Add support for id-on-bundleEID from RFC 9174.#10810
Open
kareem-wolfssl wants to merge 1 commit into
Open
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
This PR addresses X.509 SubjectAltName otherName parsing for the RFC 9174 id-on-bundleEID (OID 1.3.6.1.5.5.7.8.11) by teaching the ASN.1 template decoder to accept an IA5String value for that specific otherName type-id, and adds a regression test plus certificate renewal inputs.
Changes:
- Add
BUNDLE_EID_OID(guarded byWOLFSSL_DTN) to the OID-sum table. - Extend
otherNameASN.1 template decoding to accept IA5String for id-on-bundleEID (guarded byWOLFSSL_DTN). - Add a regression test and OpenSSL renewal configuration for a bundleEID-containing DER certificate.
Reviewed changes
Copilot reviewed 8 out of 9 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| wolfssl/wolfcrypt/oid_sum.h | Adds BUNDLE_EID_OID under WOLFSSL_DTN for OID sum matching. |
| wolfcrypt/src/asn.c | Extends OtherName template and decoding logic to handle bundleEID IA5String values under WOLFSSL_DTN. |
| tests/api/test_asn.h | Registers the new regression test declaration and test list entry. |
| tests/api/test_asn.c | Adds a regression test that parses a DER cert containing bundleEID OtherName + dNSName. |
| scripts/asn1_oid_sum.pl | Documents why BUNDLE_EID_OID is maintained manually in oid_sum.h. |
| certs/renewcerts/wolfssl.cnf | Adds an OpenSSL config stanza to generate a SAN with bundleEID OtherName IA5String. |
| certs/renewcerts.sh | Adds renewal steps to generate bundle-eid-cert.der. |
| .wolfssl_known_macro_extras | Adds WOLFSSL_DTN to the known macro extras list. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+1524
to
+1527
| ExpectTrue((f = XFOPEN(bundleEidCert, "rb")) != XBADFILE); | ||
| ExpectIntGT(bytes = (int)XFREAD(buf, 1, sizeof(buf), f), 0); | ||
| if (f != XBADFILE) | ||
| XFCLOSE(f); |
Comment on lines
+18728
to
+18731
| * id-on-bundleEID (RFC 9174, sec 4.4.1), an Other Name whose value is an | ||
| * IA5String holding a Bundle Protocol node/endpoint ID (e.g. "dtn://node/"). | ||
| * Only handled when WOLFSSL_DTN is defined as these OIDs are specific to | ||
| * Delay-Tolerant Networking (DTN) / the Bundle Protocol. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Fixes #10694.
Testing
Built in tests, added test, reproducer from original issue
Checklist