diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-05-10 10:44:57 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-05-10 10:44:57 +0200 |
commit | 1641ea943079765d601cf418dc2c89c1c93f0ecf (patch) | |
tree | 912c3dbac353be23054d2169947cd0d03b21c854 | |
parent | ada28bc73cc78e3b974e7b7faf9f19722d6ee152 (diff) | |
download | gnutls-1641ea943079765d601cf418dc2c89c1c93f0ecf.tar.gz |
x509: allow empty DNs on parsing for subject DNs
-rw-r--r-- | lib/x509/crl.c | 2 | ||||
-rw-r--r-- | lib/x509/crq.c | 2 | ||||
-rw-r--r-- | lib/x509/dn.c | 12 | ||||
-rw-r--r-- | lib/x509/ocsp.c | 4 | ||||
-rw-r--r-- | lib/x509/x509.c | 4 | ||||
-rw-r--r-- | lib/x509/x509_int.h | 2 |
6 files changed, 16 insertions, 10 deletions
diff --git a/lib/x509/crl.c b/lib/x509/crl.c index 5f20a75051..483b6e8d96 100644 --- a/lib/x509/crl.c +++ b/lib/x509/crl.c @@ -210,7 +210,7 @@ gnutls_x509_crl_get_issuer_dn(const gnutls_x509_crl_t crl, char *buf, return _gnutls_x509_parse_dn(crl->crl, "tbsCertList.issuer.rdnSequence", - buf, sizeof_buf); + buf, sizeof_buf, 0); } /** diff --git a/lib/x509/crq.c b/lib/x509/crq.c index b3a04e7b47..faf6443bb5 100644 --- a/lib/x509/crq.c +++ b/lib/x509/crq.c @@ -269,7 +269,7 @@ gnutls_x509_crq_get_dn(gnutls_x509_crq_t crq, char *buf, size_t * buf_size) return _gnutls_x509_parse_dn(crq->crq, "certificationRequestInfo.subject.rdnSequence", - buf, buf_size); + buf, buf_size, 1); } /** diff --git a/lib/x509/dn.c b/lib/x509/dn.c index 5e6242698c..5e0b7026ff 100644 --- a/lib/x509/dn.c +++ b/lib/x509/dn.c @@ -227,7 +227,7 @@ _gnutls_x509_get_dn(ASN1_TYPE asn1_struct, int _gnutls_x509_parse_dn(ASN1_TYPE asn1_struct, const char *asn1_rdn_name, char *buf, - size_t * buf_size) + size_t * buf_size, unsigned allow_empty) { int ret; gnutls_datum_t dn = {NULL, 0}; @@ -243,8 +243,14 @@ _gnutls_x509_parse_dn(ASN1_TYPE asn1_struct, *buf_size = 0; ret = _gnutls_x509_get_dn(asn1_struct, asn1_rdn_name, &dn); - if (ret < 0) + if (ret < 0) { + if (allow_empty && ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { + gnutls_assert(); + *buf_size = 0; + return 0; + } return gnutls_assert_val(ret); + } if (dn.size >= (unsigned int) *buf_size) { gnutls_assert(); @@ -864,7 +870,7 @@ gnutls_x509_rdn_get(const gnutls_datum_t * idn, return _gnutls_asn2err(result); } - result = _gnutls_x509_parse_dn(dn, "rdnSequence", buf, buf_size); + result = _gnutls_x509_parse_dn(dn, "rdnSequence", buf, buf_size, 0); asn1_delete_structure(&dn); return result; diff --git a/lib/x509/ocsp.c b/lib/x509/ocsp.c index 92db9b6aad..b52b94f915 100644 --- a/lib/x509/ocsp.c +++ b/lib/x509/ocsp.c @@ -1123,7 +1123,7 @@ gnutls_ocsp_resp_get_responder(gnutls_ocsp_resp_t resp, ret = _gnutls_x509_parse_dn (resp->basicresp, "tbsResponseData.responderID.byName", - NULL, &l); + NULL, &l, 0); if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER) { if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) return 0; /* for backwards compatibility */ @@ -1139,7 +1139,7 @@ gnutls_ocsp_resp_get_responder(gnutls_ocsp_resp_t resp, ret = _gnutls_x509_parse_dn (resp->basicresp, "tbsResponseData.responderID.byName", - (char *) dn->data, &l); + (char *) dn->data, &l, 0); if (ret != GNUTLS_E_SUCCESS) { gnutls_assert(); return ret; diff --git a/lib/x509/x509.c b/lib/x509/x509.c index 8d76f0df8d..ef27a68d38 100644 --- a/lib/x509/x509.c +++ b/lib/x509/x509.c @@ -496,7 +496,7 @@ gnutls_x509_crt_get_issuer_dn(gnutls_x509_crt_t cert, char *buf, return _gnutls_x509_parse_dn(cert->cert, "tbsCertificate.issuer.rdnSequence", - buf, buf_size); + buf, buf_size, 0); } /** @@ -640,7 +640,7 @@ gnutls_x509_crt_get_dn(gnutls_x509_crt_t cert, char *buf, return _gnutls_x509_parse_dn(cert->cert, "tbsCertificate.subject.rdnSequence", - buf, buf_size); + buf, buf_size, 1); } /** diff --git a/lib/x509/x509_int.h b/lib/x509/x509_int.h index 2c275f4b45..31475f0678 100644 --- a/lib/x509/x509_int.h +++ b/lib/x509/x509_int.h @@ -160,7 +160,7 @@ int _gnutls_x509_pkix_sign(ASN1_TYPE src, const char *src_name, int _gnutls_x509_parse_dn(ASN1_TYPE asn1_struct, const char *asn1_rdn_name, char *buf, - size_t * sizeof_buf); + size_t * sizeof_buf, unsigned allow_empty); int _gnutls_x509_get_dn(ASN1_TYPE asn1_struct, |