From 90f5665318b2613d1488e4686681056e7fdd0511 Mon Sep 17 00:00:00 2001 From: Lealem Amedie Date: Tue, 20 Jun 2023 09:40:48 -0600 Subject: [PATCH 01/14] Improve subjectAltName extension parsing and printing --- src/x509.c | 8 ++++++ wolfcrypt/src/asn.c | 55 +++++++++++++++++++++++++++++++++++++++-- wolfssl/wolfcrypt/asn.h | 1 + 3 files changed, 62 insertions(+), 2 deletions(-) diff --git a/src/x509.c b/src/x509.c index 860eea185c..5755dc492e 100644 --- a/src/x509.c +++ b/src/x509.c @@ -5790,6 +5790,14 @@ static int X509PrintSubjAltName(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, else if (entry->type == ASN_URI_TYPE) { len = XSNPRINTF(scratch, MAX_WIDTH, "URI:%s", entry->name); + if (len >= MAX_WIDTH) { + ret = WOLFSSL_FAILURE; + break; + } + } + else if (entry->type == ASN_RID_TYPE) { + len = XSNPRINTF(scratch, MAX_WIDTH, "Registered ID:%s", + entry->name); if (len >= MAX_WIDTH) { ret = WOLFSSL_FAILURE; break; diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 9eec8bfce8..af980a3ea6 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -16924,6 +16924,15 @@ static int DecodeGeneralName(const byte* input, word32* inOutIdx, byte tag, } } #endif /* WOLFSSL_QT || OPENSSL_ALL */ + + /* GeneralName choice: registeredID */ + else if (tag == (ASN_CONTEXT_SPECIFIC | ASN_RID_TYPE)) { + ret = SetDNSEntry(cert, (const char*)(input + idx), len, + ASN_RID_TYPE, &cert->altNames); + if (ret == 0) { + idx += (word32)len; + } + } #endif /* IGNORE_NAME_CONSTRAINTS */ #if defined(WOLFSSL_SEP) || defined(WOLFSSL_FPKI) /* GeneralName choice: otherName */ @@ -16932,8 +16941,7 @@ static int DecodeGeneralName(const byte* input, word32* inOutIdx, byte tag, ret = DecodeOtherName(cert, input, &idx, idx + (word32)len); } #endif - /* GeneralName choice: dNSName, x400Address, ediPartyName, - * registeredID */ + /* GeneralName choice: dNSName, x400Address, ediPartyName */ else { WOLFSSL_MSG("\tUnsupported name type, skipping"); idx += (word32)len; @@ -20480,6 +20488,22 @@ static int DecodeCertReqAttrValue(DecodedCert* cert, int* criticalExt, } break; + case UNSTRUCTURED_NAME_OID: + /* Clear dynamic data and specify choices acceptable. */ + XMEMSET(strDataASN, 0, sizeof(strDataASN)); + GetASN_Choice(&strDataASN[STRATTRASN_IDX_STR], strAttrChoice); + /* Parse a string. */ + ret = GetASN_Items(strAttrASN, strDataASN, strAttrASN_Length, + 1, input, &idx, maxIdx); + if (ret == 0) { + /* Store references to unstructured name. */ + cert->unstructuredName = + (char*)strDataASN[STRATTRASN_IDX_STR].data.ref.data; + cert->unstructuredNameLen = (int)strDataASN[STRATTRASN_IDX_STR]. + data.ref.length; + } + break; + /* Certificate extensions to be included in generated certificate. * PKCS#9: RFC 2985, 5.4.2 - Extension request */ @@ -29346,6 +29370,11 @@ static const ASNItem certReqBodyASN[] = { /* ATTRS_CPW_SET */ { 3, ASN_SET, 1, 1, 0 }, /* ATTRS_CPW_PS */ { 4, ASN_PRINTABLE_STRING, 0, 0, 0 }, /* ATTRS_CPW_UTF */ { 4, ASN_UTF8STRING, 0, 0, 0 }, +/* ATTRS_USN_SEQ */ { 2, ASN_SEQUENCE, 1, 1, 1 }, +/* ATTRS_USN_OID */ { 3, ASN_OBJECT_ID, 0, 0, 0 }, +/* ATTRS_USN_SET */ { 3, ASN_SET, 1, 1, 0 }, +/* ATTRS_USN_PS */ { 4, ASN_PRINTABLE_STRING, 0, 0, 0 }, +/* ATTRS_USN_UTF */ { 4, ASN_UTF8STRING, 0, 0, 0 }, /* Extensions Attribute */ /* EXT_SEQ */ { 2, ASN_SEQUENCE, 1, 1, 1 }, /* EXT_OID */ { 3, ASN_OBJECT_ID, 0, 0, 0 }, @@ -29363,6 +29392,11 @@ enum { CERTREQBODYASN_IDX_ATTRS_CPW_SET, CERTREQBODYASN_IDX_ATTRS_CPW_PS, CERTREQBODYASN_IDX_ATTRS_CPW_UTF, + CERTREQBODYASN_IDX_ATTRS_USN_SEQ, + CERTREQBODYASN_IDX_ATTRS_USN_OID, + CERTREQBODYASN_IDX_ATTRS_USN_SET, + CERTREQBODYASN_IDX_ATTRS_USN_PS, + CERTREQBODYASN_IDX_ATTRS_USN_UTF, CERTREQBODYASN_IDX_EXT_SEQ, CERTREQBODYASN_IDX_EXT_OID, CERTREQBODYASN_IDX_EXT_SET, @@ -29616,6 +29650,23 @@ static int MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz, SetASNItem_NoOutNode(dataASN, certReqBodyASN, CERTREQBODYASN_IDX_ATTRS_CPW_SEQ, certReqBodyASN_Length); } + if (cert->unstructuredName[0] != '\0') { + /* Add unstructured name attribute. */ + /* Set unstructured name OID. */ + SetASN_Buffer(&dataASN[CERTREQBODYASN_IDX_ATTRS_USN_OID], + attrUnstructuredNameOid, sizeof(attrUnstructuredNameOid)); + /* PRINTABLE_STRING - set buffer */ + SetASN_Buffer(&dataASN[CERTREQBODYASN_IDX_ATTRS_USN_PS], + (byte*)cert->unstructuredName, + (word32)XSTRLEN(cert->unstructuredName)); + /* UTF8STRING - don't encode */ + dataASN[CERTREQBODYASN_IDX_ATTRS_USN_UTF].noOut = 1; + } + else { + /* Leave out unstructured name attribute item. */ + SetASNItem_NoOutNode(dataASN, certReqBodyASN, + CERTREQBODYASN_IDX_ATTRS_USN_SEQ, certReqBodyASN_Length); + } if (extSz > 0) { /* Set extension attribute OID. */ SetASN_Buffer(&dataASN[CERTREQBODYASN_IDX_EXT_OID], attrExtensionRequestOid, diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 24d8362c8b..f4f0c1d6db 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -139,6 +139,7 @@ enum ASN_Tags { ASN_DIR_TYPE = 0x04, ASN_URI_TYPE = 0x06, /* the value 6 is from GeneralName OID */ ASN_IP_TYPE = 0x07, /* the value 7 is from GeneralName OID */ + ASN_RID_TYPE = 0x08, /* PKCS #7 types */ ASN_ENC_CONTENT = 0x00, From fdc95f9ba6cfa1be9edcbc1ffe521c512b5663d0 Mon Sep 17 00:00:00 2001 From: Lealem Amedie Date: Thu, 22 Jun 2023 11:04:03 -0600 Subject: [PATCH 02/14] Handle registeredID correctly --- configure.ac | 3 ++ src/x509.c | 2 +- wolfcrypt/src/asn.c | 70 +++++++++++++++++++++++++++++++++++++++++ wolfssl/wolfcrypt/asn.h | 6 +++- 4 files changed, 79 insertions(+), 2 deletions(-) diff --git a/configure.ac b/configure.ac index 596117ce53..155bef162d 100644 --- a/configure.ac +++ b/configure.ac @@ -7815,6 +7815,9 @@ then # Uses alt name ENABLED_ALTNAMES="yes" + + AM_CFLAGS="$AM_CFLAGS -DHAVE_OID_ENCODING -DWOLFSSL_NO_ASN_STRICT" + fi if test "$ENABLED_STRONGSWAN" = "yes"; then diff --git a/src/x509.c b/src/x509.c index 5755dc492e..b37de20eaf 100644 --- a/src/x509.c +++ b/src/x509.c @@ -5797,7 +5797,7 @@ static int X509PrintSubjAltName(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, } else if (entry->type == ASN_RID_TYPE) { len = XSNPRINTF(scratch, MAX_WIDTH, "Registered ID:%s", - entry->name); + entry->ridString); if (len >= MAX_WIDTH) { ret = WOLFSSL_FAILURE; break; diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index af980a3ea6..f9a650f623 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -11159,6 +11159,9 @@ void FreeAltNames(DNS_entry* altNames, void* heap) XFREE(altNames->name, heap, DYNAMIC_TYPE_ALTNAME); #if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME) XFREE(altNames->ipString, heap, DYNAMIC_TYPE_ALTNAME); + #endif + #if defined(OPENSSL_ALL) + XFREE(altNames->ridString, heap, DYNAMIC_TYPE_ALTNAME); #endif XFREE(altNames, heap, DYNAMIC_TYPE_ALTNAME); altNames = tmp; @@ -12337,6 +12340,66 @@ static int GenerateDNSEntryIPString(DNS_entry* entry, void* heap) } #endif /* OPENSSL_ALL || WOLFSSL_IP_ALT_NAME */ +#if defined(OPENSSL_ALL) +/* used to set the human readable string for the registeredID with an + * ASN_RID_TYPE DNS entry + * return 0 on success + */ +static int GenerateDNSEntryRIDString(DNS_entry* entry, void* heap) +{ + int i, j, ret = 0; + int nameSz; + int tmpSize = MAX_OID_SZ; + word16 tmpName[MAX_OID_SZ]; + char* rid; + char dottedName[MAX_OID_SZ] = {0}; + + if (entry == NULL || entry->type != ASN_RID_TYPE) { + return BAD_FUNC_ARG; + } + + if (entry->len <= 0) { + return BAD_FUNC_ARG; + } + rid = entry->name; + + /* Decode OBJECT_ID into dotted form array. */ + ret = DecodeObjectId((const byte*)(rid),(word32)entry->len, tmpName, + (word32*)&tmpSize); + if (ret == 0) { + j = 0; + /* Append each number of dotted form. */ + for (i = 0; i < tmpSize; i++) { + ret = XSNPRINTF(dottedName + j, MAX_OID_SZ, "%d", tmpName[i]); + if (ret >= 0) { + j += ret; + if (i < tmpSize - 1) { + dottedName[j] = '.'; + j++; + } + } + else { + return BUFFER_E; + } + } + ret = 0; + } + + if (ret == 0) { + nameSz = (int)XSTRLEN((const char*)dottedName); + entry->ridString = (char*)XMALLOC(nameSz + 1, heap, DYNAMIC_TYPE_ALTNAME); + if (entry->ridString == NULL) { + ret = MEMORY_E; + } + + XMEMCPY(entry->ridString, dottedName, nameSz); + entry->ridString[nameSz] = '\0'; + } + + return ret; +} +#endif /* OPENSSL_ALL */ + #ifdef WOLFSSL_ASN_TEMPLATE #if defined(WOLFSSL_CERT_GEN) || !defined(NO_CERTS) @@ -12423,6 +12486,13 @@ static int SetDNSEntry(DecodedCert* cert, const char* str, int strLen, XFREE(dnsEntry, cert->heap, DYNAMIC_TYPE_ALTNAME); } } + /* store registeredID as a string */ + else if (type == ASN_RID_TYPE) { + if ((ret = GenerateDNSEntryRIDString(dnsEntry, cert->heap)) != 0) { + XFREE(dnsEntry->name, cert->heap, DYNAMIC_TYPE_ALTNAME); + XFREE(dnsEntry, cert->heap, DYNAMIC_TYPE_ALTNAME); + } + } } if (ret == 0) { #endif diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index f4f0c1d6db..2d0d66bfc0 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -1360,6 +1360,10 @@ struct DNS_entry { #if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME) char* ipString; /* human readable form of IP address */ #endif +#if defined(OPENSSL_ALL) + char* ridString; /* human readable form of registeredID */ +#endif + #ifdef WOLFSSL_FPKI int oidSum; /* provide oid sum for verification */ #endif @@ -2162,7 +2166,7 @@ WOLFSSL_LOCAL int GetInt(mp_int* mpi, const byte* input, word32* inOutIdx, word32 maxIdx); #ifdef HAVE_OID_ENCODING - WOLFSSL_LOCAL int EncodeObjectId(const word16* in, word32 inSz, + WOLFSSL_API int EncodeObjectId(const word16* in, word32 inSz, byte* out, word32* outSz); #endif #if defined(HAVE_OID_DECODING) || defined(WOLFSSL_ASN_PRINT) From 2a539fe028641e8c6f1db7b26ff8ff396dc1122e Mon Sep 17 00:00:00 2001 From: Lealem Amedie Date: Thu, 22 Jun 2023 11:43:13 -0600 Subject: [PATCH 03/14] Cleanup --- src/x509.c | 2 ++ wolfcrypt/src/asn.c | 25 ++++++++++++++++--------- 2 files changed, 18 insertions(+), 9 deletions(-) diff --git a/src/x509.c b/src/x509.c index b37de20eaf..7a447ead61 100644 --- a/src/x509.c +++ b/src/x509.c @@ -5795,6 +5795,7 @@ static int X509PrintSubjAltName(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, break; } } + #if defined(OPENSSL_ALL) else if (entry->type == ASN_RID_TYPE) { len = XSNPRINTF(scratch, MAX_WIDTH, "Registered ID:%s", entry->ridString); @@ -5803,6 +5804,7 @@ static int X509PrintSubjAltName(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, break; } } + #endif else if (entry->type == ASN_OTHER_TYPE) { len = XSNPRINTF(scratch, MAX_WIDTH, "othername "); diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index f9a650f623..cf9cc9e0aa 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -12340,7 +12340,7 @@ static int GenerateDNSEntryIPString(DNS_entry* entry, void* heap) } #endif /* OPENSSL_ALL || WOLFSSL_IP_ALT_NAME */ -#if defined(OPENSSL_ALL) +#if defined(OPENSSL_ALL) && defined(WOLFSSL_ASN_TEMPLATE) /* used to set the human readable string for the registeredID with an * ASN_RID_TYPE DNS entry * return 0 on success @@ -12363,9 +12363,14 @@ static int GenerateDNSEntryRIDString(DNS_entry* entry, void* heap) } rid = entry->name; +#if defined(HAVE_OID_DECODING) || defined(WOLFSSL_ASN_PRINT) /* Decode OBJECT_ID into dotted form array. */ ret = DecodeObjectId((const byte*)(rid),(word32)entry->len, tmpName, (word32*)&tmpSize); +#else + ret = NOT_COMPILED_IN; +#endif + if (ret == 0) { j = 0; /* Append each number of dotted form. */ @@ -12398,7 +12403,7 @@ static int GenerateDNSEntryRIDString(DNS_entry* entry, void* heap) return ret; } -#endif /* OPENSSL_ALL */ +#endif /* OPENSSL_ALL && WOLFSSL_ASN_TEMPLATE */ #ifdef WOLFSSL_ASN_TEMPLATE @@ -12478,17 +12483,19 @@ static int SetDNSEntry(DecodedCert* cert, const char* str, int strLen, XMEMCPY(dnsEntry->name, str, (size_t)strLen); dnsEntry->name[strLen] = '\0'; -#if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME) - /* store IP addresses as a string */ - if (type == ASN_IP_TYPE) { - if ((ret = GenerateDNSEntryIPString(dnsEntry, cert->heap)) != 0) { +#if defined(OPENSSL_ALL) + /* store registeredID as a string */ + if (type == ASN_RID_TYPE) { + if ((ret = GenerateDNSEntryRIDString(dnsEntry, cert->heap)) != 0) { XFREE(dnsEntry->name, cert->heap, DYNAMIC_TYPE_ALTNAME); XFREE(dnsEntry, cert->heap, DYNAMIC_TYPE_ALTNAME); } } - /* store registeredID as a string */ - else if (type == ASN_RID_TYPE) { - if ((ret = GenerateDNSEntryRIDString(dnsEntry, cert->heap)) != 0) { +#endif +#if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME) + /* store IP addresses as a string */ + if (type == ASN_IP_TYPE) { + if ((ret = GenerateDNSEntryIPString(dnsEntry, cert->heap)) != 0) { XFREE(dnsEntry->name, cert->heap, DYNAMIC_TYPE_ALTNAME); XFREE(dnsEntry, cert->heap, DYNAMIC_TYPE_ALTNAME); } From 48de458017a963ca79ed351d535c9157f05793df Mon Sep 17 00:00:00 2001 From: Lealem Amedie Date: Mon, 26 Jun 2023 13:41:39 -0600 Subject: [PATCH 04/14] Add Obj_txt2oidBuf function --- src/ssl.c | 75 +++++++++++++++++++++++++++++++++++++++-- wolfcrypt/src/asn.c | 71 ++++++++++++++++++++++---------------- wolfssl/ssl.h | 1 + wolfssl/wolfcrypt/asn.h | 5 ++- 4 files changed, 119 insertions(+), 33 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index b933f7394b..57854c37b7 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -29369,6 +29369,51 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl) } #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ +#if defined(OPENSSL_ALL) +const byte* wolfSSL_OBJ_txt2oidBuf(char* buf, word32* inOutSz, word32 oidType) + { + char *token; + byte* oidBuf = NULL; + word32 oid; + word16 dotted[ASN1_OID_DOTTED_MAX_SZ]; + word32 dottedCount = 0; + int nid; + + if (buf == NULL) + return NULL; + + nid = wolfSSL_OBJ_txt2nid(buf); + + if (nid != NID_undef) { + /* Handle named OID case */ + oid = nid2oid(nid, oidType); + oidBuf = (byte*)OidFromId(oid, oidType,inOutSz); + } + #if defined(HAVE_OID_ENCODING) + else { + /* Handle dotted form OID case*/ + token = XSTRTOK(buf, ".", NULL); + + while (token != NULL) { + dotted[dottedCount] = XATOI(token); + dottedCount++; + token = XSTRTOK(NULL, ".", NULL); + } + + if (EncodeObjectId(dotted, dottedCount, oidBuf, inOutSz) != 0) { + oidBuf = NULL; + } + } + #else + (void)token; + (void)dotted; + (void)dottedCount; + #endif + + return (const byte*)oidBuf; + } +#endif /* OPENSSL_ALL */ + #if defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) || \ defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(HAVE_STUNNEL) || \ defined(WOLFSSL_NGINX) || defined(HAVE_POCO_LIB) || \ @@ -33912,6 +33957,7 @@ int wolfSSL_set_alpn_protos(WOLFSSL* ssl, word32 nid2oid(int nid, int grp) { + size_t i; /* get OID type */ switch (grp) { /* oidHashType */ @@ -34269,10 +34315,33 @@ word32 nid2oid(int nid, int grp) } break; + /* oidCmsKeyAgreeType */ + #ifdef WOLFSSL_CERT_REQ + case oidCsrAttrType: + switch (nid) { + case NID_pkcs9_contentType: + return PKCS9_CONTENT_TYPE_OID; + case NID_pkcs9_challengePassword: + return CHALLENGE_PASSWORD_OID; + case NID_serialNumber: + return SERIAL_NUMBER_OID; + case NID_userId: + return USER_ID_OID; + case NID_surname: + return SURNAME_OID; + } + break; + #endif + default: WOLFSSL_MSG("NID not in table"); - /* MSVC warns without the cast */ - return (word32)-1; + } + + /* If not found in above switch then try the table */ + for (i = 0; i < WOLFSSL_OBJECT_INFO_SZ; i++) { + if (wolfssl_object_info[i].nid == nid) { + return wolfssl_object_info[i].id; + } } /* MSVC warns without the cast */ @@ -34647,7 +34716,7 @@ int oid2nid(word32 oid, int grp) #endif default: - WOLFSSL_MSG("NID not in table"); + WOLFSSL_MSG("OID not in table"); } /* If not found in above switch then try the table */ for (i = 0; i < WOLFSSL_OBJECT_INFO_SZ; i++) { diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index cf9cc9e0aa..65b4fe7f70 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -12350,9 +12350,13 @@ static int GenerateDNSEntryRIDString(DNS_entry* entry, void* heap) int i, j, ret = 0; int nameSz; int tmpSize = MAX_OID_SZ; + int endChar = 0; + int nid = 0; + word32 oid = 0; + word32 idx = 0; word16 tmpName[MAX_OID_SZ]; + char finalName[MAX_OID_SZ]; char* rid; - char dottedName[MAX_OID_SZ] = {0}; if (entry == NULL || entry->type != ASN_RID_TYPE) { return BAD_FUNC_ARG; @@ -12361,44 +12365,56 @@ static int GenerateDNSEntryRIDString(DNS_entry* entry, void* heap) if (entry->len <= 0) { return BAD_FUNC_ARG; } + + XMEMSET(&finalName, 0, MAX_OID_SZ); rid = entry->name; -#if defined(HAVE_OID_DECODING) || defined(WOLFSSL_ASN_PRINT) - /* Decode OBJECT_ID into dotted form array. */ - ret = DecodeObjectId((const byte*)(rid),(word32)entry->len, tmpName, - (word32*)&tmpSize); -#else - ret = NOT_COMPILED_IN; -#endif + ret = GetOID((const byte*)rid, &idx, &oid, oidIgnoreType, entry->len); - if (ret == 0) { - j = 0; - /* Append each number of dotted form. */ - for (i = 0; i < tmpSize; i++) { - ret = XSNPRINTF(dottedName + j, MAX_OID_SZ, "%d", tmpName[i]); - if (ret >= 0) { - j += ret; - if (i < tmpSize - 1) { - dottedName[j] = '.'; - j++; + if (ret == 0 && (nid = oid2nid(oid, oidCsrAttrType)) > 0) { + rid = (char*)wolfSSL_OBJ_nid2ln(nid); + XSTRNCPY(finalName, rid, XSTRLEN((const char*)rid)); + } + else { + #if defined(HAVE_OID_DECODING) || defined(WOLFSSL_ASN_PRINT) + /* Decode OBJECT_ID into dotted form array. */ + ret = DecodeObjectId((const byte*)(rid),(word32)entry->len, tmpName, + (word32*)&tmpSize); + #else + ret = NOT_COMPILED_IN; + #endif + + if (ret == 0) { + endChar = 1; + j = 0; + /* Append each number of dotted form. */ + for (i = 0; i < tmpSize; i++) { + ret = XSNPRINTF(finalName + j, MAX_OID_SZ, "%d", tmpName[i]); + if (ret >= 0) { + j += ret; + if (i < tmpSize - 1) { + finalName[j] = '.'; + j++; + } + } + else { + return BUFFER_E; } } - else { - return BUFFER_E; - } + ret = 0; } - ret = 0; } if (ret == 0) { - nameSz = (int)XSTRLEN((const char*)dottedName); - entry->ridString = (char*)XMALLOC(nameSz + 1, heap, DYNAMIC_TYPE_ALTNAME); + nameSz = (int)XSTRLEN((const char*)finalName); + entry->ridString = (char*)XMALLOC(nameSz + endChar, heap, DYNAMIC_TYPE_ALTNAME); if (entry->ridString == NULL) { ret = MEMORY_E; } - XMEMCPY(entry->ridString, dottedName, nameSz); - entry->ridString[nameSz] = '\0'; + XMEMCPY(entry->ridString, finalName, nameSz); + if (endChar) + entry->ridString[nameSz] = '\0'; } return ret; @@ -37280,9 +37296,6 @@ int wc_Asn1_SetFile(Asn1* asn1, XFILE file) return ret; } -/* Maximum OID dotted form size. */ -#define ASN1_OID_DOTTED_MAX_SZ 16 - /* Print OID in dotted form or as hex bytes. * * @param [in] file File pointer to write to. diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 648cdbceef..0f1993e23f 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -4168,6 +4168,7 @@ WOLFSSL_API size_t wolfSSL_OBJ_length(const WOLFSSL_ASN1_OBJECT* o); WOLFSSL_API const unsigned char* wolfSSL_OBJ_get0_data( const WOLFSSL_ASN1_OBJECT* o); +WOLFSSL_API const byte* wolfSSL_OBJ_txt2oidBuf(char* b, word32* sz, word32 t); WOLFSSL_API const char* wolfSSL_OBJ_nid2ln(int n); WOLFSSL_API int wolfSSL_OBJ_ln2nid(const char *ln); WOLFSSL_API int wolfSSL_OBJ_cmp(const WOLFSSL_ASN1_OBJECT* a, diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 2d0d66bfc0..a476cfc7fb 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -898,6 +898,9 @@ enum ECC_TYPES #endif #endif +/* Maximum OID dotted form size. */ +#define ASN1_OID_DOTTED_MAX_SZ 16 + enum Misc_ASN { MAX_SALT_SIZE = 64, /* MAX PKCS Salt length */ MAX_IV_SIZE = 64, /* MAX PKCS Iv length */ @@ -2166,7 +2169,7 @@ WOLFSSL_LOCAL int GetInt(mp_int* mpi, const byte* input, word32* inOutIdx, word32 maxIdx); #ifdef HAVE_OID_ENCODING - WOLFSSL_API int EncodeObjectId(const word16* in, word32 inSz, + WOLFSSL_LOCAL int EncodeObjectId(const word16* in, word32 inSz, byte* out, word32* outSz); #endif #if defined(HAVE_OID_DECODING) || defined(WOLFSSL_ASN_PRINT) From 1d83448df7c383056fda402aabd5aaf5a5d18dd0 Mon Sep 17 00:00:00 2001 From: Lealem Amedie Date: Mon, 26 Jun 2023 15:22:35 -0600 Subject: [PATCH 05/14] memcpy instead of strcpy --- wolfcrypt/src/asn.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 65b4fe7f70..61fd259f98 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -12373,7 +12373,7 @@ static int GenerateDNSEntryRIDString(DNS_entry* entry, void* heap) if (ret == 0 && (nid = oid2nid(oid, oidCsrAttrType)) > 0) { rid = (char*)wolfSSL_OBJ_nid2ln(nid); - XSTRNCPY(finalName, rid, XSTRLEN((const char*)rid)); + XMEMCPY(finalName, rid, XSTRLEN((const char*)rid)); } else { #if defined(HAVE_OID_DECODING) || defined(WOLFSSL_ASN_PRINT) From ee63d73299cb325287e8f18250071e7e2034476c Mon Sep 17 00:00:00 2001 From: Lealem Amedie Date: Mon, 26 Jun 2023 17:49:22 -0600 Subject: [PATCH 06/14] Restore nid2oid functionality to preserve expected behaviour --- src/ssl.c | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 57854c37b7..e5660994c0 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -33957,7 +33957,6 @@ int wolfSSL_set_alpn_protos(WOLFSSL* ssl, word32 nid2oid(int nid, int grp) { - size_t i; /* get OID type */ switch (grp) { /* oidHashType */ @@ -34335,13 +34334,8 @@ word32 nid2oid(int nid, int grp) default: WOLFSSL_MSG("NID not in table"); - } - - /* If not found in above switch then try the table */ - for (i = 0; i < WOLFSSL_OBJECT_INFO_SZ; i++) { - if (wolfssl_object_info[i].nid == nid) { - return wolfssl_object_info[i].id; - } + /* MSVC warns without the cast */ + return (word32)-1; } /* MSVC warns without the cast */ From 47350fa95caed78e1599cbcc7cf48f2b34310384 Mon Sep 17 00:00:00 2001 From: Lealem Amedie Date: Tue, 27 Jun 2023 12:33:57 -0600 Subject: [PATCH 07/14] Remove manual encoding of OID in txt2oidBuf --- src/ssl.c | 31 ++++--------------------------- wolfssl/wolfcrypt/asn.h | 2 +- 2 files changed, 5 insertions(+), 28 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index e5660994c0..d4ebe9cc25 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -29370,13 +29370,11 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl) #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ #if defined(OPENSSL_ALL) +/* Returns the oid buffer from the short name or long name of an ASN1_object + * and NULL on failure */ const byte* wolfSSL_OBJ_txt2oidBuf(char* buf, word32* inOutSz, word32 oidType) { - char *token; - byte* oidBuf = NULL; word32 oid; - word16 dotted[ASN1_OID_DOTTED_MAX_SZ]; - word32 dottedCount = 0; int nid; if (buf == NULL) @@ -29385,32 +29383,11 @@ const byte* wolfSSL_OBJ_txt2oidBuf(char* buf, word32* inOutSz, word32 oidType) nid = wolfSSL_OBJ_txt2nid(buf); if (nid != NID_undef) { - /* Handle named OID case */ oid = nid2oid(nid, oidType); - oidBuf = (byte*)OidFromId(oid, oidType,inOutSz); + return OidFromId(oid, oidType,inOutSz); } - #if defined(HAVE_OID_ENCODING) - else { - /* Handle dotted form OID case*/ - token = XSTRTOK(buf, ".", NULL); - - while (token != NULL) { - dotted[dottedCount] = XATOI(token); - dottedCount++; - token = XSTRTOK(NULL, ".", NULL); - } - if (EncodeObjectId(dotted, dottedCount, oidBuf, inOutSz) != 0) { - oidBuf = NULL; - } - } - #else - (void)token; - (void)dotted; - (void)dottedCount; - #endif - - return (const byte*)oidBuf; + return NULL; } #endif /* OPENSSL_ALL */ diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index a476cfc7fb..c6e56372fe 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -2169,7 +2169,7 @@ WOLFSSL_LOCAL int GetInt(mp_int* mpi, const byte* input, word32* inOutIdx, word32 maxIdx); #ifdef HAVE_OID_ENCODING - WOLFSSL_LOCAL int EncodeObjectId(const word16* in, word32 inSz, + WOLFSSL_API int EncodeObjectId(const word16* in, word32 inSz, byte* out, word32* outSz); #endif #if defined(HAVE_OID_DECODING) || defined(WOLFSSL_ASN_PRINT) From 7251d564ebb5e81801084510b96939f3e812525d Mon Sep 17 00:00:00 2001 From: Lealem Amedie Date: Wed, 28 Jun 2023 13:04:47 -0600 Subject: [PATCH 08/14] Use new RID function in asn=original --- wolfcrypt/src/asn.c | 52 +++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 50 insertions(+), 2 deletions(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 61fd259f98..1fc42a52d1 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -12340,7 +12340,7 @@ static int GenerateDNSEntryIPString(DNS_entry* entry, void* heap) } #endif /* OPENSSL_ALL || WOLFSSL_IP_ALT_NAME */ -#if defined(OPENSSL_ALL) && defined(WOLFSSL_ASN_TEMPLATE) +#if defined(OPENSSL_ALL) /* used to set the human readable string for the registeredID with an * ASN_RID_TYPE DNS entry * return 0 on success @@ -17544,7 +17544,55 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert) length -= strLen; idx += (word32)strLen; } -#endif /* WOLFSSL_QT || OPENSSL_ALL */ +#endif /* WOLFSSL_QT || OPENSSL_ALL || WOLFSSL_IP_ALT_NAME */ +#if defined(OPENSSL_ALL) + else if (current_byte == (ASN_CONTEXT_SPECIFIC | ASN_RID_TYPE)) { + DNS_entry* rid; + int strLen; + word32 lenStartIdx = idx; + WOLFSSL_MSG("Decoding Subject Alt. Name: Registered Id"); + + if (GetLength(input, &idx, &strLen, sz) < 0) { + WOLFSSL_MSG("\tfail: str length"); + return ASN_PARSE_E; + } + length -= (idx - lenStartIdx); + /* check that strLen at index is not past input buffer */ + if (strLen + idx > sz) { + return BUFFER_E; + } + + rid = AltNameNew(cert->heap); + if (rid == NULL) { + WOLFSSL_MSG("\tOut of Memory"); + return MEMORY_E; + } + + rid->type = ASN_RID_TYPE; + rid->name = (char*)XMALLOC((size_t)strLen + 1, cert->heap, + DYNAMIC_TYPE_ALTNAME); + if (rid->name == NULL) { + WOLFSSL_MSG("\tOut of Memory"); + XFREE(rid, cert->heap, DYNAMIC_TYPE_ALTNAME); + return MEMORY_E; + } + rid->len = strLen; + XMEMCPY(rid->name, &input[idx], strLen); + rid->name[strLen] = '\0'; + + if (GenerateDNSEntryRIDString(rid, cert->heap) != 0) { + WOLFSSL_MSG("\tOut of Memory for registerd Id string"); + XFREE(rid->name, cert->heap, DYNAMIC_TYPE_ALTNAME); + XFREE(rid, cert->heap, DYNAMIC_TYPE_ALTNAME); + return MEMORY_E; + } + + AddAltName(cert, rid); + + length -= strLen; + idx += (word32)strLen; + } +#endif /* OPENSSL_ALL */ #endif /* IGNORE_NAME_CONSTRAINTS */ else if (current_byte == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | ASN_OTHER_TYPE)) { From c45f7c87b0447971b15f3056839a79a9ab6b2a2f Mon Sep 17 00:00:00 2001 From: Lealem Amedie Date: Wed, 28 Jun 2023 13:46:45 -0600 Subject: [PATCH 09/14] Make DecodeObjectId available for OPENSSL_ALL --- wolfcrypt/src/asn.c | 9 +++------ wolfssl/wolfcrypt/asn.h | 3 ++- 2 files changed, 5 insertions(+), 7 deletions(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 1fc42a52d1..1d0aadfe25 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -5513,7 +5513,8 @@ int EncodeObjectId(const word16* in, word32 inSz, byte* out, word32* outSz) } #endif /* HAVE_OID_ENCODING */ -#if defined(HAVE_OID_DECODING) || defined(WOLFSSL_ASN_PRINT) +#if defined(HAVE_OID_DECODING) || defined(WOLFSSL_ASN_PRINT) || \ + defined(OPENSSL_ALL) /* Encode dotted form of OID into byte array version. * * @param [in] in Byte array containing OID. @@ -5560,7 +5561,7 @@ int DecodeObjectId(const byte* in, word32 inSz, word16* out, word32* outSz) return 0; } -#endif /* HAVE_OID_DECODING */ +#endif /* HAVE_OID_DECODING || WOLFSSL_ASN_PRINT || OPENSSL_ALL */ /* Decode the header of a BER/DER encoded OBJECT ID. * @@ -12376,13 +12377,9 @@ static int GenerateDNSEntryRIDString(DNS_entry* entry, void* heap) XMEMCPY(finalName, rid, XSTRLEN((const char*)rid)); } else { - #if defined(HAVE_OID_DECODING) || defined(WOLFSSL_ASN_PRINT) /* Decode OBJECT_ID into dotted form array. */ ret = DecodeObjectId((const byte*)(rid),(word32)entry->len, tmpName, (word32*)&tmpSize); - #else - ret = NOT_COMPILED_IN; - #endif if (ret == 0) { endChar = 1; diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index c6e56372fe..a768d6671a 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -2172,7 +2172,8 @@ WOLFSSL_LOCAL int GetInt(mp_int* mpi, const byte* input, word32* inOutIdx, WOLFSSL_API int EncodeObjectId(const word16* in, word32 inSz, byte* out, word32* outSz); #endif -#if defined(HAVE_OID_DECODING) || defined(WOLFSSL_ASN_PRINT) +#if defined(HAVE_OID_DECODING) || defined(WOLFSSL_ASN_PRINT) || \ + defined(OPENSSL_ALL) WOLFSSL_LOCAL int DecodeObjectId(const byte* in, word32 inSz, word16* out, word32* outSz); #endif From 5ba579397dea7ffae39ef0bfeb8113563e65c47c Mon Sep 17 00:00:00 2001 From: Lealem Amedie Date: Fri, 30 Jun 2023 14:14:27 -0600 Subject: [PATCH 10/14] Make public wc_ api for EncodeObjectId --- wolfcrypt/src/asn.c | 7 ++++++- wolfssl/wolfcrypt/asn.h | 4 +++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 1d0aadfe25..b6051bfc96 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -5438,13 +5438,18 @@ static int CheckCurve(word32 oid) * @return BAD_FUNC_ARG when in or outSz is NULL. * @return BUFFER_E when buffer too small. */ +int wc_EncodeObjectId(const word16* in, word32 inSz, byte* out, word32* outSz) +{ + return EncodeObjectId(in, inSz, out, outSz); +} + int EncodeObjectId(const word16* in, word32 inSz, byte* out, word32* outSz) { int i, x, len; word32 d, t; /* check args */ - if (in == NULL || outSz == NULL) { + if (in == NULL || outSz == NULL || inSz <= 0) { return BAD_FUNC_ARG; } diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index a768d6671a..d4e0ee9c88 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -2169,7 +2169,9 @@ WOLFSSL_LOCAL int GetInt(mp_int* mpi, const byte* input, word32* inOutIdx, word32 maxIdx); #ifdef HAVE_OID_ENCODING - WOLFSSL_API int EncodeObjectId(const word16* in, word32 inSz, + WOLFSSL_API int wc_EncodeObjectId(const word16* in, word32 inSz, + byte* out, word32* outSz); + WOLFSSL_LOCAL int EncodeObjectId(const word16* in, word32 inSz, byte* out, word32* outSz); #endif #if defined(HAVE_OID_DECODING) || defined(WOLFSSL_ASN_PRINT) || \ From 16058ce168e3b531d8fb7f9b58b76f611e9a4499 Mon Sep 17 00:00:00 2001 From: Lealem Amedie Date: Wed, 19 Jul 2023 12:01:01 -0600 Subject: [PATCH 11/14] Address review comments --- src/ssl.c | 7 +++--- wolfcrypt/src/asn.c | 53 +++++++++++++++++++++++++-------------------- 2 files changed, 34 insertions(+), 26 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index d4ebe9cc25..de74c34573 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -29370,9 +29370,10 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl) #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ #if defined(OPENSSL_ALL) -/* Returns the oid buffer from the short name or long name of an ASN1_object - * and NULL on failure */ -const byte* wolfSSL_OBJ_txt2oidBuf(char* buf, word32* inOutSz, word32 oidType) + /* Returns the oid buffer from the short name or long name of an ASN1_object + * and NULL on failure */ + const byte* wolfSSL_OBJ_txt2oidBuf(char* buf, word32* inOutSz, + word32 oidType) { word32 oid; int nid; diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index b6051bfc96..1c00e4a784 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -12353,16 +12353,16 @@ static int GenerateDNSEntryIPString(DNS_entry* entry, void* heap) */ static int GenerateDNSEntryRIDString(DNS_entry* entry, void* heap) { - int i, j, ret = 0; - int nameSz; - int tmpSize = MAX_OID_SZ; - int endChar = 0; - int nid = 0; - word32 oid = 0; - word32 idx = 0; + int i, j, ret = 0; + int nameSz = 0; + int numerical = 0; + int nid = 0; + int tmpSize = MAX_OID_SZ; + word32 oid = 0; + word32 idx = 0; word16 tmpName[MAX_OID_SZ]; - char finalName[MAX_OID_SZ]; - char* rid; + char oidName[MAX_OID_SZ]; + char* finalName; if (entry == NULL || entry->type != ASN_RID_TYPE) { return BAD_FUNC_ARG; @@ -12372,30 +12372,30 @@ static int GenerateDNSEntryRIDString(DNS_entry* entry, void* heap) return BAD_FUNC_ARG; } - XMEMSET(&finalName, 0, MAX_OID_SZ); - rid = entry->name; + XMEMSET(&oidName, 0, MAX_OID_SZ); - ret = GetOID((const byte*)rid, &idx, &oid, oidIgnoreType, entry->len); + ret = GetOID((const byte*)entry->name, &idx, &oid, oidIgnoreType, + entry->len); if (ret == 0 && (nid = oid2nid(oid, oidCsrAttrType)) > 0) { - rid = (char*)wolfSSL_OBJ_nid2ln(nid); - XMEMCPY(finalName, rid, XSTRLEN((const char*)rid)); + /* OID has known string value */ + finalName = (char*)wolfSSL_OBJ_nid2ln(nid); } else { /* Decode OBJECT_ID into dotted form array. */ - ret = DecodeObjectId((const byte*)(rid),(word32)entry->len, tmpName, - (word32*)&tmpSize); + ret = DecodeObjectId((const byte*)(entry->name),(word32)entry->len, + tmpName, (word32*)&tmpSize); + numerical = 1; if (ret == 0) { - endChar = 1; j = 0; /* Append each number of dotted form. */ for (i = 0; i < tmpSize; i++) { - ret = XSNPRINTF(finalName + j, MAX_OID_SZ, "%d", tmpName[i]); + ret = XSNPRINTF(oidName + j, MAX_OID_SZ, "%d", tmpName[i]); if (ret >= 0) { j += ret; if (i < tmpSize - 1) { - finalName[j] = '.'; + oidName[j] = '.'; j++; } } @@ -12404,19 +12404,26 @@ static int GenerateDNSEntryRIDString(DNS_entry* entry, void* heap) } } ret = 0; + finalName = oidName; } } if (ret == 0) { nameSz = (int)XSTRLEN((const char*)finalName); - entry->ridString = (char*)XMALLOC(nameSz + endChar, heap, DYNAMIC_TYPE_ALTNAME); + + entry->ridString = (char*)XMALLOC(nameSz + numerical, heap, + DYNAMIC_TYPE_ALTNAME); + if (entry->ridString == NULL) { ret = MEMORY_E; } - XMEMCPY(entry->ridString, finalName, nameSz); - if (endChar) - entry->ridString[nameSz] = '\0'; + if (ret == 0) { + XMEMCPY(entry->ridString, finalName, nameSz); + if (numerical) { + entry->ridString[nameSz] = '\0'; + } + } } return ret; From ec4527c7894db14093164f09cc06e51851a4cf97 Mon Sep 17 00:00:00 2001 From: Lealem Amedie Date: Wed, 19 Jul 2023 16:27:03 -0600 Subject: [PATCH 12/14] address more feedback --- src/ssl.c | 24 ------------------------ 1 file changed, 24 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index de74c34573..0a32f0e1e5 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -26105,7 +26105,6 @@ const WOLFSSL_ObjectInfo wolfssl_object_info[] = { /* oidCertNameType */ { NID_commonName, NID_commonName, oidCertNameType, "CN", "commonName"}, - { NID_surname, NID_surname, oidCertNameType, "SN", "surname"}, { NID_serialNumber, NID_serialNumber, oidCertNameType, "serialNumber", "serialNumber"}, { NID_userId, NID_userId, oidCertNameType, "UID", "userid"}, @@ -29369,29 +29368,6 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl) } #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ -#if defined(OPENSSL_ALL) - /* Returns the oid buffer from the short name or long name of an ASN1_object - * and NULL on failure */ - const byte* wolfSSL_OBJ_txt2oidBuf(char* buf, word32* inOutSz, - word32 oidType) - { - word32 oid; - int nid; - - if (buf == NULL) - return NULL; - - nid = wolfSSL_OBJ_txt2nid(buf); - - if (nid != NID_undef) { - oid = nid2oid(nid, oidType); - return OidFromId(oid, oidType,inOutSz); - } - - return NULL; - } -#endif /* OPENSSL_ALL */ - #if defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) || \ defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(HAVE_STUNNEL) || \ defined(WOLFSSL_NGINX) || defined(HAVE_POCO_LIB) || \ From ec49e6b44deda21f25383f6b364efda91e0b3077 Mon Sep 17 00:00:00 2001 From: Lealem Amedie Date: Wed, 19 Jul 2023 17:10:23 -0600 Subject: [PATCH 13/14] Avoid clash b/n two surname entries --- src/ssl.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/ssl.c b/src/ssl.c index 0a32f0e1e5..16c3adb243 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -26105,6 +26105,9 @@ const WOLFSSL_ObjectInfo wolfssl_object_info[] = { /* oidCertNameType */ { NID_commonName, NID_commonName, oidCertNameType, "CN", "commonName"}, +#if !defined(WOLFSSL_CERT_REQ) + { NID_surname, NID_surname, oidCertNameType, "SN", "surname"}, +#endif { NID_serialNumber, NID_serialNumber, oidCertNameType, "serialNumber", "serialNumber"}, { NID_userId, NID_userId, oidCertNameType, "UID", "userid"}, From 318c95a2c21c116679d2a8b78df51e4ee7df0278 Mon Sep 17 00:00:00 2001 From: Lealem Amedie Date: Fri, 21 Jul 2023 17:13:28 -0600 Subject: [PATCH 14/14] Remove leftover declaration in ssl.h --- wolfssl/ssl.h | 1 - 1 file changed, 1 deletion(-) diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 0f1993e23f..648cdbceef 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -4168,7 +4168,6 @@ WOLFSSL_API size_t wolfSSL_OBJ_length(const WOLFSSL_ASN1_OBJECT* o); WOLFSSL_API const unsigned char* wolfSSL_OBJ_get0_data( const WOLFSSL_ASN1_OBJECT* o); -WOLFSSL_API const byte* wolfSSL_OBJ_txt2oidBuf(char* b, word32* sz, word32 t); WOLFSSL_API const char* wolfSSL_OBJ_nid2ln(int n); WOLFSSL_API int wolfSSL_OBJ_ln2nid(const char *ln); WOLFSSL_API int wolfSSL_OBJ_cmp(const WOLFSSL_ASN1_OBJECT* a,