wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-03 12:44:45 +02:00
Code Issues Packages Projects Releases Wiki Activity

Obj_obj2nid

Browse Source
This commit is contained in:
Go Hosohara
2018-07-11 17:09:38 +09:00
parent 19c1a3a3f9
commit fd01659baa
7 changed files with 162 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
src/ssl.c
View File

@@ -30198,17 +30198,12 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
objSz += oidSz;
obj->objSz = objSz;
if(arg_obj == NULL) { /* Dynamic NAME_ENTRY */
obj->obj = (byte*)XMALLOC(obj->objSz, NULL, DYNAMIC_TYPE_ASN1);
if ((obj->obj == NULL) && arg_obj == NULL) {
wolfSSL_ASN1_OBJECT_free(obj);
return NULL;
}
XMEMCPY(obj->obj, objBuf, obj->objSz);
} else {/* static NAME_ENTR is for just type and grp */
obj->obj = NULL;
obj->type = id;
obj->obj = (byte*)XMALLOC(obj->objSz, NULL, DYNAMIC_TYPE_ASN1);
if ((obj->obj == NULL) && arg_obj == NULL) {
wolfSSL_ASN1_OBJECT_free(obj);
return NULL;
}
XMEMCPY(obj->obj, objBuf, obj->objSz);
(void)type;
@@ -30554,24 +30549,14 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
return NULL;
}
int wolfSSL_OBJ_sn2nid(const char *sn) {
int i;
WOLFSSL_ENTER("wolfSSL_OBJ_osn2nid");
/* Nginx uses this OpenSSL string. */
if (XSTRNCMP(sn, "prime256v1", 10) == 0)
sn = "SECP256R1";
if (XSTRNCMP(sn, "secp384r1", 10) == 0)
sn = "SECP384R1";
/* find based on name and return NID */
for (i = 0; i < ecc_sets[i].size; i++) {
if (XSTRNCMP(sn, ecc_sets[i].name, ECC_MAXNAME) == 0) {
return ecc_sets[i].id;
}
}
return -1;
}
#endif /* HAVE_ECC */
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
int wolfSSL_OBJ_sn2nid(const char *sn) {
WOLFSSL_ENTER("wolfSSL_OBJ_sn2nid");
return OBJ_sn2nid(sn);
}
#endif
/* Gets the NID value that corresponds with the ASN1 object.
*
@@ -30589,6 +30574,8 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
if (o == NULL) {
return -1;
}
if (o->nid > 0)
return o->nid;
if ((id = GetObjectId(o->obj, &idx, &oid, o->grp, o->objSz)) < 0) {
WOLFSSL_MSG("Issue getting OID of object");
return -1;
@@ -30910,6 +30897,7 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
WOLFSSL_ENTER("wolfSSL_X509_NAME_ENTRY_get_object");
if (ne == NULL) return NULL;
wolfSSL_OBJ_nid2obj_ex(ne->nid, &ne->object);
ne->object.nid = ne->nid;
return &ne->object;
}
@@ -30927,38 +30915,47 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
case 1:
name->cnEntry.value->length = name->fullName.cLen;
name->cnEntry.value->data = &name->fullName.fullName[name->fullName.cIdx];
name->cnEntry.nid = name->fullName.cNid;
break;
case 2:
name->cnEntry.value->length = name->fullName.lLen;
name->cnEntry.value->data = &name->fullName.fullName[name->fullName.lIdx];
name->cnEntry.nid = name->fullName.lNid;
break;
case 3:
name->cnEntry.value->length = name->fullName.stLen;
name->cnEntry.value->data = &name->fullName.fullName[name->fullName.stIdx];
name->cnEntry.nid = name->fullName.stNid;
break;
case 4:
name->cnEntry.value->length = name->fullName.oLen;
name->cnEntry.value->data = &name->fullName.fullName[name->fullName.oIdx];
name->cnEntry.nid = name->fullName.oNid;
break;
case 5:
name->cnEntry.value->length = name->fullName.ouLen;
name->cnEntry.value->data = &name->fullName.fullName[name->fullName.ouIdx];
name->cnEntry.nid = name->fullName.ouNid;
break;
case 6:
name->cnEntry.value->length = name->fullName.emailLen;
name->cnEntry.value->data = &name->fullName.fullName[name->fullName.emailIdx];
name->cnEntry.nid = name->fullName.emailNid;
break;
case 7:
name->cnEntry.value->length = name->fullName.snLen;
name->cnEntry.value->data = &name->fullName.fullName[name->fullName.snIdx];
name->cnEntry.nid = name->fullName.snNid;
break;
case 8:
name->cnEntry.value->length = name->fullName.uidLen;
name->cnEntry.value->data = &name->fullName.fullName[name->fullName.uidIdx];
name->cnEntry.nid = name->fullName.uidNid;
break;
case 9:
name->cnEntry.value->length = name->fullName.serialLen;
name->cnEntry.value->data = &name->fullName.fullName[name->fullName.serialIdx];
name->cnEntry.nid = name->fullName.serialNid;
break;
default:
return NULL;
@@ -30986,6 +30983,11 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
return NULL;
}
if ((loc >= 0) && (loc < name->fullName.entryCount)){
if (get_nameByLoc(name, loc) != NULL)
return &name->cnEntry;
}
/* DC component */
if (name->fullName.dcMode){
if (name->fullName.fullName != NULL){
@@ -31012,12 +31014,6 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
name->cnEntry.set = 1;
}
if((loc >= 0) && (loc < name->fullName.entryCount)){
if(get_nameByLoc(name, loc) == NULL)
return NULL;
}
wolfSSL_OBJ_nid2obj_ex(name->cnEntry.nid, &name->cnEntry.object);
return &name->cnEntry;
}

68
tests/api.c
View File

@@ -18499,10 +18499,33 @@ static void test_wolfSSL_HMAC(void)
static void test_wolfSSL_OBJ(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_SHA256)
ASN1_OBJECT* obj = NULL;
#if defined(OPENSSL_EXTRA) && !defined(NO_SHA256)
ASN1_OBJECT *obj = NULL;
char buf[50];
XFILE fp;
X509 *x509 = NULL;
X509_NAME *x509Name;
X509_NAME_ENTRY *x509NameEntry;
ASN1_OBJECT *asn1Name;
int numNames;
BIO *bio = NULL;
int nid;
int i, j;
const char *f[] = {
"./certs/ca-cert.der",
"./certs/ca-ecc-cert.der",
"./certs/ca-ecc384-cert.der",
NULL};
#ifndef NO_DES3
PKCS12 *p12;
int boolRet;
EVP_PKEY *pkey = NULL;
const char *p12_f[] = {
"./certs/test-servercert.p12",
NULL};
#endif /* !NO_DES3 */
printf(testingFmt, "wolfSSL_OBJ()");
AssertIntEQ(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1), SSL_FAILURE);
@@ -18518,10 +18541,45 @@ static void test_wolfSSL_OBJ(void)
AssertIntGT(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 0), 0);
ASN1_OBJECT_free(obj);
printf(resultFmt, passed);
#endif
}
for (i = 0; f[i] != NULL; i++)
{
AssertTrue((fp = XFOPEN(f[i], "r")) != XBADFILE);
AssertNotNull(x509 = d2i_X509_fp(fp, NULL));
AssertNotNull(x509Name = X509_get_issuer_name(x509));
AssertIntNE((numNames = X509_NAME_entry_count(x509Name)), 0);
AssertTrue((bio = BIO_new(BIO_s_mem())) != NULL);
for (j = 0; j < numNames; j++)
{
AssertNotNull(x509NameEntry = X509_NAME_get_entry(x509Name, j));
AssertNotNull(asn1Name = X509_NAME_ENTRY_get_object(x509NameEntry));
AssertTrue((nid = OBJ_obj2nid(asn1Name)) > 0);
printf("nid=%d\n", nid);
}
}
#ifndef NO_DES3
for (i = 0; p12_f[i] != NULL; i++)
{
AssertTrue((fp = XFOPEN(p12_f[i], "r")) != XBADFILE);
AssertNotNull(p12 = d2i_PKCS12_fp(fp, NULL));
AssertTrue((boolRet = PKCS12_parse(p12, "wolfSSL test", &pkey, &x509, NULL)) > 0);
AssertNotNull((x509Name = X509_get_issuer_name(x509)) != NULL);
AssertIntNE((numNames = X509_NAME_entry_count(x509Name)), 0);
AssertTrue((bio = BIO_new(BIO_s_mem())) != NULL);
for (j = 0; j < numNames; j++)
{
AssertNotNull(x509NameEntry = X509_NAME_get_entry(x509Name, j));
AssertNotNull(asn1Name = X509_NAME_ENTRY_get_object(x509NameEntry));
AssertTrue((nid = OBJ_obj2nid(asn1Name)) > 0);
printf("nid=%d\n", nid);
}
}
#endif /* !NO_DES3 */
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_NAME_ENTRY(void)
{

55
wolfcrypt/src/asn.c
View File

@@ -104,6 +104,10 @@ ASN Options:
#include <wolfssl/wolfcrypt/rsa.h>
#endif
#ifdef OPENSSL_EXTRA
#include <wolfssl/openssl/ssl.h> /* for OBJ_sn2nid */
#endif
#ifdef WOLFSSL_DEBUG_ENCODING
#if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
#if MQX_USE_IO_OLD
@@ -4076,6 +4080,47 @@ static int GetKey(DecodedCert* cert)
}
}
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
WOLFSSL_LOCAL int OBJ_sn2nid(const char *sn)
{
static const struct {
const char *sn;
int nid;
} sn2nid[] = {
{WOLFSSL_COMMON_NAME, NID_commonName},
{WOLFSSL_COUNTRY_NAME, NID_countryName},
{WOLFSSL_LOCALITY_NAME, NID_localityName},
{"/ST", NID_stateOrProvinceName},
{WOLFSSL_ORG_NAME, NID_organizationName},
{WOLFSSL_ORGUNIT_NAME, NID_organizationalUnitName},
{"/emailAddress", NID_emailAddress},
{NULL, -1}};
int i;
WOLFSSL_ENTER("OBJ_osn2nid");
/* Nginx uses this OpenSSL string. */
if (XSTRNCMP(sn, "prime256v1", 10) == 0)
sn = "SECP256R1";
if (XSTRNCMP(sn, "secp384r1", 10) == 0)
sn = "SECP384R1";
/* find based on name and return NID */
for (i = 0; i < ecc_sets[i].size; i++) {
if (XSTRNCMP(sn, ecc_sets[i].name, ECC_MAXNAME) == 0) {
return ecc_sets[i].id;
}
}
for(i=0; sn2nid[i].sn != NULL; i++) {
if(XSTRNCMP(sn, sn2nid[i].sn, XSTRLEN(sn2nid[i].sn)) == 0) {
return sn2nid[i].nid;
}
}
return NID_undef;
}
#endif
/* process NAME, either issuer or subject */
static int GetName(DecodedCert* cert, int nameType)
{
@@ -4556,6 +4601,7 @@ static int GetName(DecodedCert* cert, int nameType)
if (dName->cnLen != 0) {
dName->entryCount++;
XMEMCPY(&dName->fullName[idx], WOLFSSL_COMMON_NAME, 4);
dName->cnNid = OBJ_sn2nid((const char *)WOLFSSL_COMMON_NAME);
idx += 4;
XMEMCPY(&dName->fullName[idx],
&cert->source[dName->cnIdx], dName->cnLen);
@@ -4565,6 +4611,7 @@ static int GetName(DecodedCert* cert, int nameType)
if (dName->snLen != 0) {
dName->entryCount++;
XMEMCPY(&dName->fullName[idx], WOLFSSL_SUR_NAME, 4);
dName->snNid = OBJ_sn2nid((const char *)WOLFSSL_SUR_NAME);
idx += 4;
XMEMCPY(&dName->fullName[idx],
&cert->source[dName->snIdx], dName->snLen);
@@ -4574,6 +4621,7 @@ static int GetName(DecodedCert* cert, int nameType)
if (dName->cLen != 0) {
dName->entryCount++;
XMEMCPY(&dName->fullName[idx], WOLFSSL_COUNTRY_NAME, 3);
dName->cNid = OBJ_sn2nid((const char *)WOLFSSL_COUNTRY_NAME);
idx += 3;
XMEMCPY(&dName->fullName[idx],
&cert->source[dName->cIdx], dName->cLen);
@@ -4583,6 +4631,7 @@ static int GetName(DecodedCert* cert, int nameType)
if (dName->lLen != 0) {
dName->entryCount++;
XMEMCPY(&dName->fullName[idx], WOLFSSL_LOCALITY_NAME, 3);
dName->lNid = OBJ_sn2nid((const char *)WOLFSSL_LOCALITY_NAME);
idx += 3;
XMEMCPY(&dName->fullName[idx],
&cert->source[dName->lIdx], dName->lLen);
@@ -4592,6 +4641,7 @@ static int GetName(DecodedCert* cert, int nameType)
if (dName->stLen != 0) {
dName->entryCount++;
XMEMCPY(&dName->fullName[idx], WOLFSSL_STATE_NAME, 4);
dName->stNid = OBJ_sn2nid((const char *)WOLFSSL_STATE_NAME);
idx += 4;
XMEMCPY(&dName->fullName[idx],
&cert->source[dName->stIdx], dName->stLen);
@@ -4601,6 +4651,7 @@ static int GetName(DecodedCert* cert, int nameType)
if (dName->oLen != 0) {
dName->entryCount++;
XMEMCPY(&dName->fullName[idx], WOLFSSL_ORG_NAME, 3);
dName->oNid = OBJ_sn2nid((const char *)WOLFSSL_ORG_NAME);
idx += 3;
XMEMCPY(&dName->fullName[idx],
&cert->source[dName->oIdx], dName->oLen);
@@ -4610,6 +4661,7 @@ static int GetName(DecodedCert* cert, int nameType)
if (dName->ouLen != 0) {
dName->entryCount++;
XMEMCPY(&dName->fullName[idx], WOLFSSL_ORGUNIT_NAME, 4);
dName->ouNid = OBJ_sn2nid((const char *)WOLFSSL_ORGUNIT_NAME);
idx += 4;
XMEMCPY(&dName->fullName[idx],
&cert->source[dName->ouIdx], dName->ouLen);
@@ -4619,6 +4671,7 @@ static int GetName(DecodedCert* cert, int nameType)
if (dName->emailLen != 0) {
dName->entryCount++;
XMEMCPY(&dName->fullName[idx], "/emailAddress=", 14);
dName->emailNid = OBJ_sn2nid((const char *)"/emailAddress=");
idx += 14;
XMEMCPY(&dName->fullName[idx],
&cert->source[dName->emailIdx], dName->emailLen);
@@ -4639,6 +4692,7 @@ static int GetName(DecodedCert* cert, int nameType)
if (dName->uidLen != 0) {
dName->entryCount++;
XMEMCPY(&dName->fullName[idx], "/UID=", 5);
dName->uidNid = OBJ_sn2nid((const char *)"/UID=");
idx += 5;
XMEMCPY(&dName->fullName[idx],
&cert->source[dName->uidIdx], dName->uidLen);
@@ -4648,6 +4702,7 @@ static int GetName(DecodedCert* cert, int nameType)
if (dName->serialLen != 0) {
dName->entryCount++;
XMEMCPY(&dName->fullName[idx], WOLFSSL_SERIAL_NUMBER, 14);
dName->serialNid = OBJ_sn2nid((const char *)WOLFSSL_SERIAL_NUMBER);
idx += 14;
XMEMCPY(&dName->fullName[idx],
&cert->source[dName->serialIdx], dName->serialLen);

2
wolfssl/openssl/ssl.h
View File

@@ -854,7 +854,7 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING;
#define NID_stateOrProvinceName 0x08 /* ST */
#define NID_organizationName 0x0a /* O */
#define NID_organizationalUnitName 0x0b /* OU */
#define NID_emailAddress 0x30 /* emailAddress */
#define SSL_CTX_set_msg_callback wolfSSL_CTX_set_msg_callback
#define SSL_set_msg_callback wolfSSL_set_msg_callback

1
wolfssl/ssl.h
View File

@@ -217,6 +217,7 @@ struct WOLFSSL_ASN1_OBJECT {
char sName[WOLFSSL_MAX_SNAME];
int type; /* oid */
int grp; /* type of OID, i.e. oidCertPolicyType */
int nid;
unsigned int objSz;
unsigned char dynamic; /* if 1 then obj was dynamiclly created, 0 otherwise */
struct d { /* derefrenced */

11
wolfssl/wolfcrypt/asn.h
View File

@@ -480,16 +480,22 @@ struct DecodedName {
int entryCount;
int cnIdx;
int cnLen;
int cnNid;
int snIdx;
int snLen;
int snNid;
int cIdx;
int cLen;
int cNid;
int lIdx;
int lLen;
int lNid;
int stIdx;
int stLen;
int stNid;
int oIdx;
int oLen;
int oNid;
int ouIdx;
int ouLen;
#ifdef WOLFSSL_CERT_EXT
@@ -500,12 +506,16 @@ struct DecodedName {
int jsIdx;
int jsLen;
#endif
int ouNid;
int emailIdx;
int emailLen;
int emailNid;
int uidIdx;
int uidLen;
int uidNid;
int serialIdx;
int serialLen;
int serialNid;
int dcIdx[DOMAIN_COMPONENT_MAX];
int dcLen[DOMAIN_COMPONENT_MAX];
int dcNum;
@@ -898,6 +908,7 @@ WOLFSSL_LOCAL int GetTimeString(byte* date, int format, char* buf, int len);
WOLFSSL_LOCAL int ExtractDate(const unsigned char* date, unsigned char format,
wolfssl_tm* certTime, int* idx);
WOLFSSL_LOCAL int ValidateDate(const byte* date, byte format, int dateType);
WOLFSSL_LOCAL int OBJ_sn2nid(const char *sn);
/* ASN.1 helper functions */
#ifdef WOLFSSL_CERT_GEN

5
wolfssl/wolfcrypt/memory.h
View File

@@ -105,9 +105,8 @@ WOLFSSL_API int wolfSSL_GetAllocators(wolfSSL_Malloc_cb*,
/* certificate extensions requires 24k for the SSL struct */
#define WOLFMEM_BUCKETS 64,128,256,512,1024,2432,3456,4544,24576
#else
/* having session certs enabled makes a 21k SSL struct */
#define WOLFMEM_BUCKETS 64,128,256,512,1024,2432,3456,4544,21920
/* #define WOLFMEM_BUCKETS 64,128,256,512,1024,2432,3456,4544,23088 */
/* increase 23k for object member of WOLFSSL_X509_NAME_ENTRY */
#define WOLFMEM_BUCKETS 64,128,256,512,1024,2432,3456,4544,23088
#endif
#endif
#ifndef WOLFMEM_DIST