mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-29 08:34:19 +01:00
Support escaping of commas in x509_string_to_names()
This commit is contained in:
parent
333fdeca3a
commit
8dcb2d7d7e
@ -1,5 +1,9 @@
|
|||||||
PolarSSL ChangeLog (Sorted per branch, date)
|
PolarSSL ChangeLog (Sorted per branch, date)
|
||||||
|
|
||||||
|
= 1.3 branch
|
||||||
|
Bugfix
|
||||||
|
* Support escaping of commas in x509_string_to_names()
|
||||||
|
|
||||||
= PolarSSL 1.3.8 released 2014-07-11
|
= PolarSSL 1.3.8 released 2014-07-11
|
||||||
Security
|
Security
|
||||||
* Fix length checking for AEAD ciphersuites (found by Codenomicon).
|
* Fix length checking for AEAD ciphersuites (found by Codenomicon).
|
||||||
|
@ -143,6 +143,8 @@
|
|||||||
#define X509_FORMAT_DER 1
|
#define X509_FORMAT_DER 1
|
||||||
#define X509_FORMAT_PEM 2
|
#define X509_FORMAT_PEM 2
|
||||||
|
|
||||||
|
#define X509_MAX_DN_NAME_SIZE 256 /**< Maximum value size of a DN entry */
|
||||||
|
|
||||||
#ifdef __cplusplus
|
#ifdef __cplusplus
|
||||||
extern "C" {
|
extern "C" {
|
||||||
#endif
|
#endif
|
||||||
|
@ -750,7 +750,7 @@ int x509_dn_gets( char *buf, size_t size, const x509_name *dn )
|
|||||||
unsigned char c;
|
unsigned char c;
|
||||||
const x509_name *name;
|
const x509_name *name;
|
||||||
const char *short_name = NULL;
|
const char *short_name = NULL;
|
||||||
char s[128], *p;
|
char s[X509_MAX_DN_NAME_SIZE], *p;
|
||||||
|
|
||||||
memset( s, 0, sizeof( s ) );
|
memset( s, 0, sizeof( s ) );
|
||||||
|
|
||||||
|
@ -100,6 +100,8 @@ int x509_string_to_names( asn1_named_data **head, const char *name )
|
|||||||
const char *end = s + strlen( s );
|
const char *end = s + strlen( s );
|
||||||
const char *oid = NULL;
|
const char *oid = NULL;
|
||||||
int in_tag = 1;
|
int in_tag = 1;
|
||||||
|
char data[X509_MAX_DN_NAME_SIZE];
|
||||||
|
char *d = data;
|
||||||
|
|
||||||
/* Clear existing chain if present */
|
/* Clear existing chain if present */
|
||||||
asn1_free_named_data_list( head );
|
asn1_free_named_data_list( head );
|
||||||
@ -116,13 +118,25 @@ int x509_string_to_names( asn1_named_data **head, const char *name )
|
|||||||
|
|
||||||
s = c + 1;
|
s = c + 1;
|
||||||
in_tag = 0;
|
in_tag = 0;
|
||||||
|
d = data;
|
||||||
}
|
}
|
||||||
|
|
||||||
if( !in_tag && ( *c == ',' || c == end ) )
|
if( !in_tag && *c == '\\' && c != end )
|
||||||
|
{
|
||||||
|
c++;
|
||||||
|
|
||||||
|
/* Check for valid escaped characters */
|
||||||
|
if( c == end || *c != ',' )
|
||||||
|
{
|
||||||
|
ret = POLARSSL_ERR_X509_INVALID_NAME;
|
||||||
|
goto exit;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else if( !in_tag && ( *c == ',' || c == end ) )
|
||||||
{
|
{
|
||||||
if( asn1_store_named_data( head, oid, strlen( oid ),
|
if( asn1_store_named_data( head, oid, strlen( oid ),
|
||||||
(unsigned char *) s,
|
(unsigned char *) data,
|
||||||
c - s ) == NULL )
|
d - data ) == NULL )
|
||||||
{
|
{
|
||||||
return( POLARSSL_ERR_X509_MALLOC_FAILED );
|
return( POLARSSL_ERR_X509_MALLOC_FAILED );
|
||||||
}
|
}
|
||||||
@ -133,6 +147,18 @@ int x509_string_to_names( asn1_named_data **head, const char *name )
|
|||||||
s = c + 1;
|
s = c + 1;
|
||||||
in_tag = 1;
|
in_tag = 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if( !in_tag && s != c + 1 )
|
||||||
|
{
|
||||||
|
*(d++) = *c;
|
||||||
|
|
||||||
|
if( d - data == X509_MAX_DN_NAME_SIZE )
|
||||||
|
{
|
||||||
|
ret = POLARSSL_ERR_X509_INVALID_NAME;
|
||||||
|
goto exit;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
c++;
|
c++;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -57,3 +57,21 @@ x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1
|
|||||||
Certificate write check Server1 SHA1, version 1
|
Certificate write check Server1 SHA1, version 1
|
||||||
depends_on:POLARSSL_SHA1_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15:POLARSSL_DES_C:POLARSSL_CIPHER_MODE_CBC:POLARSSL_MD5_C
|
depends_on:POLARSSL_SHA1_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15:POLARSSL_DES_C:POLARSSL_CIPHER_MODE_CBC:POLARSSL_MD5_C
|
||||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":POLARSSL_MD_SHA1:0:0:X509_CRT_VERSION_1:"data_files/server1.v1.crt"
|
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":POLARSSL_MD_SHA1:0:0:X509_CRT_VERSION_1:"data_files/server1.v1.crt"
|
||||||
|
|
||||||
|
X509 String to Names #1
|
||||||
|
x509_string_to_names:"C=NL,O=Offspark\, Inc., OU=PolarSSL":"C=NL, O=Offspark, Inc., OU=PolarSSL":0
|
||||||
|
|
||||||
|
X509 String to Names #2
|
||||||
|
x509_string_to_names:"C=NL, O=Offspark, Inc., OU=PolarSSL":"":POLARSSL_ERR_X509_UNKNOWN_OID
|
||||||
|
|
||||||
|
X509 String to Names #3 (Name precisely 255 bytes)
|
||||||
|
x509_string_to_names:"C=NL, O=123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345,OU=PolarSSL":"C=NL, O=123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345, OU=PolarSSL":0
|
||||||
|
|
||||||
|
X509 String to Names #4 (Name larger than 255 bytes)
|
||||||
|
x509_string_to_names:"C=NL, O=1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456, OU=PolarSSL":"":POLARSSL_ERR_X509_INVALID_NAME
|
||||||
|
|
||||||
|
X509 String to Names #5 (Escape non-allowed characters)
|
||||||
|
x509_string_to_names:"C=NL, O=Offspark\a Inc., OU=PolarSSL":"":POLARSSL_ERR_X509_INVALID_NAME
|
||||||
|
|
||||||
|
X509 String to Names #6 (Escape at end)
|
||||||
|
x509_string_to_names:"C=NL, O=Offspark\":"":POLARSSL_ERR_X509_INVALID_NAME
|
||||||
|
@ -132,3 +132,47 @@ exit:
|
|||||||
mpi_free( &serial );
|
mpi_free( &serial );
|
||||||
}
|
}
|
||||||
/* END_CASE */
|
/* END_CASE */
|
||||||
|
|
||||||
|
/* BEGIN_CASE depends_on:POLARSSL_X509_CREATE_C:POLARSSL_X509_USE_C */
|
||||||
|
void x509_string_to_names( char *name, char *parsed_name, int result )
|
||||||
|
{
|
||||||
|
int ret;
|
||||||
|
size_t len = 0;
|
||||||
|
asn1_named_data *names = NULL;
|
||||||
|
x509_name parsed, *parsed_cur, *parsed_prv;
|
||||||
|
unsigned char buf[2048], *c;
|
||||||
|
|
||||||
|
memset( &parsed, 0, sizeof( parsed ) );
|
||||||
|
memset( buf, 0, sizeof( buf ) );
|
||||||
|
c = buf + sizeof( buf );
|
||||||
|
|
||||||
|
ret = x509_string_to_names( &names, name );
|
||||||
|
TEST_ASSERT( ret == result );
|
||||||
|
|
||||||
|
if( ret != 0 )
|
||||||
|
goto exit;
|
||||||
|
|
||||||
|
ret = x509_write_names( &c, buf, names );
|
||||||
|
TEST_ASSERT( ret > 0 );
|
||||||
|
|
||||||
|
TEST_ASSERT( asn1_get_tag( &c, buf + sizeof( buf ), &len,
|
||||||
|
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) == 0 );
|
||||||
|
TEST_ASSERT( x509_get_name( &c, buf + sizeof( buf ), &parsed ) == 0 );
|
||||||
|
|
||||||
|
ret = x509_dn_gets( (char *) buf, sizeof( buf ), &parsed );
|
||||||
|
TEST_ASSERT( ret > 0 );
|
||||||
|
|
||||||
|
TEST_ASSERT( strcmp( (char *) buf, parsed_name ) == 0 );
|
||||||
|
|
||||||
|
exit:
|
||||||
|
asn1_free_named_data_list( &names );
|
||||||
|
|
||||||
|
parsed_cur = parsed.next;
|
||||||
|
while( parsed_cur != 0 )
|
||||||
|
{
|
||||||
|
parsed_prv = parsed_cur;
|
||||||
|
parsed_cur = parsed_cur->next;
|
||||||
|
polarssl_free( parsed_prv );
|
||||||
|
}
|
||||||
|
}
|
||||||
|
/* END_CASE */
|
||||||
|
Loading…
Reference in New Issue
Block a user