mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-08 22:15:38 +00:00
Support composite RDNs in X.509 certs parsing
This commit is contained in:
parent
aa422b2f1a
commit
555fbf8758
|
@ -155,6 +155,7 @@ typedef struct _asn1_named_data
|
|||
asn1_buf oid; /**< The object identifier. */
|
||||
asn1_buf val; /**< The named value. */
|
||||
struct _asn1_named_data *next; /**< The next entry in the sequence. */
|
||||
unsigned char next_merged; /**< Merge next item into the current one? */
|
||||
}
|
||||
asn1_named_data;
|
||||
|
||||
|
|
|
@ -393,6 +393,11 @@ static int x509_get_attr_type_value( unsigned char **p,
|
|||
}
|
||||
|
||||
/*
|
||||
* Name ::= CHOICE { -- only one possibility for now --
|
||||
* rdnSequence RDNSequence }
|
||||
*
|
||||
* RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
|
||||
*
|
||||
* RelativeDistinguishedName ::=
|
||||
* SET OF AttributeTypeAndValue
|
||||
*
|
||||
|
@ -404,9 +409,11 @@ static int x509_get_attr_type_value( unsigned char **p,
|
|||
*
|
||||
* AttributeValue ::= ANY DEFINED BY AttributeType
|
||||
*
|
||||
* We restrict RelativeDistinguishedName to be a set of 1 element. This is
|
||||
* the most common case, and our x509_name structure currently can't handle
|
||||
* more than that.
|
||||
* The data structure is optimized for the common case where each RDN has only
|
||||
* one element, which is represented as a list of AttributeTypeAndValue.
|
||||
* For the general case we still use a flat list, but we mark elements of the
|
||||
* same set so that they are "merged" together in the functions that consume
|
||||
* this list, eg x509_dn_gets().
|
||||
*/
|
||||
int x509_get_name( unsigned char **p, const unsigned char *end,
|
||||
x509_name *cur )
|
||||
|
@ -419,7 +426,7 @@ int x509_get_name( unsigned char **p, const unsigned char *end,
|
|||
while( 1 )
|
||||
{
|
||||
/*
|
||||
* parse first SET, restricted to 1 element
|
||||
* parse SET
|
||||
*/
|
||||
if( ( ret = asn1_get_tag( p, end, &set_len,
|
||||
ASN1_CONSTRUCTED | ASN1_SET ) ) != 0 )
|
||||
|
@ -427,11 +434,26 @@ int x509_get_name( unsigned char **p, const unsigned char *end,
|
|||
|
||||
end_set = *p + set_len;
|
||||
|
||||
if( ( ret = x509_get_attr_type_value( p, end_set, cur ) ) != 0 )
|
||||
return( ret );
|
||||
while( 1 )
|
||||
{
|
||||
if( ( ret = x509_get_attr_type_value( p, end_set, cur ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
if( *p != end_set )
|
||||
return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
|
||||
if( *p == end_set )
|
||||
break;
|
||||
|
||||
/* Mark this item as being only one in a set */
|
||||
cur->next_merged = 1;
|
||||
|
||||
cur->next = (x509_name *) polarssl_malloc( sizeof( x509_name ) );
|
||||
|
||||
if( cur->next == NULL )
|
||||
return( POLARSSL_ERR_X509_MALLOC_FAILED );
|
||||
|
||||
memset( cur->next, 0, sizeof( x509_name ) );
|
||||
|
||||
cur = cur->next;
|
||||
}
|
||||
|
||||
/*
|
||||
* continue until end of SEQUENCE is reached
|
||||
|
@ -690,7 +712,7 @@ int x509_dn_gets( char *buf, size_t size, const x509_name *dn )
|
|||
{
|
||||
int ret;
|
||||
size_t i, n;
|
||||
unsigned char c;
|
||||
unsigned char c, merge = 0;
|
||||
const x509_name *name;
|
||||
const char *short_name = NULL;
|
||||
char s[X509_MAX_DN_NAME_SIZE], *p;
|
||||
|
@ -711,7 +733,7 @@ int x509_dn_gets( char *buf, size_t size, const x509_name *dn )
|
|||
|
||||
if( name != dn )
|
||||
{
|
||||
ret = snprintf( p, n, ", " );
|
||||
ret = snprintf( p, n, merge ? " + " : ", " );
|
||||
SAFE_SNPRINTF();
|
||||
}
|
||||
|
||||
|
@ -736,6 +758,8 @@ int x509_dn_gets( char *buf, size_t size, const x509_name *dn )
|
|||
s[i] = '\0';
|
||||
ret = snprintf( p, n, "%s", s );
|
||||
SAFE_SNPRINTF();
|
||||
|
||||
merge = name->next_merged;
|
||||
name = name->next;
|
||||
}
|
||||
|
||||
|
|
|
@ -1652,6 +1652,10 @@ static int x509_name_cmp( const x509_name *a, const x509_name *b )
|
|||
if( x509_string_cmp( &a->val, &b->val ) != 0 )
|
||||
return( -1 );
|
||||
|
||||
/* structure of the list of sets */
|
||||
if( a->next_merged != b->next_merged )
|
||||
return( -1 );
|
||||
|
||||
a = a->next;
|
||||
b = b->next;
|
||||
}
|
||||
|
|
|
@ -778,7 +778,7 @@ X509 Certificate ASN1 (TBSCertificate, issuer, no string data)
|
|||
x509parse_crt:"30253023a0030201028204deadbeef300d06092a864886f70d0101020500300731053003060013":"":POLARSSL_ERR_X509_INVALID_NAME + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||
|
||||
X509 Certificate ASN1 (TBSCertificate, issuer, no full following string)
|
||||
x509parse_crt:"302b3029a0030201028204deadbeef300d06092a864886f70d0101020500300d310b3009060013045465737400":"":POLARSSL_ERR_X509_FEATURE_UNAVAILABLE
|
||||
x509parse_crt:"302b3029a0030201028204deadbeef300d06092a864886f70d0101020500300d310b3009060013045465737400":"":POLARSSL_ERR_X509_INVALID_NAME+POLARSSL_ERR_ASN1_UNEXPECTED_TAG
|
||||
|
||||
X509 Certificate ASN1 (TBSCertificate, valid issuer, no validity)
|
||||
x509parse_crt:"302a3028a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374":"":POLARSSL_ERR_X509_INVALID_DATE + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||
|
@ -961,6 +961,10 @@ X509 Certificate ASN1 (Name with unknown X520 part)
|
|||
depends_on:POLARSSL_RSA_C
|
||||
x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d0101020500300f310d300b06035504de130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0
|
||||
|
||||
X509 Certificate ASN1 (Name with composite RDN)
|
||||
depends_on:POLARSSL_RSA_C
|
||||
x509parse_crt:"3082029f30820208a00302010202044c20e3bd300d06092a864886f70d01010505003056310b3009060355040613025553310b300906035504080c0243413121301f060355040a0c18496e7465726e6574205769646769747320507479204c74643117301506035504030c0e4672616e6b656e63657274204341301e170d3133303830323135313433375a170d3135303831373035353433315a3081d1310b3009060355040613025553311330110603550408130a57617368696e67746f6e31133011060b2b0601040182373c0201031302555331193017060b2b0601040182373c020102130844656c6177617265311a3018060355040a1311417574686f72697a652e4e6574204c4c43311d301b060355040f131450726976617465204f7267616e697a6174696f6e312a300e06035504051307343336393139313018060355040313117777772e617574686f72697a652e6e6574311630140603550407130d53616e204672616e636973636f30819f300d06092a864886f70d010101050003818d0030818902818100d885c62e209b6ac005c64f0bcfdaac1f2b67a18802f75b08851ff933deed888b7b68a62fcabdb21d4a8914becfeaaa1b7e08a09ffaf9916563586dc95e2877262b0b5f5ec27eb4d754aa6facd1d39d25b38a2372891bacdd3e919f791ed25704e8920e380e5623a38e6a23935978a3aec7a8e761e211d42effa2713e44e7de0b0203010001300d06092a864886f70d010105050003818100092f7424d3f6da4b8553829d958ed1980b9270b42c0d3d5833509a28c66bb207df9f3c51d122065e00b87c08c2730d2745fe1c279d16fae4d53b4bf5bdfa3631fceeb2e772b6b08a3eca5a2e2c687aefd23b4b73bf77ac6099711342cf070b35c6f61333a7cbf613d8dd4bd73e9df34bcd4284b0b4df57c36c450613f11e5dac":"cert. version \: 3\nserial number \: 4C\:20\:E3\:BD\nissuer name \: C=US, ST=CA, O=Internet Widgits Pty Ltd, CN=Frankencert CA\nsubject name \: C=US, ST=Washington, ??=US, ??=Delaware, O=Authorize.Net LLC, ??=Private Organization, serialNumber=4369191 + CN=www.authorize.net, L=San Francisco\nissued on \: 2013-08-02 15\:14\:37\nexpires on \: 2015-08-17 05\:54\:31\nsigned using \: RSA with SHA1\nRSA key size \: 1024 bits\n":0
|
||||
|
||||
X509 Certificate ASN1 (Name with PKCS9 email)
|
||||
depends_on:POLARSSL_RSA_C
|
||||
x509parse_crt:"30819f308189a0030201008204deadbeef300d06092a864886f70d010102050030153113301106092a864886f70d010901130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: emailAddress=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0
|
||||
|
|
Loading…
Reference in a new issue