; byte skid_len[1 + MAX_LENGTH_SZ];
byte skid_enc_len[MAX_LENGTH_SZ]; byte skid_enc_len[MAX_LENGTH_SZ];
int idx = 0, skid_lenSz, skid_enc_lenSz; int idx = 0, skid_lenSz, skid_enc_lenSz;
static const byte skid_oid[] = { 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04 }; const byte skid_oid[] = { 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04 };
if (output == NULL || input == NULL) if (output == NULL || input == NULL)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
@@ -11962,8 +11962,8 @@ static int SetAKID(byte* output, word32 outSz,
{ {
byte *enc_val; byte *enc_val;
int ret, enc_valSz; int ret, enc_valSz;
static const byte akid_oid[] = { 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04 }; const byte akid_oid[] = { 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04 };
static const byte akid_cs[] = { 0x80 }; const byte akid_cs[] = { 0x80 };
(void)heap; (void)heap;
@@ -11995,7 +11995,7 @@ static int SetKeyUsage(byte* output, word32 outSz, word16 input)
{ {
byte ku[5]; byte ku[5];
int idx; int idx;
static const byte keyusage_oid[] = { 0x06, 0x03, 0x55, 0x1d, 0x0f, const byte keyusage_oid[] = { 0x06, 0x03, 0x55, 0x1d, 0x0f,
0x01, 0x01, 0xff, 0x04}; 0x01, 0x01, 0xff, 0x04};
if (output == NULL) if (output == NULL)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
@@ -12023,7 +12023,7 @@ static int SetOjectIdValue(byte* output, word32 outSz, int* idx,
static int SetExtKeyUsage(Cert* cert, byte* output, word32 outSz, byte input) static int SetExtKeyUsage(Cert* cert, byte* output, word32 outSz, byte input)
{ {
int idx = 0, oidListSz = 0, totalSz, ret = 0; int idx = 0, oidListSz = 0, totalSz, ret = 0;
static const byte extkeyusage_oid[] = { 0x06, 0x03, 0x55, 0x1d, 0x25 }; const byte extkeyusage_oid[] = { 0x06, 0x03, 0x55, 0x1d, 0x25 };
if (output == NULL) if (output == NULL)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
@@ -12115,8 +12115,8 @@ static int SetCertificatePolicies(byte *output,
word32 outSz, i = 0, der_oidSz[MAX_CERTPOL_NB]; word32 outSz, i = 0, der_oidSz[MAX_CERTPOL_NB];
int ret; int ret;
static const byte certpol_oid[] = { 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04 }; const byte certpol_oid[] = { 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04 };
static const byte oid_oid[] = { 0x06 }; const byte oid_oid[] = { 0x06 };
if (output == NULL || input == NULL || nb_certpol > MAX_CERTPOL_NB) if (output == NULL || input == NULL || nb_certpol > MAX_CERTPOL_NB)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
@@ -12164,7 +12164,7 @@ static int SetAltNames(byte *output, word32 outSz,
{ {
byte san_len[1 + MAX_LENGTH_SZ]; byte san_len[1 + MAX_LENGTH_SZ];
int idx = 0, san_lenSz; int idx = 0, san_lenSz;
static const byte san_oid[] = { 0x06, 0x03, 0x55, 0x1d, 0x11 }; const byte san_oid[] = { 0x06, 0x03, 0x55, 0x1d, 0x11 };
if (output == NULL || input == NULL) if (output == NULL || input == NULL)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
@@ -12240,7 +12240,7 @@ int FlattenAltNames(byte* output, word32 outputSz, const DNS_entry* names)
#endif /* WOLFSSL_CERT_GEN */ #endif /* WOLFSSL_CERT_GEN */
#endif /* WOLFSL_ALT_NAMES */ #endif /* WOLFSSL_ALT_NAMES */
/* Encodes one attribute of the name (issuer/subject) /* Encodes one attribute of the name (issuer/subject)
* *
@@ -13127,10 +13127,10 @@ int wc_MakeNtruCert(Cert* cert, byte* derBuffer, word32 derSz,
static int SetReqAttrib(byte* output, char* pw, int pwPrintableString, static int SetReqAttrib(byte* output, char* pw, int pwPrintableString,
int extSz) int extSz)
{ {
static const byte cpOid[] = const byte cpOid[] =
{ ASN_OBJECT_ID, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, { ASN_OBJECT_ID, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
0x09, 0x07 }; 0x09, 0x07 };
static const byte erOid[] = const byte erOid[] =
{ ASN_OBJECT_ID, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, { ASN_OBJECT_ID, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
0x09, 0x0e }; 0x09, 0x0e };
@@ -14929,7 +14929,7 @@ int wc_EccPrivateKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key,
#ifdef WOLFSSL_CUSTOM_CURVES #ifdef WOLFSSL_CUSTOM_CURVES
static void ByteToHex(byte n, char* str) static void ByteToHex(byte n, char* str)
{ {
static const char hexChar[] = { '0', '1', '2', '3', '4', '5', '6', '7', const char hexChar[] = { '0', '1', '2', '3', '4', '5', '6', '7',
'8', '9', 'a', 'b', 'c', 'd', 'e', 'f' }; '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' };
str[0] = hexChar[n >> 4]; str[0] = hexChar[n >> 4];
@@ -16116,7 +16116,7 @@ int OcspResponseDecode(OcspResponse* resp, void* cm, void* heap, int noVerify)
word32 EncodeOcspRequestExtensions(OcspRequest* req, byte* output, word32 size) word32 EncodeOcspRequestExtensions(OcspRequest* req, byte* output, word32 size)
{ {
static const byte NonceObjId[] = { 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, const byte NonceObjId[] = { 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07,
0x30, 0x01, 0x02 }; 0x30, 0x01, 0x02 };
byte seqArray[5][MAX_SEQ_SZ]; byte seqArray[5][MAX_SEQ_SZ];
word32 seqSz[5], totalSz = (word32)sizeof(NonceObjId); word32 seqSz[5], totalSz = (word32)sizeof(NonceObjId);

1
wolfssl/ssl.h
View File

@@ -2076,6 +2076,7 @@ WOLFSSL_API int wolfSSL_X509_version(WOLFSSL_X509*);
WOLFSSL_API int wolfSSL_cmp_peer_cert_to_file(WOLFSSL*, const char*); WOLFSSL_API int wolfSSL_cmp_peer_cert_to_file(WOLFSSL*, const char*);
WOLFSSL_ABI WOLFSSL_API char* wolfSSL_X509_get_next_altname(WOLFSSL_X509*); WOLFSSL_ABI WOLFSSL_API char* wolfSSL_X509_get_next_altname(WOLFSSL_X509*);
WOLFSSL_API int wolfSSL_X509_add_altname(WOLFSSL_X509*, const char*, int);
WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509(WOLFSSL_X509** x509, WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509(WOLFSSL_X509** x509,
const unsigned char** in, int len); const unsigned char** in, int len);