diff options
author | Fabian Weissberg <[email protected]> | 2017-11-29 12:29:56 +0100 |
---|---|---|
committer | Fabian Weissberg <[email protected]> | 2017-12-20 13:32:51 +0100 |
commit | 02e756dba4c1001b790c3496049f40ebfe89539b (patch) | |
tree | 30f36cd1faa600dd61f7ffbf6d699d4fefafe127 /src/scripts | |
parent | 2918801d97ccdad5327320ee29bdc2cf666fb08a (diff) |
Fix various x509 path validation bugs + path building with ambiguous DNs
Signed-off-by: Fabian Weissberg <[email protected]>
Diffstat (limited to 'src/scripts')
-rwxr-xr-x | src/scripts/oids.py | 86 |
1 files changed, 84 insertions, 2 deletions
diff --git a/src/scripts/oids.py b/src/scripts/oids.py index 5e53decf7..7a6caa368 100755 --- a/src/scripts/oids.py +++ b/src/scripts/oids.py @@ -2,6 +2,7 @@ """ (C) 2016 Jack Lloyd +(C) 2017 Fabian Weissberg, Rohde & Schwarz Cybersecurity Botan is released under the Simplified BSD License (see license.txt) """ @@ -125,17 +126,89 @@ OID lookup(const std::string& name) """ % (sys.argv[0], datetime.date.today().strftime("%Y-%m-%d"), format_if(oid2str,"oid_str"), format_if(str2oid, "name", True)) + +def format_dn_ub_map(dn_ub, oid2str): + s = '' + for k in sorted(dn_ub.keys()): + v = dn_ub[k] + + s += ' { Botan::OID("%s"), %s }, // %s\n' % (k,v,oid2str[k]) + + # delete last ',' and \n + idx = s.rfind(',') + if idx != -1: + s = s[:idx] + s[idx+1:-1] + + return s + + +def format_dn_ub_as_map(dn_ub, oid2str): + return """/* +* DN_UB maps: Upper bounds on the length of DN strings +* +* This file was automatically generated by %s on %s +* +* All manual edits to this file will be lost. Edit the script +* then regenerate this source file. +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#include <botan/asn1_oid.h> +#include <botan/x509_dn_ub.h> +#include <map> +#include <stdint.h> + +namespace { +/** + * Upper bounds for the length of distinguished name fields as given in RFC 5280, Appendix A. + * Only OIDS recognized by botan are considered, so far. + * Maps OID string representations instead of human readable strings in order + * to avoid an additional lookup. + */ +static const std::map<Botan::OID, size_t> DN_UB = + { +%s + }; +} + +namespace Botan { + +size_t lookup_ub(const OID& oid) + { + auto ub_entry = DN_UB.find(oid); + if(ub_entry != DN_UB.end()) + { + return ub_entry->second; + } + else + { + return SIZE_MAX; + } + } +} +""" % (sys.argv[0], datetime.date.today().strftime("%Y-%m-%d"), + format_dn_ub_map(dn_ub,oid2str)) + def main(args = None): + """ Print header files (oids.cpp, dn_ub.cpp) depending on the first argument and on srs/build-data/oids.txt + + Choose 'oids' to print oids.cpp, needs to be written to src/lib/asn1/oids.cpp + Choose 'dn_ub' to print dn_ub.cpp, needs to be written to src/lib/x509/X509_dn_ub.cpp + """ if args is None: args = sys.argv + if len(args) < 2: + raise Exception("Use either 'oids' or 'dn_ub' as first argument") oid_lines = open('src/build-data/oids.txt').readlines() - oid_re = re.compile("^([1-9][0-9.]+) = ([A-Za-z0-9_\./\(\), -]+)$") + oid_re = re.compile("^([1-9][0-9.]+) = ([A-Za-z0-9_\./\(\), -]+)(?: = )?([0-9]+)?$") hdr_re = re.compile("^\[([a-z0-9_]+)\]$") oid2str = {} str2oid = {} + dn_ub = {} cur_hdr = None for line in oid_lines: @@ -164,6 +237,12 @@ def main(args = None): else: oid2str[oid] = nam + # parse upper bounds for DNs + if cur_hdr == "dn": + if match.lastindex < 3: + raise Exception("Could not find an upper bound for DN " + match.group(1)) + dn_ub[oid] = match.group(3) + if nam in str2oid: #print "Duplicated name", nam, oid, str2oid[nam] #str2oid[nam] = oid @@ -171,7 +250,10 @@ def main(args = None): else: str2oid[nam] = oid - print format_as_ifs(oid2str, str2oid) + if args[1] == "oids": + print format_as_ifs(oid2str, str2oid) + elif args[1] == "dn_ub": + print format_dn_ub_as_map(dn_ub,oid2str) if __name__ == '__main__': |