mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-25 23:21:06 +00:00
Added support for Netscape Certificate Types in CSR writing
Further generalization of extension adding / replacing in the CSR structure
This commit is contained in:
parent
e5eae76bf0
commit
1c0e550e21
|
@ -130,12 +130,38 @@ void x509write_csr_set_md_alg( x509_csr *ctx, md_type_t md_alg );
|
||||||
* (e.g. KU_DIGITAL_SIGNATURE | KU_KEY_CERT_SIGN)
|
* (e.g. KU_DIGITAL_SIGNATURE | KU_KEY_CERT_SIGN)
|
||||||
*
|
*
|
||||||
* \param ctx CSR context to use
|
* \param ctx CSR context to use
|
||||||
* \param key_usage key usage bitstring to set
|
* \param key_usage key usage flags to set
|
||||||
*
|
*
|
||||||
* \return 0 if successful, or POLARSSL_ERR_X509WRITE_MALLOC_FAILED
|
* \return 0 if successful, or POLARSSL_ERR_X509WRITE_MALLOC_FAILED
|
||||||
*/
|
*/
|
||||||
int x509write_csr_set_key_usage( x509_csr *ctx, unsigned char key_usage );
|
int x509write_csr_set_key_usage( x509_csr *ctx, unsigned char key_usage );
|
||||||
|
|
||||||
|
/**
|
||||||
|
* \brief Set the Netscape Cert Type flags
|
||||||
|
* (e.g. NS_CERT_TYPE_SSL_CLIENT | NS_CERT_TYPE_EMAIL)
|
||||||
|
*
|
||||||
|
* \param ctx CSR context to use
|
||||||
|
* \param ns_cert_type Netscape Cert Type flags to set
|
||||||
|
*
|
||||||
|
* \return 0 if successful, or POLARSSL_ERR_X509WRITE_MALLOC_FAILED
|
||||||
|
*/
|
||||||
|
int x509write_csr_set_ns_cert_type( x509_csr *ctx, unsigned char ns_cert_type );
|
||||||
|
|
||||||
|
/**
|
||||||
|
* \brief Generic function to add to or replace an extension in the CSR
|
||||||
|
*
|
||||||
|
* \param ctx CSR context to use
|
||||||
|
* \param oid OID of the extension
|
||||||
|
* \param oid_len length of the OID
|
||||||
|
* \param val value of the extension OCTET STRING
|
||||||
|
* \param val_len length of the value data
|
||||||
|
*
|
||||||
|
* \return 0 if successful, or a POLARSSL_ERR_X509WRITE_MALLOC_FAILED
|
||||||
|
*/
|
||||||
|
int x509write_csr_set_extension( x509_csr *ctx,
|
||||||
|
const char *oid, size_t oid_len,
|
||||||
|
const unsigned char *val, size_t val_len );
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \brief Free the contents of a CSR context
|
* \brief Free the contents of a CSR context
|
||||||
*
|
*
|
||||||
|
|
|
@ -156,14 +156,14 @@ exit:
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
int x509write_csr_set_key_usage( x509_csr *ctx, unsigned char key_usage )
|
int x509write_csr_set_extension( x509_csr *ctx,
|
||||||
|
const char *oid, size_t oid_len,
|
||||||
|
const unsigned char *val, size_t val_len )
|
||||||
{
|
{
|
||||||
asn1_named_data *cur;
|
asn1_named_data *cur;
|
||||||
unsigned char *c;
|
|
||||||
int len;
|
|
||||||
|
|
||||||
if( ( cur = asn1_find_named_data( ctx->extensions, OID_KEY_USAGE,
|
if( ( cur = asn1_find_named_data( ctx->extensions, oid,
|
||||||
OID_SIZE( OID_KEY_USAGE ) ) ) == NULL )
|
oid_len ) ) == NULL )
|
||||||
{
|
{
|
||||||
cur = polarssl_malloc( sizeof(asn1_named_data) );
|
cur = polarssl_malloc( sizeof(asn1_named_data) );
|
||||||
if( cur == NULL )
|
if( cur == NULL )
|
||||||
|
@ -171,32 +171,84 @@ int x509write_csr_set_key_usage( x509_csr *ctx, unsigned char key_usage )
|
||||||
|
|
||||||
memset( cur, 0, sizeof(asn1_named_data) );
|
memset( cur, 0, sizeof(asn1_named_data) );
|
||||||
|
|
||||||
cur->oid.len = OID_SIZE( OID_KEY_USAGE );
|
cur->oid.len = oid_len;
|
||||||
cur->oid.p = polarssl_malloc( cur->oid.len );
|
cur->oid.p = polarssl_malloc( oid_len );
|
||||||
if( cur->oid.p == NULL )
|
if( cur->oid.p == NULL )
|
||||||
{
|
{
|
||||||
free( cur );
|
polarssl_free( cur );
|
||||||
return( POLARSSL_ERR_X509WRITE_MALLOC_FAILED );
|
return( POLARSSL_ERR_X509WRITE_MALLOC_FAILED );
|
||||||
}
|
}
|
||||||
|
|
||||||
cur->val.len = 4;
|
cur->val.len = val_len;
|
||||||
cur->val.p = polarssl_malloc( cur->val.len );
|
cur->val.p = polarssl_malloc( val_len );
|
||||||
if( cur->val.p == NULL )
|
if( cur->val.p == NULL )
|
||||||
{
|
{
|
||||||
free( cur->oid.p );
|
polarssl_free( cur->oid.p );
|
||||||
free( cur );
|
polarssl_free( cur );
|
||||||
return( POLARSSL_ERR_X509WRITE_MALLOC_FAILED );
|
return( POLARSSL_ERR_X509WRITE_MALLOC_FAILED );
|
||||||
}
|
}
|
||||||
|
|
||||||
memcpy( cur->oid.p, OID_KEY_USAGE, OID_SIZE( OID_KEY_USAGE ) );
|
memcpy( cur->oid.p, oid, oid_len );
|
||||||
|
|
||||||
cur->next = ctx->extensions;
|
cur->next = ctx->extensions;
|
||||||
ctx->extensions = cur;
|
ctx->extensions = cur;
|
||||||
}
|
}
|
||||||
|
|
||||||
c = cur->val.p + cur->val.len;
|
if( cur->val.len != val_len )
|
||||||
if( ( len = asn1_write_bitstring( &c, cur->val.p, &key_usage, 6 ) ) < 0 )
|
{
|
||||||
exit(1);
|
polarssl_free( cur->val.p );
|
||||||
|
|
||||||
|
cur->val.len = val_len;
|
||||||
|
cur->val.p = polarssl_malloc( val_len );
|
||||||
|
if( cur->val.p == NULL )
|
||||||
|
{
|
||||||
|
polarssl_free( cur->oid.p );
|
||||||
|
polarssl_free( cur );
|
||||||
|
return( POLARSSL_ERR_X509WRITE_MALLOC_FAILED );
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
memcpy( cur->val.p, val, val_len );
|
||||||
|
|
||||||
|
return( 0 );
|
||||||
|
}
|
||||||
|
|
||||||
|
int x509write_csr_set_key_usage( x509_csr *ctx, unsigned char key_usage )
|
||||||
|
{
|
||||||
|
unsigned char buf[4];
|
||||||
|
unsigned char *c;
|
||||||
|
int ret;
|
||||||
|
|
||||||
|
c = buf + 4;
|
||||||
|
|
||||||
|
if( ( ret = asn1_write_bitstring( &c, buf, &key_usage, 6 ) ) != 4 )
|
||||||
|
return( ret );
|
||||||
|
|
||||||
|
ret = x509write_csr_set_extension( ctx, OID_KEY_USAGE,
|
||||||
|
OID_SIZE( OID_KEY_USAGE ),
|
||||||
|
buf, 4 );
|
||||||
|
if( ret != 0 )
|
||||||
|
return( ret );
|
||||||
|
|
||||||
|
return( 0 );
|
||||||
|
}
|
||||||
|
|
||||||
|
int x509write_csr_set_ns_cert_type( x509_csr *ctx, unsigned char ns_cert_type )
|
||||||
|
{
|
||||||
|
unsigned char buf[4];
|
||||||
|
unsigned char *c;
|
||||||
|
int ret;
|
||||||
|
|
||||||
|
c = buf + 4;
|
||||||
|
|
||||||
|
if( ( ret = asn1_write_bitstring( &c, buf, &ns_cert_type, 8 ) ) != 4 )
|
||||||
|
return( ret );
|
||||||
|
|
||||||
|
ret = x509write_csr_set_extension( ctx, OID_NS_CERT_TYPE,
|
||||||
|
OID_SIZE( OID_NS_CERT_TYPE ),
|
||||||
|
buf, 4 );
|
||||||
|
if( ret != 0 )
|
||||||
|
return( ret );
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue