aboutsummaryrefslogtreecommitdiffstats
path: root/src/scripts
diff options
context:
space:
mode:
authorFabian Weissberg <[email protected]>2017-11-29 12:29:56 +0100
committerFabian Weissberg <[email protected]>2017-12-20 13:32:51 +0100
commit02e756dba4c1001b790c3496049f40ebfe89539b (patch)
tree30f36cd1faa600dd61f7ffbf6d699d4fefafe127 /src/scripts
parent2918801d97ccdad5327320ee29bdc2cf666fb08a (diff)
Fix various x509 path validation bugs + path building with ambiguous DNs
Signed-off-by: Fabian Weissberg <[email protected]>
Diffstat (limited to 'src/scripts')
-rwxr-xr-xsrc/scripts/oids.py86
1 files changed, 84 insertions, 2 deletions
diff --git a/src/scripts/oids.py b/src/scripts/oids.py
index 5e53decf7..7a6caa368 100755
--- a/src/scripts/oids.py
+++ b/src/scripts/oids.py
@@ -2,6 +2,7 @@
"""
(C) 2016 Jack Lloyd
+(C) 2017 Fabian Weissberg, Rohde & Schwarz Cybersecurity
Botan is released under the Simplified BSD License (see license.txt)
"""
@@ -125,17 +126,89 @@ OID lookup(const std::string& name)
""" % (sys.argv[0], datetime.date.today().strftime("%Y-%m-%d"),
format_if(oid2str,"oid_str"), format_if(str2oid, "name", True))
+
+def format_dn_ub_map(dn_ub, oid2str):
+ s = ''
+ for k in sorted(dn_ub.keys()):
+ v = dn_ub[k]
+
+ s += ' { Botan::OID("%s"), %s }, // %s\n' % (k,v,oid2str[k])
+
+ # delete last ',' and \n
+ idx = s.rfind(',')
+ if idx != -1:
+ s = s[:idx] + s[idx+1:-1]
+
+ return s
+
+
+def format_dn_ub_as_map(dn_ub, oid2str):
+ return """/*
+* DN_UB maps: Upper bounds on the length of DN strings
+*
+* This file was automatically generated by %s on %s
+*
+* All manual edits to this file will be lost. Edit the script
+* then regenerate this source file.
+*
+* Botan is released under the Simplified BSD License (see license.txt)
+*/
+
+#include <botan/asn1_oid.h>
+#include <botan/x509_dn_ub.h>
+#include <map>
+#include <stdint.h>
+
+namespace {
+/**
+ * Upper bounds for the length of distinguished name fields as given in RFC 5280, Appendix A.
+ * Only OIDS recognized by botan are considered, so far.
+ * Maps OID string representations instead of human readable strings in order
+ * to avoid an additional lookup.
+ */
+static const std::map<Botan::OID, size_t> DN_UB =
+ {
+%s
+ };
+}
+
+namespace Botan {
+
+size_t lookup_ub(const OID& oid)
+ {
+ auto ub_entry = DN_UB.find(oid);
+ if(ub_entry != DN_UB.end())
+ {
+ return ub_entry->second;
+ }
+ else
+ {
+ return SIZE_MAX;
+ }
+ }
+}
+""" % (sys.argv[0], datetime.date.today().strftime("%Y-%m-%d"),
+ format_dn_ub_map(dn_ub,oid2str))
+
def main(args = None):
+ """ Print header files (oids.cpp, dn_ub.cpp) depending on the first argument and on srs/build-data/oids.txt
+
+ Choose 'oids' to print oids.cpp, needs to be written to src/lib/asn1/oids.cpp
+ Choose 'dn_ub' to print dn_ub.cpp, needs to be written to src/lib/x509/X509_dn_ub.cpp
+ """
if args is None:
args = sys.argv
+ if len(args) < 2:
+ raise Exception("Use either 'oids' or 'dn_ub' as first argument")
oid_lines = open('src/build-data/oids.txt').readlines()
- oid_re = re.compile("^([1-9][0-9.]+) = ([A-Za-z0-9_\./\(\), -]+)$")
+ oid_re = re.compile("^([1-9][0-9.]+) = ([A-Za-z0-9_\./\(\), -]+)(?: = )?([0-9]+)?$")
hdr_re = re.compile("^\[([a-z0-9_]+)\]$")
oid2str = {}
str2oid = {}
+ dn_ub = {}
cur_hdr = None
for line in oid_lines:
@@ -164,6 +237,12 @@ def main(args = None):
else:
oid2str[oid] = nam
+ # parse upper bounds for DNs
+ if cur_hdr == "dn":
+ if match.lastindex < 3:
+ raise Exception("Could not find an upper bound for DN " + match.group(1))
+ dn_ub[oid] = match.group(3)
+
if nam in str2oid:
#print "Duplicated name", nam, oid, str2oid[nam]
#str2oid[nam] = oid
@@ -171,7 +250,10 @@ def main(args = None):
else:
str2oid[nam] = oid
- print format_as_ifs(oid2str, str2oid)
+ if args[1] == "oids":
+ print format_as_ifs(oid2str, str2oid)
+ elif args[1] == "dn_ub":
+ print format_dn_ub_as_map(dn_ub,oid2str)
if __name__ == '__main__':