From 139a192185cef9b5a8977073feffa5b407a8d4f1 Mon Sep 17 00:00:00 2001
From: Juliusz Sosinowicz <juliusz@wolfssl.com>
Date: Fri, 10 Apr 2020 23:02:58 +0200
Subject: [PATCH] Implement wolfSSL_d2i_X509_NAME

---
 configure.ac            |  2 +-
 src/ssl.c               | 36 ++++++++++++++++++++++++++++++++++++
 tests/api.c             |  5 +++++
 wolfcrypt/src/asn.c     |  2 +-
 wolfssl/openssl/ssl.h   |  1 +
 wolfssl/ssl.h           |  3 +++
 wolfssl/wolfcrypt/asn.h |  1 +
 7 files changed, 48 insertions(+), 2 deletions(-)

diff --git a/configure.ac b/configure.ac
index c04a092e6..82954de18 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1406,7 +1406,7 @@ AC_ARG_ENABLE([certgen],
     [ ENABLED_CERTGEN=$enableval ],
     [ ENABLED_CERTGEN=no ]
     )
-if test "$ENABLED_OPENVPN" = "yes"
+if test "$ENABLED_OPENVPN" = "yes" || test "$ENABLED_OPENSSH" = "yes"
 then
     ENABLED_CERTGEN=yes
 fi
diff --git a/src/ssl.c b/src/ssl.c
index 63a0792db..f18c31aae 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -37317,6 +37317,42 @@ static int CopyX509NameToCertName(WOLFSSL_X509_NAME* n, CertName* cName)
 #endif /* WOLFSSL_CERT_GEN */
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
 
+    WOLFSSL_X509_NAME *wolfSSL_d2i_X509_NAME(WOLFSSL_X509_NAME **name,
+                                             unsigned char **in, long length)
+    {
+        WOLFSSL_X509_NAME* tmp = NULL;
+        DecodedCert cert;
+
+        WOLFSSL_ENTER("wolfSSL_d2i_X509_NAME");
+
+        if (!in || !*in || length <= 0) {
+            WOLFSSL_MSG("Bad argument");
+            return NULL;
+        }
+
+        InitDecodedCert(&cert, *in, length, NULL);
+
+        if (GetName(&cert, SUBJECT, length) != 0) {
+            WOLFSSL_MSG("WOLFSSL_X509_NAME parse error");
+            return NULL;
+        }
+
+        if (!(tmp = wolfSSL_X509_NAME_new())) {
+            WOLFSSL_MSG("wolfSSL_X509_NAME_new error");
+            return NULL;
+        }
+
+        XSTRNCPY(tmp->staticName, cert.subject, ASN_NAME_MAX);
+        tmp->staticName[ASN_NAME_MAX - 1] = '\0';
+        tmp->sz = (int)XSTRLEN(tmp->staticName) + 1;
+
+        if (name)
+            *name = tmp;
+
+        return tmp;
+    }
+
+
     /* Compares the two X509 names. If the size of x is larger then y then a
      * positive value is returned if x is smaller a negative value is returned.
      * In the case that the sizes are equal a the value of strcmp between the
diff --git a/tests/api.c b/tests/api.c
index 45c61b6e4..f3fd89a59 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -23033,6 +23033,7 @@ static void test_wolfSSL_X509_NAME(void)
     XFILE f;
     const X509_NAME* a;
     const X509_NAME* b;
+    X509_NAME* d2i_name;
     int sz;
     unsigned char* tmp;
     char file[] = "./certs/ca-cert.der";
@@ -23068,6 +23069,9 @@ static void test_wolfSSL_X509_NAME(void)
         abort();
     }
 
+    tmp = buf;
+    AssertNotNull(d2i_name = d2i_X509_NAME(NULL, &tmp, sz));
+
     /* retry but with the function creating a buffer */
     tmp = NULL;
     AssertIntGT((sz = i2d_X509_NAME((X509_NAME*)b, &tmp)), 0);
@@ -23077,6 +23081,7 @@ static void test_wolfSSL_X509_NAME(void)
     AssertNotNull(b = X509_NAME_dup((X509_NAME*)a));
     AssertIntEQ(X509_NAME_cmp(a, b), 0);
     X509_NAME_free((X509_NAME*)b);
+    X509_NAME_free(d2i_name);
 
     X509_free(x509);
 
diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index 827395c8f..cbff44ddd 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -5550,7 +5550,7 @@ int CalcHashId(const byte* data, word32 len, byte* hash)
 
 /* process NAME, either issuer or subject
  * returns 0 on success and negative values on fail */
-static int GetName(DecodedCert* cert, int nameType, int maxIdx)
+int GetName(DecodedCert* cert, int nameType, int maxIdx)
 {
     int    length;  /* length of all distinguished names */
     int    dummy;
diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h
index 85752502d..24b9d4c9e 100644
--- a/wolfssl/openssl/ssl.h
+++ b/wolfssl/openssl/ssl.h
@@ -449,6 +449,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #define sk_X509_INFO_free               wolfSSL_sk_X509_INFO_free
 
 #define i2d_X509_NAME                   wolfSSL_i2d_X509_NAME
+#define d2i_X509_NAME                   wolfSSL_d2i_X509_NAME
 #define X509_NAME_new                   wolfSSL_X509_NAME_new
 #define X509_NAME_free                  wolfSSL_X509_NAME_free
 #define X509_NAME_dup                   wolfSSL_X509_NAME_dup
diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index 647b2a001..8f233bcd3 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -1318,6 +1318,9 @@ WOLFSSL_API void wolfSSL_X509_STORE_set_verify_cb(WOLFSSL_X509_STORE *st,
                                  WOLFSSL_X509_STORE_CTX_verify_cb verify_cb);
 WOLFSSL_API int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* n,
                                                            unsigned char** out);
+WOLFSSL_API WOLFSSL_X509_NAME *wolfSSL_d2i_X509_NAME(WOLFSSL_X509_NAME **name,
+                                              unsigned char **in, long length);
+WOLFSSL_API
 #ifndef NO_RSA
 WOLFSSL_API int wolfSSL_RSA_print(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa, int offset);
 #endif
diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h
index 877e5dcf7..e37de4ab5 100644
--- a/wolfssl/wolfcrypt/asn.h
+++ b/wolfssl/wolfcrypt/asn.h
@@ -1006,6 +1006,7 @@ struct TrustedPeerCert {
 #endif
 
 WOLFSSL_LOCAL int CalcHashId(const byte* data, word32 len, byte* hash);
+WOLFSSL_LOCAL int GetName(DecodedCert* cert, int nameType, int maxIdx);
 
 WOLFSSL_ASN_API int wc_BerToDer(const byte* ber, word32 berSz, byte* der,
                                 word32* derSz);