WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Handle registeredID correctly

pull/6525/head
Lealem Amedie 2023-06-22 11:04:03 -06:00
parent 90f5665318
commit fdc95f9ba6
4 changed files with 79 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
configure.ac
View File

@ -7815,6 +7815,9 @@ then
# Uses alt name # Uses alt name
ENABLED_ALTNAMES="yes" ENABLED_ALTNAMES="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_OID_ENCODING -DWOLFSSL_NO_ASN_STRICT"
fi fi
if test "$ENABLED_STRONGSWAN" = "yes"; then if test "$ENABLED_STRONGSWAN" = "yes"; then

2
src/x509.c
View File

@ -5797,7 +5797,7 @@ static int X509PrintSubjAltName(WOLFSSL_BIO* bio, WOLFSSL_X509* x509,
} }
else if (entry->type == ASN_RID_TYPE) { else if (entry->type == ASN_RID_TYPE) {
len = XSNPRINTF(scratch, MAX_WIDTH, "Registered ID:%s", len = XSNPRINTF(scratch, MAX_WIDTH, "Registered ID:%s",
entry->name); entry->ridString);
if (len >= MAX_WIDTH) { if (len >= MAX_WIDTH) {
ret = WOLFSSL_FAILURE; ret = WOLFSSL_FAILURE;
break; break;

70
wolfcrypt/src/asn.c
View File

@ -11159,6 +11159,9 @@ void FreeAltNames(DNS_entry* altNames, void* heap)
XFREE(altNames->name, heap, DYNAMIC_TYPE_ALTNAME); XFREE(altNames->name, heap, DYNAMIC_TYPE_ALTNAME);
#if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME) #if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
XFREE(altNames->ipString, heap, DYNAMIC_TYPE_ALTNAME); XFREE(altNames->ipString, heap, DYNAMIC_TYPE_ALTNAME);
#endif
#if defined(OPENSSL_ALL)
XFREE(altNames->ridString, heap, DYNAMIC_TYPE_ALTNAME);
#endif #endif
XFREE(altNames, heap, DYNAMIC_TYPE_ALTNAME); XFREE(altNames, heap, DYNAMIC_TYPE_ALTNAME);
altNames = tmp; altNames = tmp;
@ -12337,6 +12340,66 @@ static int GenerateDNSEntryIPString(DNS_entry* entry, void* heap)
} }
#endif /* OPENSSL_ALL || WOLFSSL_IP_ALT_NAME */ #endif /* OPENSSL_ALL || WOLFSSL_IP_ALT_NAME */
#if defined(OPENSSL_ALL)
/* used to set the human readable string for the registeredID with an
* ASN_RID_TYPE DNS entry
* return 0 on success
*/
static int GenerateDNSEntryRIDString(DNS_entry* entry, void* heap)
{
int i, j, ret = 0;
int nameSz;
int tmpSize = MAX_OID_SZ;
word16 tmpName[MAX_OID_SZ];
char* rid;
char dottedName[MAX_OID_SZ] = {0};
if (entry == NULL || entry->type != ASN_RID_TYPE) {
return BAD_FUNC_ARG;
}
if (entry->len <= 0) {
return BAD_FUNC_ARG;
}
rid = entry->name;
/* Decode OBJECT_ID into dotted form array. */
ret = DecodeObjectId((const byte*)(rid),(word32)entry->len, tmpName,
(word32*)&tmpSize);
if (ret == 0) {
j = 0;
/* Append each number of dotted form. */
for (i = 0; i < tmpSize; i++) {
ret = XSNPRINTF(dottedName + j, MAX_OID_SZ, "%d", tmpName[i]);
if (ret >= 0) {
j += ret;
if (i < tmpSize - 1) {
dottedName[j] = '.';
j++;
}
}
else {
return BUFFER_E;
}
}
ret = 0;
}
if (ret == 0) {
nameSz = (int)XSTRLEN((const char*)dottedName);
entry->ridString = (char*)XMALLOC(nameSz + 1, heap, DYNAMIC_TYPE_ALTNAME);
if (entry->ridString == NULL) {
ret = MEMORY_E;
}
XMEMCPY(entry->ridString, dottedName, nameSz);
entry->ridString[nameSz] = '\0';
}
return ret;
}
#endif /* OPENSSL_ALL */
#ifdef WOLFSSL_ASN_TEMPLATE #ifdef WOLFSSL_ASN_TEMPLATE
#if defined(WOLFSSL_CERT_GEN) || !defined(NO_CERTS) #if defined(WOLFSSL_CERT_GEN) || !defined(NO_CERTS)
@ -12423,6 +12486,13 @@ static int SetDNSEntry(DecodedCert* cert, const char* str, int strLen,
XFREE(dnsEntry, cert->heap, DYNAMIC_TYPE_ALTNAME); XFREE(dnsEntry, cert->heap, DYNAMIC_TYPE_ALTNAME);
} }
} }
/* store registeredID as a string */
else if (type == ASN_RID_TYPE) {
if ((ret = GenerateDNSEntryRIDString(dnsEntry, cert->heap)) != 0) {
XFREE(dnsEntry->name, cert->heap, DYNAMIC_TYPE_ALTNAME);
XFREE(dnsEntry, cert->heap, DYNAMIC_TYPE_ALTNAME);
}
}
} }
if (ret == 0) { if (ret == 0) {
#endif #endif

6
wolfssl/wolfcrypt/asn.h
View File

@ -1360,6 +1360,10 @@ struct DNS_entry {
#if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME) #if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
char* ipString; /* human readable form of IP address */ char* ipString; /* human readable form of IP address */
#endif #endif
#if defined(OPENSSL_ALL)
char* ridString; /* human readable form of registeredID */
#endif
#ifdef WOLFSSL_FPKI #ifdef WOLFSSL_FPKI
int oidSum; /* provide oid sum for verification */ int oidSum; /* provide oid sum for verification */
#endif #endif
@ -2162,7 +2166,7 @@ WOLFSSL_LOCAL int GetInt(mp_int* mpi, const byte* input, word32* inOutIdx,
word32 maxIdx); word32 maxIdx);
#ifdef HAVE_OID_ENCODING #ifdef HAVE_OID_ENCODING
WOLFSSL_LOCAL int EncodeObjectId(const word16* in, word32 inSz, WOLFSSL_API int EncodeObjectId(const word16* in, word32 inSz,
byte* out, word32* outSz); byte* out, word32* outSz);
#endif #endif
#if defined(HAVE_OID_DECODING) || defined(WOLFSSL_ASN_PRINT) #if defined(HAVE_OID_DECODING) || defined(WOLFSSL_ASN_PRINT)