TLS parser: add handing of UTF8STRING

Some certificate contains UTF8STRING which is a subset of
OCTETSTRING. This patch adds support for this type of string.

diff --git a/src/util-decode-der-get.c b/src/util-decode-der-get.c
index 37cfb2612a743f8905e4a5e91de9c48b9399a190..0da7df7dd25e12bf1712ce3508526dca45eec580 100644 (file)
--- a/src/util-decode-der-get.c
+++ b/src/util-decode-der-get.c
@@ -166,15 +166,24 @@ int Asn1DerGetIssuerDN(const Asn1Generic *cert, char *buffer, uint32_t length)
             goto issuer_dn_error;
         node = node->next;
         node_str = node->data;
-        if (node_str == NULL
-            || !(node_str->type == ASN1_PRINTSTRING
-                 || node_str->type == ASN1_IA5STRING
-                 || node_str->type == ASN1_T61STRING))
+        if (node_str == NULL || node_str->str == NULL)
             goto issuer_dn_error;
 
-        strlcat(buffer, shortname, length);
-        strlcat(buffer, "=", length);
-        strlcat(buffer, node_str->str, length);
+        switch (node_str->type) {
+            case ASN1_PRINTSTRING:
+            case ASN1_IA5STRING:
+            case ASN1_T61STRING:
+            case ASN1_UTF8STRING:
+            case ASN1_OCTETSTRING:
+                strlcat(buffer, shortname, length);
+                strlcat(buffer, "=", length);
+                strlcat(buffer, node_str->str, length);
+                break;
+            default:
+                SCLogInfo("Unsupported 'string' type:'%d'", node_str->type);
+                goto issuer_dn_error;
+        }
+
         if (strcmp(shortname,"CN")==0)
             separator = "/";
         if (it->next != NULL)
@@ -224,21 +233,31 @@ int Asn1DerGetSubjectDN(const Asn1Generic *cert, char *buffer, uint32_t length)
             goto subject_dn_error;
         node = node->next;
         node_str = node->data;
-        if (node_str == NULL
-            || !(node_str->type == ASN1_PRINTSTRING
-                 || node_str->type == ASN1_IA5STRING
-                 || node_str->type == ASN1_T61STRING))
+        if (node_str == NULL || node_str->str == NULL)
             goto subject_dn_error;
 
-        strlcat(buffer, shortname, length);
-        strlcat(buffer, "=", length);
-        strlcat(buffer, node_str->str, length);
+        switch (node_str->type) {
+            case ASN1_PRINTSTRING:
+            case ASN1_IA5STRING:
+            case ASN1_T61STRING:
+            case ASN1_UTF8STRING:
+            case ASN1_OCTETSTRING:
+                strlcat(buffer, shortname, length);
+                strlcat(buffer, "=", length);
+                strlcat(buffer, node_str->str, length);
+                break;
+            default:
+                SCLogInfo("Unsupported 'string' type:'%d'", node_str->type);
+                goto subject_dn_error;
+        }
+
         if (strcmp(shortname,"CN")==0)
             separator = "/";
         if (it->next != NULL)
             strlcat(buffer, separator, length);
         it = it->next;
     }
+    SCLogDebug("read subject:'%s'", buffer);
 
     rc = 0;
 subject_dn_error:

diff --git a/src/util-decode-der.c b/src/util-decode-der.c
index dfbfbce6907ce1d50b182dbbdabadaf1149a610e..8f7974b267972c8796dabeb62562a9788ab2d086 100644 (file)
--- a/src/util-decode-der.c
+++ b/src/util-decode-der.c
@@ -66,6 +66,7 @@ static Asn1Generic * DecodeAsn1DerIA5String(const unsigned char *buffer, uint32_
 static Asn1Generic * DecodeAsn1DerInteger(const unsigned char *buffer, uint32_t size, uint8_t depth);
 static Asn1Generic * DecodeAsn1DerNull(const unsigned char *buffer, uint32_t size, uint8_t depth);
 static Asn1Generic * DecodeAsn1DerOctetString(const unsigned char *buffer, uint32_t size, uint8_t depth);
+static Asn1Generic * DecodeAsn1DerUTF8String(const unsigned char *buffer, uint32_t max_size, uint8_t depth);
 static Asn1Generic * DecodeAsn1DerOid(const unsigned char *buffer, uint32_t size, uint8_t depth);
 static Asn1Generic * DecodeAsn1DerPrintableString(const unsigned char *buffer, uint32_t size, uint8_t depth);
 static Asn1Generic * DecodeAsn1DerSequence(const unsigned char *buffer, uint32_t size, uint8_t depth);
@@ -171,6 +172,9 @@ static Asn1Generic * DecodeAsn1DerGeneric(const unsigned char *buffer, uint32_t
         case ASN1_OCTETSTRING:
             child = DecodeAsn1DerOctetString(d_ptr, el_max_size, depth+1);
             break;
+        case ASN1_UTF8STRING:
+            child = DecodeAsn1DerUTF8String(d_ptr, el_max_size, depth+1);
+            break;
         case ASN1_PRINTSTRING:
             child = DecodeAsn1DerPrintableString(d_ptr, el_max_size, depth+1);
             break;
@@ -514,6 +518,14 @@ static Asn1Generic * DecodeAsn1DerOctetString(const unsigned char *buffer, uint3
     return a;
 }
 
+static Asn1Generic * DecodeAsn1DerUTF8String(const unsigned char *buffer, uint32_t max_size, uint8_t depth)
+{
+    Asn1Generic *a = DecodeAsn1DerOctetString(buffer, max_size, depth);
+    if (a != NULL)
+        a->type = ASN1_UTF8STRING;
+    return a;
+}
+
 static Asn1Generic * DecodeAsn1DerPrintableString(const unsigned char *buffer, uint32_t max_size, uint8_t depth)
 {
     const unsigned char *d_ptr = buffer;

diff --git a/src/util-decode-der.h b/src/util-decode-der.h
index 62bb56ac7c4934207276e21c42d99031c5ca93b2..854f02b97a27192ec9dbf9d927d5c58f136183cd 100644 (file)
--- a/src/util-decode-der.h
+++ b/src/util-decode-der.h
@@ -47,6 +47,7 @@
 #define ASN1_OCTETSTRING 0x04
 #define ASN1_NULL        0x05
 #define ASN1_OID         0x06
+#define ASN1_UTF8STRING  0x0c
 #define ASN1_SEQUENCE    0x10
 #define ASN1_SET         0x11
 #define ASN1_PRINTSTRING 0x13