wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 10:47:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

add UPN other name parsing and updating skip

Browse Source
This commit is contained in:
Jacob Barthelmeh
2022-06-09 21:32:55 -06:00
parent 86023378f8
commit ba20f54b5b
4 changed files with 124 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
certs/fpki-cert.der
View File

Binary file not shown.

3
certs/renewcerts/wolfssl.cnf
View File

@ -351,7 +351,8 @@ policyConstraints = requireExplicitPolicy:0
# using example UUID from RFC4122 # using example UUID from RFC4122
[FASC_UUID_altname] [FASC_UUID_altname]
otherName = 2.16.840.1.101.3.6.6;FORMAT:HEX,OCT:D1:38:10:D8:28:AF:2C:10:84:35:15:A1:68:58:28:AF:02:10:86:A2:84:E7:39:C3:EB otherName.1 = 1.3.6.1.4.1.311.20.2.3;UTF8:facts@wolfssl.com
otherName.2 = 2.16.840.1.101.3.6.6;FORMAT:HEX,OCT:D1:38:10:D8:28:AF:2C:10:84:35:15:A1:68:58:28:AF:02:10:86:A2:84:E7:39:C3:EB
URI = urn:uuid:f81d4fae-7dec-11d0-a765-00a0c91e6bf6 URI = urn:uuid:f81d4fae-7dec-11d0-a765-00a0c91e6bf6
[SubjDirAttr] [SubjDirAttr]

170
wolfcrypt/src/asn.c
View File

@ -14597,6 +14597,7 @@ static void AddAltName(DecodedCert* cert, DNS_entry* dnsEntry)
static const ASNItem otherNameASN[] = { static const ASNItem otherNameASN[] = {
/* TYPEID */ { 0, ASN_OBJECT_ID, 0, 0, 0 }, /* TYPEID */ { 0, ASN_OBJECT_ID, 0, 0, 0 },
/* VALUE */ { 0, ASN_CONTEXT_SPECIFIC | ASN_OTHERNAME_VALUE, 1, 1, 0 }, /* VALUE */ { 0, ASN_CONTEXT_SPECIFIC | ASN_OTHERNAME_VALUE, 1, 1, 0 },
/* UPN */ { 1, ASN_UTF8STRING, 0, 0, 2 },
/* FASC-N */ { 1, ASN_OCTET_STRING, 0, 0, 2 }, /* FASC-N */ { 1, ASN_OCTET_STRING, 0, 0, 2 },
/* HWN_SEQ */ { 1, ASN_SEQUENCE, 1, 0, 2 }, /* HWN_SEQ */ { 1, ASN_SEQUENCE, 1, 0, 2 },
/* HWN_TYPE */ { 2, ASN_OBJECT_ID, 0, 0, 0 }, /* HWN_TYPE */ { 2, ASN_OBJECT_ID, 0, 0, 0 },
@ -14605,6 +14606,7 @@ static const ASNItem otherNameASN[] = {
enum { enum {
OTHERNAMEASN_IDX_TYPEID = 0, OTHERNAMEASN_IDX_TYPEID = 0,
OTHERNAMEASN_IDX_VALUE, OTHERNAMEASN_IDX_VALUE,
OTHERNAMEASN_IDX_UPN,
OTHERNAMEASN_IDX_FASCN, OTHERNAMEASN_IDX_FASCN,
OTHERNAMEASN_IDX_HWN_SEQ, OTHERNAMEASN_IDX_HWN_SEQ,
OTHERNAMEASN_IDX_HWN_TYPE, OTHERNAMEASN_IDX_HWN_TYPE,
@ -14656,22 +14658,29 @@ static int DecodeSEP(ASNGetData* dataASN, DecodedCert* cert)
#endif /* WOLFSSL_SEP */ #endif /* WOLFSSL_SEP */
#ifdef WOLFSSL_FPKI #ifdef WOLFSSL_FPKI
static int DecodeFASCN(ASNGetData* dataASN, DecodedCert* cert) static int DecodeOtherHelper(ASNGetData* dataASN, DecodedCert* cert, int oid)
{ {
int ret;
word32 fascnLen;
DNS_entry* entry = NULL; DNS_entry* entry = NULL;
int ret;
word32 bufLen;
const char* buf;
fascnLen = dataASN[OTHERNAMEASN_IDX_FASCN].data.ref.length; switch (oid) {
ret = SetDNSEntry(cert, case FASCN_OID:
(const char*)dataASN[OTHERNAMEASN_IDX_FASCN].data.ref.data, bufLen = dataASN[OTHERNAMEASN_IDX_FASCN].data.ref.length;
fascnLen, ASN_OTHER_TYPE, &entry); buf = (const char*)dataASN[OTHERNAMEASN_IDX_FASCN].data.ref.data;
break;
if (ret == 0) { case UPN_OID:
entry->oidSum = FASCN_OID; bufLen = dataASN[OTHERNAMEASN_IDX_UPN].data.ref.length;
AddDNSEntryToList(&cert->altNames, entry); buf = (const char*)dataASN[OTHERNAMEASN_IDX_UPN].data.ref.data;
break;
} }
ret = SetDNSEntry(cert, buf, bufLen, ASN_OTHER_TYPE, &entry);
if (ret == 0) {
entry->oidSum = oid;
AddDNSEntryToList(&cert->altNames, entry);
}
return ret; return ret;
} }
#endif /* WOLFSSL_FPKI */ #endif /* WOLFSSL_FPKI */
@ -14718,7 +14727,9 @@ static int DecodeOtherName(DecodedCert* cert, const byte* input,
#endif /* WOLFSSL_SEP */ #endif /* WOLFSSL_SEP */
#ifdef WOLFSSL_FPKI #ifdef WOLFSSL_FPKI
case FASCN_OID: case FASCN_OID:
ret = DecodeFASCN(dataASN, cert); case UPN_OID:
ret = DecodeOtherHelper(dataASN, cert,
dataASN[OTHERNAMEASN_IDX_TYPEID].data.oid.sum);
break; break;
#endif /* WOLFSSL_FPKI */ #endif /* WOLFSSL_FPKI */
default: default:
@ -14962,54 +14973,101 @@ static int DecodeSepHwAltName(DecodedCert* cert, const byte* input,
} }
#endif /* WOLFSSL_SEP */ #endif /* WOLFSSL_SEP */
#if defined(WOLFSSL_FPKI) && !defined(WOLFSSL_ASN_TEMPLATE) #if !defined(WOLFSSL_ASN_TEMPLATE)
/* return 0 on success */ /* return 0 on success */
static int DecodeFascNAltName(DecodedCert* cert, const byte* input, word32* idx, static int DecodeConstructedOtherName(DecodedCert* cert, const byte* input,
int sz) word32* idx, int sz, int oid)
{ {
int ret; int ret = 0;
int strLen; int strLen;
DNS_entry* dnsEntry;
byte tag; byte tag;
DNS_entry* dnsEntry = NULL;
if (GetASNTag(input, idx, &tag, sz) < 0) { if (GetASNTag(input, idx, &tag, sz) < 0) {
return ASN_PARSE_E; ret = ASN_PARSE_E;
} }
if (tag != (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED)) { if (ret == 0 && (tag != (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED))) {
return ASN_PARSE_E; ret = ASN_PARSE_E;
} }
if (GetLength(input, idx, &strLen, sz) < 0) if (ret == 0 && (GetLength(input, idx, &strLen, sz) < 0)) {
return ASN_PARSE_E; ret = ASN_PARSE_E;
ret = GetOctetString(input, idx, &strLen, sz);
if (ret < 0)
return ret;
dnsEntry = AltNameNew(cert->heap);
if (dnsEntry == NULL) {
WOLFSSL_MSG("\tOut of Memory");
return MEMORY_E;
} }
dnsEntry->type = ASN_OTHER_TYPE; if (ret == 0) {
dnsEntry->name = (char*)XMALLOC(strLen + 1, cert->heap, dnsEntry = AltNameNew(cert->heap);
DYNAMIC_TYPE_ALTNAME); if (dnsEntry == NULL) {
if (dnsEntry->name == NULL) { WOLFSSL_MSG("\tOut of Memory");
WOLFSSL_MSG("\tOut of Memory"); return MEMORY_E;
}
}
if (ret == 0) {
switch (oid) {
#ifdef WOLFSSL_FPKI
case FASCN_OID:
ret = GetOctetString(input, idx, &strLen, sz);
if (ret > 0) {
ret = 0;
}
break;
#endif /* WOLFSSL_FPKI */
case UPN_OID:
if (GetASNTag(input, idx, &tag, sz) < 0) {
ret = ASN_PARSE_E;
}
if (ret == 0 &&
tag != ASN_PRINTABLE_STRING && tag != ASN_UTF8STRING &&
tag != ASN_IA5_STRING) {
WOLFSSL_MSG("Was expecting a string for UPN");
ret = ASN_PARSE_E;
}
if (ret == 0 && (GetLength(input, idx, &strLen, sz) < 0)) {
WOLFSSL_MSG("Was expecting a string for UPN");
ret = ASN_PARSE_E;
}
break;
default:
WOLFSSL_MSG("Unknown constructed other name, skipping");
*idx += strLen;
XFREE(dnsEntry, cert->heap, DYNAMIC_TYPE_ALTNAME);
dnsEntry = NULL;
}
}
if (ret == 0 && dnsEntry != NULL) {
dnsEntry->type = ASN_OTHER_TYPE;
dnsEntry->len = strLen;
dnsEntry->name = (char*)XMALLOC(strLen + 1, cert->heap,
DYNAMIC_TYPE_ALTNAME);
#ifdef WOLFSSL_FPKI
dnsEntry->oidSum = oid;
#endif /* WOLFSSL_FPKI */
if (dnsEntry->name == NULL) {
WOLFSSL_MSG("\tOut of Memory");
ret = MEMORY_E;
}
else {
XMEMCPY(dnsEntry->name, &input[*idx], strLen);
dnsEntry->name[strLen] = '\0';
AddAltName(cert, dnsEntry);
}
}
if (ret == 0) {
*idx += strLen;
}
else {
XFREE(dnsEntry, cert->heap, DYNAMIC_TYPE_ALTNAME); XFREE(dnsEntry, cert->heap, DYNAMIC_TYPE_ALTNAME);
return MEMORY_E;
} }
dnsEntry->len = strLen;
XMEMCPY(dnsEntry->name, &input[*idx], strLen); return ret;
dnsEntry->name[strLen] = '\0';
dnsEntry->oidSum = FASCN_OID;
AddAltName(cert, dnsEntry);
*idx += strLen;
return 0;
} }
#endif /* WOLFSSL_FPKI */ #endif
/* Decode subject alternative names extension. /* Decode subject alternative names extension.
* *
@ -15316,7 +15374,9 @@ static int DecodeAltNames(const byte* input, int sz, DecodedCert* cert)
#endif /* WOLFSSL_SEP */ #endif /* WOLFSSL_SEP */
#ifdef WOLFSSL_FPKI #ifdef WOLFSSL_FPKI
case FASCN_OID: case FASCN_OID:
ret = DecodeFascNAltName(cert, input, &idx, sz); case UPN_OID:
ret = DecodeConstructedOtherName(cert, input, &idx, sz,
oid);
if (ret != 0) if (ret != 0)
return ret; return ret;
break; break;
@ -15325,11 +15385,21 @@ static int DecodeAltNames(const byte* input, int sz, DecodedCert* cert)
default: default:
WOLFSSL_MSG("\tUnsupported other name type, skipping"); WOLFSSL_MSG("\tUnsupported other name type, skipping");
if (GetLength(input, &idx, &strLen, sz) < 0) { if (GetLength(input, &idx, &strLen, sz) < 0) {
WOLFSSL_MSG("\tfail: unsupported other name length"); /* check to skip constructed other names too */
return ASN_PARSE_E; if (DecodeConstructedOtherName(cert, input, &idx, sz,
oid) != 0) {
WOLFSSL_MSG("\tfail: unsupported other name length");
return ASN_PARSE_E;
}
else {
/* idx will have been advanced to end of alt name */
length -= (idx - lenStartIdx);
}
}
else {
length -= (strLen + idx - lenStartIdx);
idx += strLen;
} }
length -= (strLen + idx - lenStartIdx);
idx += strLen;
} }
(void)ret; (void)ret;
} }

3
wolfssl/wolfcrypt/asn.h
View File

@ -1145,7 +1145,8 @@ enum Extensions_Sum {
AKEY_PACKAGE_OID = 1048, /* 2.16.840.1.101.2.1.2.78.5 AKEY_PACKAGE_OID = 1048, /* 2.16.840.1.101.2.1.2.78.5
RFC 5958 - Asymmetric Key Packages */ RFC 5958 - Asymmetric Key Packages */
FASCN_OID = 419 /* 2.16.840.1.101.3.6.6 Federal PKI Policy FASC-N */ FASCN_OID = 419, /* 2.16.840.1.101.3.6.6 Federal PKI Policy FASC-N */
UPN_OID = 265 /* 1.3.6.1.4.1.311.20.2.3 UPN */
}; };
enum CertificatePolicy_Sum { enum CertificatePolicy_Sum {