fix mbedtls_x509_dn_gets to escape non-ASCII characters

Signed-off-by: Koh M. Nakagawa <tsunekou1019@gmail.com>
This commit is contained in:
Koh M. Nakagawa 2020-05-16 10:08:09 +09:00
parent ee61b6601e
commit 46b8782a72
4 changed files with 30 additions and 1 deletions

View file

@ -0,0 +1,3 @@
Changes
* Fix mbedtls_x509_dn_gets to escape non-ASCII characters as "?".
Contributed by Koh M. Nakagawa in #3326.

View file

@ -787,7 +787,7 @@ int mbedtls_x509_dn_gets( char *buf, size_t size, const mbedtls_x509_name *dn )
break; break;
c = name->val.p[i]; c = name->val.p[i];
if( c < 32 || c == 127 || ( c > 128 && c < 160 ) ) if( c < 32 || c >= 127 )
s[i] = '?'; s[i] = '?';
else s[i] = c; else s[i] = c;
} }

View file

@ -0,0 +1,22 @@
-----BEGIN CERTIFICATE-----
MIIDnTCCAoWgAwIBAgIUBeZT5xt08LXThG0Mbdz6P6RaK+AwDQYJKoZIhvcNAQEL
BQAwXjELMAkGA1UEBhMCSlAxDjAMBgNVBAgMBVRva3lvMR8wHQYDVQQKDBbDo8KD
wobDo8KCwrnDo8KDwoggTHRkMR4wHAYDVQQDDBXDo8KDwobDo8KCwrnDo8KDwogg
Q0EwHhcNMjAwNTIwMTYxNzIzWhcNMjAwNjE5MTYxNzIzWjBeMQswCQYDVQQGEwJK
UDEOMAwGA1UECAwFVG9reW8xHzAdBgNVBAoMFsOjwoPChsOjwoLCucOjwoPCiCBM
dGQxHjAcBgNVBAMMFcOjwoPChsOjwoLCucOjwoPCiCBDQTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAMkh8YszXqyKsEzm5XMpmLd9WL6ba3QDK0uuePTj
Uqt6RYjTHMDdu1T/gRUi15++6VAl2vUEcUKI4Lxarb9TuypsHfWLGDlioC4xo/5X
63fbvIEK6qeluY43v3/dXVLoak4E5C3i9hGpcCVUrawlFKQeuEoNgpxtAy4cA0HV
RhGK6cEddIo9lRksvO1jD2Xmi90+7STRYmyTVkHyj966f3xEr+8/VKcz2mG1PZgw
x2kYwv7JZ0F+vbjU2S1OATCS4lqEPJT0ggotIJCmxdv1XorPbYn3uNjT8Lp/UHgW
+4+K0OxdlD0GS7AxffCcq0ltVeUyHq9s2cG2AiP8603aeAUCAwEAAaNTMFEwHQYD
VR0OBBYEFKT8qVhvMaptyhJMcvz+c3Q0fkzDMB8GA1UdIwQYMBaAFKT8qVhvMapt
yhJMcvz+c3Q0fkzDMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB
AHR6U3p2DdhwdqhY73vAxtdmAML157cYoZSQiEfpp/Kr3MWoBods6VKHS6flv+T3
TEf4G0oyEqKoJk3liIyTvUO5CiwXmiiJlYhQmWkEb3zcYVSSFXKvyEQYKLR3ggD/
C4sCTohfYGB924vI619u6mjnNEBX7yiyZbfJ0uHd7BpOimFVeAos8hJ8Z5T+gESa
Tiv6EJPK+m3vKTK2w45M/xLEmGMrwxEB1IZnRz19in/Iqe5/sfMfEVXJSQ052tuO
GLl6reeMaHlbflB/HyoBRo1xM7Av6zy3TIM55Z3C6ry3pcTH6Y+U7Sz9Lw9MyYCX
b1QAPqg1U0lZZaSNUMsiAjI=
-----END CERTIFICATE-----

View file

@ -174,6 +174,10 @@ X509 CRT information Bitstring in subject name
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
x509_cert_info:"data_files/bitstring-in-dn.pem":"cert. version \: 3\nserial number \: 02\nissuer name \: CN=Test CA 01, ST=Ecnivorp, C=XX, emailAddress=tca@example.com, O=Test CA Authority\nsubject name \: C=XX, O=tca, ST=Ecnivorp, OU=TCA, CN=Client, emailAddress=client@example.com, serialNumber=7101012255, uniqueIdentifier=?7101012255\nissued on \: 2015-03-11 12\:06\:51\nexpires on \: 2025-03-08 12\:06\:51\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name \:\n <unsupported>\next key usage \: TLS Web Client Authentication\n" x509_cert_info:"data_files/bitstring-in-dn.pem":"cert. version \: 3\nserial number \: 02\nissuer name \: CN=Test CA 01, ST=Ecnivorp, C=XX, emailAddress=tca@example.com, O=Test CA Authority\nsubject name \: C=XX, O=tca, ST=Ecnivorp, OU=TCA, CN=Client, emailAddress=client@example.com, serialNumber=7101012255, uniqueIdentifier=?7101012255\nissued on \: 2015-03-11 12\:06\:51\nexpires on \: 2025-03-08 12\:06\:51\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name \:\n <unsupported>\next key usage \: TLS Web Client Authentication\n"
X509 CRT information Non-ASCII string in issuer name and subject name
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
x509_cert_info:"data_files/non-ascii-string-in-issuer.crt":"cert. version \: 3\nserial number \: 05\:E6\:53\:E7\:1B\:74\:F0\:B5\:D3\:84\:6D\:0C\:6D\:DC\:FA\:3F\:A4\:5A\:2B\:E0\nissuer name \: C=JP, ST=Tokyo, O=?????????????????? Ltd, CN=?????????????????? CA\nsubject name \: C=JP, ST=Tokyo, O=?????????????????? Ltd, CN=?????????????????? CA\nissued on \: 2020-05-20 16\:17\:23\nexpires on \: 2020-06-19 16\:17\:23\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\n"
X509 certificate v1 with extension X509 certificate v1 with extension
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3:MBEDTLS_SHA1_C depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3:MBEDTLS_SHA1_C
x509_cert_info:"data_files/cert_v1_with_ext.crt":"cert. version \: 1\nserial number \: BD\:ED\:44\:C7\:D2\:3E\:C2\:A4\nissuer name \: C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=admin@identity-check.org, CN=identity-check.org\nsubject name \: C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=admin@identity-check.org, CN=identity-check.org\nissued on \: 2013-07-04 16\:17\:02\nexpires on \: 2014-07-04 16\:17\:02\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nsubject alt name \:\n dNSName \: identity-check.org\n dNSName \: www.identity-check.org\n <unsupported>\n" x509_cert_info:"data_files/cert_v1_with_ext.crt":"cert. version \: 1\nserial number \: BD\:ED\:44\:C7\:D2\:3E\:C2\:A4\nissuer name \: C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=admin@identity-check.org, CN=identity-check.org\nsubject name \: C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=admin@identity-check.org, CN=identity-check.org\nissued on \: 2013-07-04 16\:17\:02\nexpires on \: 2014-07-04 16\:17\:02\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nsubject alt name \:\n dNSName \: identity-check.org\n dNSName \: www.identity-check.org\n <unsupported>\n"