diff --git a/ChangeLog b/ChangeLog index eca895dba..2ae8c3a93 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,7 @@ Features Changes * Padding checks in cipher layer are now constant-time + * Support for serialNumber, postalAddress and postalCode in X509 names Bugfix * More stringent checks in cipher layer diff --git a/include/polarssl/oid.h b/include/polarssl/oid.h index 85ab04c21..93ef8a6ab 100644 --- a/include/polarssl/oid.h +++ b/include/polarssl/oid.h @@ -104,11 +104,14 @@ */ #define OID_AT OID_ISO_CCITT_DS "\x04" /**< id-at OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 4} */ #define OID_AT_CN OID_AT "\x03" /**< id-at-commonName AttributeType:= {id-at 3} */ +#define OID_AT_SERIAL_NUMBER OID_AT "\x05" /**< id-at-serialNumber AttributeType:= {id-at 5} */ #define OID_AT_COUNTRY OID_AT "\x06" /**< id-at-countryName AttributeType:= {id-at 6} */ #define OID_AT_LOCALITY OID_AT "\x07" /**< id-at-locality AttributeType:= {id-at 7} */ #define OID_AT_STATE OID_AT "\x08" /**< id-at-state AttributeType:= {id-at 8} */ #define OID_AT_ORGANIZATION OID_AT "\x0A" /**< id-at-organizationName AttributeType:= {id-at 10} */ #define OID_AT_ORG_UNIT OID_AT "\x0B" /**< id-at-organizationalUnitName AttributeType:= {id-at 11} */ +#define OID_AT_POSTAL_ADDRESS OID_AT "\x10" /**< id-at-postalAddress AttributeType:= {id-at 16} */ +#define OID_AT_POSTAL_CODE OID_AT "\x11" /**< id-at-postalCode AttributeType:= {id-at 17} */ /* * OIDs for standard certificate extensions diff --git a/library/oid.c b/library/oid.c index 6efd51084..f0f43d813 100644 --- a/library/oid.c +++ b/library/oid.c @@ -183,6 +183,18 @@ static const oid_x520_attr_t oid_x520_attr_type[] = { ADD_LEN( OID_PKCS9_EMAIL ), "emailAddress", "E-mail address" }, "emailAddress", }, + { + { ADD_LEN( OID_AT_SERIAL_NUMBER ),"id-at-serialNumber", "Serial number" }, + "serialNumber", + }, + { + { ADD_LEN( OID_AT_POSTAL_ADDRESS ),"id-at-postalAddress", "Postal address" }, + "postalAddress", + }, + { + { ADD_LEN( OID_AT_POSTAL_CODE ), "id-at-postalCode", "Postal code" }, + "postalCode", + }, { { NULL, 0, NULL, NULL }, NULL, diff --git a/library/x509_create.c b/library/x509_create.c index cc7f9549a..1cb88c7b9 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -31,6 +31,10 @@ #include "polarssl/asn1write.h" #include "polarssl/oid.h" +#if defined(_MSC_VER) && !defined strncasecmp +#define strncasecmp _strnicmp +#endif + int x509_string_to_names( asn1_named_data **head, const char *name ) { int ret = 0; @@ -47,20 +51,26 @@ int x509_string_to_names( asn1_named_data **head, const char *name ) { if( in_tag && *c == '=' ) { - if( memcmp( s, "CN", 2 ) == 0 && c - s == 2 ) + if( c - s == 2 && strncasecmp( s, "CN", 2 ) == 0 ) oid = OID_AT_CN; - else if( memcmp( s, "C", 1 ) == 0 && c - s == 1 ) + else if( c - s == 1 && strncasecmp( s, "C", 1 ) == 0 ) oid = OID_AT_COUNTRY; - else if( memcmp( s, "O", 1 ) == 0 && c - s == 1 ) + else if( c - s == 1 && strncasecmp( s, "O", 1 ) == 0 ) oid = OID_AT_ORGANIZATION; - else if( memcmp( s, "L", 1 ) == 0 && c - s == 1 ) + else if( c - s == 1 && strncasecmp( s, "L", 1 ) == 0 ) oid = OID_AT_LOCALITY; - else if( memcmp( s, "R", 1 ) == 0 && c - s == 1 ) + else if( c - s == 1 && strncasecmp( s, "R", 1 ) == 0 ) oid = OID_PKCS9_EMAIL; - else if( memcmp( s, "OU", 2 ) == 0 && c - s == 2 ) + else if( c - s == 2 && strncasecmp( s, "OU", 2 ) == 0 ) oid = OID_AT_ORG_UNIT; - else if( memcmp( s, "ST", 2 ) == 0 && c - s == 2 ) + else if( c - s == 2 && strncasecmp( s, "ST", 2 ) == 0 ) oid = OID_AT_STATE; + else if( c - s == 12 && strncasecmp( s, "serialNumber", 12 ) == 0 ) + oid = OID_AT_SERIAL_NUMBER; + else if( c - s == 13 && strncasecmp( s, "postalAddress", 13 ) == 0 ) + oid = OID_AT_POSTAL_ADDRESS; + else if( c - s == 10 && strncasecmp( s, "postalCode", 10 ) == 0 ) + oid = OID_AT_POSTAL_CODE; else { ret = POLARSSL_ERR_X509_UNKNOWN_OID;