diff --git a/src/internal.c b/src/internal.c index 8ff822793..0144abb27 100644 --- a/src/internal.c +++ b/src/internal.c @@ -3331,12 +3331,9 @@ void InitX509Name(WOLFSSL_X509_NAME* name, int dynamicFlag) name->dynamicName = 0; name->sz = 0; #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) - XMEMSET(&name->fullName, 0, sizeof(DecodedName)); - XMEMSET(&name->cnEntry, 0, sizeof(WOLFSSL_X509_NAME_ENTRY)); - XMEMSET(&name->extra, 0, sizeof(name->extra)); - name->cnEntry.value = &(name->cnEntry.data); /* point to internal data*/ - name->cnEntry.nid = ASN_COMMON_NAME; + XMEMSET(&name->entry, 0, sizeof(name->entry)); name->x509 = NULL; + name->entrySz = 0; #endif /* OPENSSL_EXTRA */ } } @@ -3352,17 +3349,13 @@ void FreeX509Name(WOLFSSL_X509_NAME* name, void* heap) #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) { int i; - if (name->fullName.fullName != NULL) { - XFREE(name->fullName.fullName, heap, DYNAMIC_TYPE_X509); - name->fullName.fullName = NULL; - } for (i = 0; i < MAX_NAME_ENTRIES; i++) { /* free ASN1 string data */ - if (name->extra[i].set && name->extra[i].data.data != NULL) { - XFREE(name->extra[i].data.data, heap, DYNAMIC_TYPE_OPENSSL); + if (name->entry[i].set && name->entry[i].data.data != NULL) { + wolfSSL_ASN1_OBJECT_free(&name->entry[i].object); + XFREE(name->entry[i].data.data, heap, DYNAMIC_TYPE_OPENSSL); } } - wolfSSL_ASN1_OBJECT_free(&name->cnEntry.object); } #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ } @@ -9519,33 +9512,20 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) x509->issuer.name[ASN_NAME_MAX - 1] = '\0'; x509->issuer.sz = (int)XSTRLEN(x509->issuer.name) + 1; #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) - if (dCert->issuerName.fullName != NULL) { - XMEMCPY(&x509->issuer.fullName, - &dCert->issuerName, sizeof(DecodedName)); - x509->issuer.fullName.fullName = (char*)XMALLOC( - dCert->issuerName.fullNameLen, x509->heap, - DYNAMIC_TYPE_X509); - if (x509->issuer.fullName.fullName != NULL) - XMEMCPY(x509->issuer.fullName.fullName, - dCert->issuerName.fullName, dCert->issuerName.fullNameLen); + if (dCert->issuerName != NULL) { + wolfSSL_X509_set_issuer_name(x509, dCert->issuerName); + x509->issuer.x509 = x509; } - x509->issuer.x509 = x509; #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ XSTRNCPY(x509->subject.name, dCert->subject, ASN_NAME_MAX); x509->subject.name[ASN_NAME_MAX - 1] = '\0'; x509->subject.sz = (int)XSTRLEN(x509->subject.name) + 1; #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) - if (dCert->subjectName.fullName != NULL) { - XMEMCPY(&x509->subject.fullName, - &dCert->subjectName, sizeof(DecodedName)); - x509->subject.fullName.fullName = (char*)XMALLOC( - dCert->subjectName.fullNameLen, x509->heap, DYNAMIC_TYPE_X509); - if (x509->subject.fullName.fullName != NULL) - XMEMCPY(x509->subject.fullName.fullName, - dCert->subjectName.fullName, dCert->subjectName.fullNameLen); + if (dCert->subjectName != NULL) { + wolfSSL_X509_set_subject_name(x509, dCert->subjectName); + x509->subject.x509 = x509; } - x509->subject.x509 = x509; #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) x509->subject.rawLen = min(dCert->subjectRawLen, sizeof(x509->subject.raw)); diff --git a/src/ssl.c b/src/ssl.c index a27b09d16..5901b6efb 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -17249,13 +17249,13 @@ char* wolfSSL_X509_get_name_oneline(WOLFSSL_X509_NAME* name, char* in, int sz) /* Get name entry and size */ entry = wolfSSL_X509_NAME_get_entry(name, i); if (entry == NULL) { - WOLFSSL_MSG("X509_NAME_get_entry failed"); + WOLFSSL_MSG("wolfSSL_X509_NAME_get_entry failed"); return NULL; } nameSz = wolfSSL_X509_NAME_get_text_by_NID(name, entry->nid, buf, sizeof(buf)); if (nameSz < 0) { - WOLFSSL_MSG("X509_NAME_get_text_by_NID failed"); + WOLFSSL_MSG("wolfSSL_X509_NAME_get_text_by_NID failed"); return NULL; } @@ -19826,8 +19826,37 @@ int wolfSSL_X509_get_signature_type(WOLFSSL_X509* x509) #if defined(OPENSSL_EXTRA_X509_SMALL) +/* Searches for the first ENTRY of type NID + * idx is the location to start searching from, the value at when the entry was + * found is stored into idx + * returns a pointer to the entry on success and null on fail */ +static WOLFSSL_X509_NAME_ENTRY* GetEntryByNID(WOLFSSL_X509_NAME* name, int nid, + int* idx) +{ + int i; + WOLFSSL_X509_NAME_ENTRY* ret = NULL; + + /* and index of less than 0 is assumed to be starting from 0 */ + if (*idx < 0) { + *idx = 0; + } + + for (i = *idx; i < MAX_NAME_ENTRIES; i++) { + if (name->entry[i].nid == nid) { + ret = &name->entry[i]; + *idx = i; + break; + } + } + return ret; +} + + /* Used to get a string from the WOLFSSL_X509_NAME structure that - * corresponds with the NID value passed in. + * corresponds with the NID value passed in. This finds the first entry with + * matching NID value, if searching for the case where there is multiple + * entries with the same NID value than other functions should be used + * (i.e. wolfSSL_X509_NAME_get_index_by_NID, wolfSSL_X509_NAME_get_entry) * * name structure to get string from * nid NID value to search for @@ -19843,65 +19872,34 @@ int wolfSSL_X509_get_signature_type(WOLFSSL_X509* x509) int wolfSSL_X509_NAME_get_text_by_NID(WOLFSSL_X509_NAME* name, int nid, char* buf, int len) { - char *text = NULL; + WOLFSSL_X509_NAME_ENTRY* e; + unsigned char *text = NULL; int textSz = 0; + int idx = 0; WOLFSSL_ENTER("wolfSSL_X509_NAME_get_text_by_NID"); - switch (nid) { - case ASN_COMMON_NAME: - text = name->fullName.fullName + name->fullName.cnIdx; - textSz = name->fullName.cnLen; - break; - case ASN_SUR_NAME: - text = name->fullName.fullName + name->fullName.snIdx; - textSz = name->fullName.snLen; - break; - case ASN_SERIAL_NUMBER: - text = name->fullName.fullName + name->fullName.serialIdx; - textSz = name->fullName.serialLen; - break; - case ASN_COUNTRY_NAME: - text = name->fullName.fullName + name->fullName.cIdx; - textSz = name->fullName.cLen; - break; - case ASN_LOCALITY_NAME: - text = name->fullName.fullName + name->fullName.lIdx; - textSz = name->fullName.lLen; - break; - case ASN_STATE_NAME: - text = name->fullName.fullName + name->fullName.stIdx; - textSz = name->fullName.stLen; - break; - case ASN_ORG_NAME: - text = name->fullName.fullName + name->fullName.oIdx; - textSz = name->fullName.oLen; - break; - case ASN_ORGUNIT_NAME: - text = name->fullName.fullName + name->fullName.ouIdx; - textSz = name->fullName.ouLen; - break; - case ASN_DOMAIN_COMPONENT: - text = name->fullName.fullName + name->fullName.dcIdx[0]; - textSz = name->fullName.dcLen[0]; - break; - case NID_emailAddress: - text = name->fullName.fullName + name->fullName.emailIdx; - textSz = name->fullName.emailLen; - break; - #ifdef WOLFSSL_CERT_EXT - case ASN_BUS_CAT: - text = name->fullName.fullName + name->fullName.bcIdx; - textSz = name->fullName.bcLen; - break; - #endif - default: - WOLFSSL_MSG("Entry type not found"); - return WOLFSSL_FATAL_ERROR; + if (name == NULL) { + WOLFSSL_MSG("NULL argument passed in"); + return WOLFSSL_FATAL_ERROR; + } + + e = GetEntryByNID(name, nid, &idx); + if (e == NULL) { + WOLFSSL_MSG("Entry type not found"); + return WOLFSSL_FATAL_ERROR; + } + text = wolfSSL_ASN1_STRING_data(e->value); + textSz = wolfSSL_ASN1_STRING_length(e->value); + + if (text == NULL) { + WOLFSSL_MSG("Unable to get entry text"); + return WOLFSSL_FATAL_ERROR; } /* if buf is NULL return size of buffer needed (minus null char) */ if (buf == NULL) { + WOLFSSL_MSG("Buffer is NULL, returning buffer size only"); return textSz; } @@ -20262,6 +20260,7 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b) } + /* returns the number of entries in the WOLFSSL_X509_NAME */ int wolfSSL_X509_NAME_entry_count(WOLFSSL_X509_NAME* name) { int count = 0; @@ -20269,7 +20268,7 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b) WOLFSSL_ENTER("wolfSSL_X509_NAME_entry_count"); if (name != NULL) - count = name->fullName.locSz; + count = name->entrySz; WOLFSSL_LEAVE("wolfSSL_X509_NAME_entry_count", count); return count; @@ -20278,6 +20277,9 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b) #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) + /* Looks up the index of the first entry encountered with matching NID + * The search starts from index 'pos' + * returns a negative value on failure and positive index value on success*/ int wolfSSL_X509_NAME_get_index_by_NID(WOLFSSL_X509_NAME* name, int nid, int pos) { @@ -20285,22 +20287,17 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b) WOLFSSL_ENTER("wolfSSL_X509_NAME_get_index_by_NID"); - if (name == NULL || pos >= DN_NAMES_MAX + DOMAIN_COMPONENT_MAX) { + if (name == NULL) { return BAD_FUNC_ARG; } - if (value == NID_emailAddress) { - value = ASN_EMAIL_NAME; - } - i = pos + 1; /* start search after index passed in */ if (i < 0) { i = 0; } - for (;i < name->fullName.locSz && - i < DN_NAMES_MAX + DOMAIN_COMPONENT_MAX; i++) { - if (name->fullName.loc[i] == value) { + for (;i < name->entrySz && i < MAX_NAME_ENTRIES; i++) { + if (name->entry[i].nid == value) { return i; } } @@ -36409,15 +36406,6 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) } } XMEMCPY(copy->name, name->name, name->sz); - #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ - !defined(NO_ASN) - if (!(copy->fullName.fullName = (char*)XMALLOC(name->fullName.fullNameLen, - 0, DYNAMIC_TYPE_OPENSSL))) { - goto err; - } - XMEMCPY(copy->fullName.fullName, name->fullName.fullName, - name->fullName.fullNameLen); - #endif return copy; @@ -36427,180 +36415,174 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) XFREE(copy->name, 0, DYNAMIC_TYPE_OPENSSL); copy->name = NULL; } - #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ - !defined(NO_ASN) - if (copy->fullName.fullName && - copy->fullName.fullName != name->fullName.fullName) { - XFREE(copy->fullName.fullName, 0, DYNAMIC_TYPE_OPENSSL); - copy->fullName.fullName = NULL; - } - #endif wolfSSL_X509_NAME_free(copy); } return NULL; } #if defined(WOLFSSL_CERT_GEN) - /* helper function for CopyX509NameToCertName() - * - * returns WOLFSSL_SUCCESS on success - */ - static int CopyX509NameEntry(char* out, int mx, char* in, int inLen) - { - if (inLen > mx) { - WOLFSSL_MSG("Name too long"); - XMEMCPY(out, in, mx); - } - else { - XMEMCPY(out, in, inLen); - out[inLen] = '\0'; - } - /* make sure is null terminated */ - out[mx-1] = '\0'; +/* helper function for CopyX509NameToCertName() + * + * returns WOLFSSL_SUCCESS on success + */ +static int CopyX509NameEntry(char* out, int mx, WOLFSSL_X509_NAME* name, + int nid, byte* transfered) +{ + int inLen = 0; + unsigned char* in = NULL; + int i; - return WOLFSSL_SUCCESS; + if (nid == ASN_COUNTRY_NAME) + nid = NID_countryName; + if (nid == ASN_EMAIL_NAME) + nid = NID_emailAddress; + + for (i = 0; i < MAX_NAME_ENTRIES; i++) { + if (name->entry[i].set && name->entry[i].nid == nid) { + in = wolfSSL_ASN1_STRING_data(name->entry[i].value); + inLen = wolfSSL_ASN1_STRING_length(name->entry[i].value); + transfered[i] = 1; + break; + } } - - /* Helper function to copy cert name from a WOLFSSL_X509_NAME structure to - * a CertName structure. - * - * returns WOLFSSL_SUCCESS on success and a negative error value on failure - */ - static int CopyX509NameToCertName(WOLFSSL_X509_NAME* n, CertName* cName) - { - DecodedName* dn = NULL; - - if (n == NULL || cName == NULL) { - return BAD_FUNC_ARG; - } - - dn = &(n->fullName); - - /* initialize cert name */ - cName->country[0] = '\0'; - cName->countryEnc = CTC_PRINTABLE; - cName->state[0] = '\0'; - cName->stateEnc = CTC_UTF8; - cName->locality[0] = '\0'; - cName->localityEnc = CTC_UTF8; - cName->sur[0] = '\0'; - cName->surEnc = CTC_UTF8; - cName->org[0] = '\0'; - cName->orgEnc = CTC_UTF8; - cName->unit[0] = '\0'; - cName->unitEnc = CTC_UTF8; - cName->commonName[0] = '\0'; - cName->commonNameEnc = CTC_UTF8; - cName->serialDev[0] = '\0'; - cName->serialDevEnc = CTC_PRINTABLE; - #ifdef WOLFSSL_CERT_EXT - cName->busCat[0] = '\0'; - cName->busCatEnc = CTC_UTF8; - cName->joiC[0] = '\0'; - cName->joiCEnc = CTC_PRINTABLE; - cName->joiSt[0] = '\0'; - cName->joiStEnc = CTC_PRINTABLE; - #endif - cName->email[0] = '\0'; - - - /* ASN_COUNTRY_NAME */ - WOLFSSL_MSG("Copy Country Name"); - if (CopyX509NameEntry(cName->country, CTC_NAME_SIZE, dn->fullName + dn->cIdx, - dn->cLen) != SSL_SUCCESS) { - return BUFFER_E; - } - - /* ASN_ORGUNIT_NAME */ - WOLFSSL_MSG("Copy Org Unit Name"); - if (CopyX509NameEntry(cName->unit, CTC_NAME_SIZE, dn->fullName + dn->ouIdx, - dn->ouLen) != SSL_SUCCESS) { - return BUFFER_E; - } - - /* ASN_ORG_NAME */ - WOLFSSL_MSG("Copy Org Name"); - if (CopyX509NameEntry(cName->org, CTC_NAME_SIZE, dn->fullName + dn->oIdx, - dn->oLen) != SSL_SUCCESS) { - return BUFFER_E; - } - - /* ASN_STATE_NAME */ - WOLFSSL_MSG("Copy State Name"); - if (CopyX509NameEntry(cName->state, CTC_NAME_SIZE, dn->fullName + dn->stIdx, - dn->stLen) != SSL_SUCCESS) { - return BUFFER_E; - } - - /* ASN_LOCALITY_NAME */ - WOLFSSL_MSG("Copy Locality Name"); - if (CopyX509NameEntry(cName->locality, CTC_NAME_SIZE, - dn->fullName + dn->lIdx, dn->lLen) - != SSL_SUCCESS) { - return BUFFER_E; - } - - /* ASN_SUR_NAME */ - WOLFSSL_MSG("Copy Sur Name"); - if (CopyX509NameEntry(cName->sur, CTC_NAME_SIZE, dn->fullName + dn->snIdx, - dn->snLen) != SSL_SUCCESS) { - return BUFFER_E; - } - - /* ASN_COMMON_NAME */ - WOLFSSL_MSG("Copy Common Name"); - if (CopyX509NameEntry(cName->commonName, CTC_NAME_SIZE, - dn->fullName + dn->cnIdx, dn->cnLen) - != SSL_SUCCESS) { - return BUFFER_E; - } - - /* ASN_SERIAL_NUMBER */ - WOLFSSL_MSG("Copy Serial Number of Device"); - if (CopyX509NameEntry(cName->serialDev, CTC_NAME_SIZE, - dn->fullName + dn->serialIdx, dn->serialLen) - != SSL_SUCCESS) { - return BUFFER_E; - } - - #ifdef WOLFSSL_CERT_EXT - /* ASN_BUS_CAT */ - WOLFSSL_MSG("Copy Business Category"); - if (CopyX509NameEntry(cName->busCat, CTC_NAME_SIZE, - dn->fullName + dn->bcIdx, dn->bcLen) - != SSL_SUCCESS) { - return BUFFER_E; - } - - /* JoI Country */ - WOLFSSL_MSG("Copy Jurisdiction of Incorporation Country"); - if (CopyX509NameEntry(cName->joiC, CTC_NAME_SIZE, - dn->fullName + dn->jcIdx, dn->jcLen) - != SSL_SUCCESS) { - return BUFFER_E; - } - - /* JoI State */ - WOLFSSL_MSG("Copy Jurisdiction of Incorporation State"); - if (CopyX509NameEntry(cName->joiSt, CTC_NAME_SIZE, - dn->fullName + dn->jsIdx, dn->jsLen) - != SSL_SUCCESS) { - return BUFFER_E; - } - #endif - - WOLFSSL_MSG("Copy Email"); - if (CopyX509NameEntry(cName->email, CTC_NAME_SIZE, - dn->fullName + dn->emailIdx, dn->emailLen) - != SSL_SUCCESS) { - return BUFFER_E; - } - - return WOLFSSL_SUCCESS; + if (in == NULL) { + /* entry type not found */ + return WOLFSSL_FAILURE; } + if (inLen > mx) { + WOLFSSL_MSG("Name too long"); + XMEMCPY(out, in, mx); + } + else { + XMEMCPY(out, in, inLen); + out[inLen] = '\0'; + } + + /* make sure is null terminated */ + out[mx-1] = '\0'; + + return WOLFSSL_SUCCESS; +} + + +#ifdef WOLFSSL_MULTI_ATTRIB +/* Converts from NID_* value to wolfSSL value if needed */ +static int ConvertNIDToWolfSSL(int nid) +{ + switch (nid) { + case NID_commonName : return ASN_COMMON_NAME; + case NID_surname : return ASN_SUR_NAME; + case NID_countryName: return ASN_COUNTRY_NAME; + case NID_localityName: return ASN_LOCALITY_NAME; + case NID_stateOrProvinceName: return ASN_STATE_NAME; + case NID_organizationName: return ASN_ORG_NAME; + case NID_organizationalUnitName: return ASN_ORGUNIT_NAME; + case NID_emailAddress: return ASN_EMAIL_NAME; + case NID_serialNumber: return ASN_SERIAL_NUMBER; + case NID_businessCategory: return ASN_BUS_CAT; + case NID_domainComponent: return ASN_DOMAIN_COMPONENT; + default: + WOLFSSL_MSG("Attribute NID not found"); + return -1; + } +} +#endif /* WOLFSSL_MULTI_ATTRIB */ + + +/* Helper function to copy cert name from a WOLFSSL_X509_NAME structure to + * a CertName structure. + * + * returns WOLFSSL_SUCCESS on success and a negative error value on failure + */ +static int CopyX509NameToCertName(WOLFSSL_X509_NAME* n, CertName* cName) +{ + int idx = 0; +#ifdef WOLFSSL_MULTI_ATTRIB + int i, j = 0; +#endif + int count = 0; + const char* current; + byte transferred[MAX_NAME_ENTRIES] = {0}; + + if (n == NULL || cName == NULL) { + return BAD_FUNC_ARG; + } + + /* initialize cert name */ + cName->country[0] = '\0'; + cName->countryEnc = CTC_PRINTABLE; + cName->state[0] = '\0'; + cName->stateEnc = CTC_UTF8; + cName->locality[0] = '\0'; + cName->localityEnc = CTC_UTF8; + cName->sur[0] = '\0'; + cName->surEnc = CTC_UTF8; + cName->org[0] = '\0'; + cName->orgEnc = CTC_UTF8; + cName->unit[0] = '\0'; + cName->unitEnc = CTC_UTF8; + cName->commonName[0] = '\0'; + cName->commonNameEnc = CTC_UTF8; + cName->serialDev[0] = '\0'; + cName->serialDevEnc = CTC_PRINTABLE; +#ifdef WOLFSSL_CERT_EXT + cName->busCat[0] = '\0'; + cName->busCatEnc = CTC_UTF8; + cName->joiC[0] = '\0'; + cName->joiCEnc = CTC_PRINTABLE; + cName->joiSt[0] = '\0'; + cName->joiStEnc = CTC_PRINTABLE; +#endif + cName->email[0] = '\0'; + + current = GetOneCertName(cName, idx); + while (current != NULL) { + if (CopyX509NameEntry((char*)current, CTC_NAME_SIZE, n, + GetCertNameId(idx), transferred) == SSL_SUCCESS) { + count++; + } + + idx++; + current = GetOneCertName(cName, idx); + } + +#ifdef WOLFSSL_MULTI_ATTRIB + /* copy over multiple entries */ + idx = wolfSSL_X509_NAME_entry_count(n); + for (i = 0; i < MAX_NAME_ENTRIES && count < idx; i++) { + /* entry is set but was not yet transferred over */ + if (n->entry[i].set && transferred[i] == 0) { + unsigned char* data; + int length; + + WOLFSSL_X509_NAME_ENTRY* e = &n->entry[i]; + + data = wolfSSL_ASN1_STRING_data(e->value); + length = wolfSSL_ASN1_STRING_length(e->value); + + if (j >= CTC_MAX_ATTRIB) { + WOLFSSL_MSG("No more space left in CertName"); + break; + } + + cName->name[j].sz = length; + cName->name[j].type = CTC_UTF8; + cName->name[j].id = ConvertNIDToWolfSSL(e->nid); + XMEMCPY(cName->name[j].value, data, length); + + j++; + count++; + } + + } +#endif /* WOLFSSL_MULTI_ATTRIB */ + + return WOLFSSL_SUCCESS; +} + #ifdef WOLFSSL_CERT_REQ static int ReqCertFromX509(Cert* cert, WOLFSSL_X509* req) { @@ -37923,6 +37905,7 @@ err: } } ne->nid = nid; + wolfSSL_OBJ_nid2obj_ex(nid, &ne->object); ne->value = wolfSSL_ASN1_STRING_type_new(type); if (ne->value != NULL) { wolfSSL_ASN1_STRING_set(ne->value, (const void*)data, dataSz); @@ -37942,53 +37925,94 @@ err: WOLFSSL_ENTER("wolfSSL_X509_NAME_ENTRY_create_by_NID()"); - ne = wolfSSL_X509_NAME_ENTRY_new(); - if (ne == NULL) { - return NULL; + if (out == NULL || *out == NULL) { + ne = wolfSSL_X509_NAME_ENTRY_new(); + if (ne == NULL) { + return NULL; + } + if (out != NULL) { + *out = ne; + } + } + else { + ne = *out; } ne->nid = nid; + wolfSSL_OBJ_nid2obj_ex(nid, &ne->object); ne->value = wolfSSL_ASN1_STRING_type_new(type); - wolfSSL_ASN1_STRING_set(ne->value, (const void*)data, dataSz); - ne->set = 1; - - if (out != NULL) { - *out = ne; + if (ne->value != NULL) { + wolfSSL_ASN1_STRING_set(ne->value, (const void*)data, dataSz); + ne->set = 1; } return ne; } - static int RebuildFullNameAdd(DecodedName* dName, char* data) + /* add all entry of type "nid" to the buffer "fullName" and advance "idx" + * since number of entries is small, a brute force search is used here + * returns the number of entries added + */ + static int AddAllEntry(WOLFSSL_X509_NAME* name, char* fullName, + int fullNameSz, int* idx) + { + int i; + int ret = 0; + + for (i = 0; i < MAX_NAME_ENTRIES; i++) { + if (name->entry[i].set) { + WOLFSSL_X509_NAME_ENTRY* e; + WOLFSSL_ASN1_OBJECT* obj; + + int sz; + unsigned char* data; + + e = &name->entry[i]; + obj = wolfSSL_X509_NAME_ENTRY_get_object(e); + + XMEMCPY(fullName + *idx, "/", 1); *idx = *idx + 1; + sz = (int)XSTRLEN(obj->sName); + XMEMCPY(fullName + *idx, obj->sName, sz); + *idx += sz; + XMEMCPY(fullName + *idx, "=", 1); *idx = *idx + 1; + + data = wolfSSL_ASN1_STRING_data(e->value); + sz = (int)XSTRLEN((const char*)data); + XMEMCPY(fullName + *idx, data, sz); + *idx += sz; + + ret++; + } + } + (void)fullNameSz; + return ret; + } + + + /* Converts a list of entries in WOLFSSL_X509_NAME struct into a string + * returns 0 on success */ + static int RebuildFullName(WOLFSSL_X509_NAME* name) { int totalLen = 0; int i; char* fullName; int idx; + int entryCount = 0; - if (dName->cnLen != 0) - totalLen += dName->cnLen + 4; - if (dName->snLen != 0) - totalLen += dName->snLen + 4; - if (dName->cLen != 0) - totalLen += dName->cLen + 3; - if (dName->lLen != 0) - totalLen += dName->lLen + 3; - if (dName->stLen != 0) - totalLen += dName->stLen + 4; - if (dName->oLen != 0) - totalLen += dName->oLen + 3; - if (dName->ouLen != 0) - totalLen += dName->ouLen + 4; - if (dName->emailLen != 0) - totalLen += dName->emailLen + 14; - if (dName->uidLen != 0) - totalLen += dName->uidLen + 5; - if (dName->serialLen != 0) - totalLen += dName->serialLen + 14; - if (dName->dcNum != 0) { - for (i = 0; i < dName->dcNum; i++) - totalLen += dName->dcLen[i] + 4; + if (name == NULL) + return BAD_FUNC_ARG; + + for (i = 0; i < MAX_NAME_ENTRIES; i++) { + if (name->entry[i].set) { + WOLFSSL_X509_NAME_ENTRY* e; + WOLFSSL_ASN1_OBJECT* obj; + + e = &name->entry[i]; + obj = wolfSSL_X509_NAME_ENTRY_get_object(e); + + totalLen += XSTRLEN(obj->sName) + 2; /* +2 for '/' and '=' */ + totalLen += wolfSSL_ASN1_STRING_length(e->value); + } } fullName = (char*)XMALLOC(totalLen + 1, NULL, DYNAMIC_TYPE_X509); @@ -37996,153 +38020,17 @@ err: return MEMORY_E; idx = 0; - dName->entryCount = 0; - if (dName->cnLen != 0) { - dName->entryCount++; - XMEMCPY(fullName + idx, WOLFSSL_COMMON_NAME, 4); - idx += 4; - if (dName->cnIdx == -1) - XMEMCPY(fullName + idx, data, dName->cnLen); - else { - XMEMCPY(fullName + idx, dName->fullName + dName->cnIdx, - dName->cnLen); - } - dName->cnIdx = idx; - idx += dName->cnLen; - } - if (dName->snLen != 0) { - dName->entryCount++; - XMEMCPY(fullName + idx, WOLFSSL_SUR_NAME, 4); - idx += 4; - if (dName->snIdx == -1) - XMEMCPY(fullName + idx, data, dName->snLen); - else { - XMEMCPY(fullName + idx, dName->fullName + dName->snIdx, - dName->snLen); - } - dName->snIdx = idx; - idx += dName->snLen; - } - if (dName->cLen != 0) { - dName->entryCount++; - XMEMCPY(fullName + idx, WOLFSSL_COUNTRY_NAME, 3); - idx += 3; - if (dName->cIdx == -1) - XMEMCPY(fullName + idx, data, dName->cLen); - else { - XMEMCPY(fullName + idx, dName->fullName + dName->cIdx, - dName->cLen); - } - dName->cIdx = idx; - idx += dName->cLen; - } - if (dName->lLen != 0) { - dName->entryCount++; - XMEMCPY(fullName + idx, WOLFSSL_LOCALITY_NAME, 3); - idx += 3; - if (dName->lIdx == -1) - XMEMCPY(fullName + idx, data, dName->lLen); - else { - XMEMCPY(fullName + idx, dName->fullName + dName->lIdx, - dName->lLen); - } - dName->lIdx = idx; - idx += dName->lLen; - } - if (dName->stLen != 0) { - dName->entryCount++; - XMEMCPY(fullName + idx, WOLFSSL_STATE_NAME, 4); - idx += 4; - if (dName->stIdx == -1) - XMEMCPY(fullName + idx, data, dName->stLen); - else { - XMEMCPY(fullName + idx, dName->fullName + dName->stIdx, - dName->stLen); - } - dName->stIdx = idx; - idx += dName->stLen; - } - if (dName->oLen != 0) { - dName->entryCount++; - XMEMCPY(fullName + idx, WOLFSSL_ORG_NAME, 3); - idx += 3; - if (dName->oIdx == -1) - XMEMCPY(fullName + idx, data, dName->oLen); - else { - XMEMCPY(fullName + idx, dName->fullName + dName->oIdx, - dName->oLen); - } - dName->oIdx = idx; - idx += dName->oLen; - } - if (dName->ouLen != 0) { - dName->entryCount++; - XMEMCPY(fullName + idx, WOLFSSL_ORGUNIT_NAME, 4); - idx += 4; - if (dName->ouIdx == -1) - XMEMCPY(fullName + idx, data, dName->ouLen); - else { - XMEMCPY(fullName + idx, dName->fullName + dName->ouIdx, - dName->ouLen); - } - dName->ouIdx = idx; - idx += dName->ouLen; - } - if (dName->emailLen != 0) { - dName->entryCount++; - XMEMCPY(fullName + idx, "/emailAddress=", 14); - idx += 14; - if (dName->emailIdx == -1) - XMEMCPY(fullName + idx, data, dName->emailLen); - else { - XMEMCPY(fullName + idx, dName->fullName + dName->emailIdx, - dName->emailLen); - } - dName->emailIdx = idx; - idx += dName->emailLen; - } - if (dName->dcNum != 0) { - for (i = 0; i < dName->dcNum; i++) { - dName->entryCount++; - XMEMCPY(fullName + idx, WOLFSSL_DOMAIN_COMPONENT, 4); - idx += 4; - XMEMCPY(fullName + idx, dName->fullName + dName->dcIdx[i], - dName->dcLen[i]); - dName->dcIdx[i] = idx; - idx += dName->dcLen[i]; - } - } - if (dName->uidLen != 0) { - dName->entryCount++; - XMEMCPY(fullName + idx, "/UID=", 5); - idx += 5; - if (dName->uidIdx == -1) - XMEMCPY(fullName + idx, data, dName->uidLen); - else { - XMEMCPY(fullName + idx, dName->fullName + dName->uidIdx, - dName->uidLen); - } - dName->uidIdx = idx; - idx += dName->uidLen; - } - if (dName->serialLen != 0) { - dName->entryCount++; - XMEMCPY(fullName + idx, WOLFSSL_SERIAL_NUMBER, 14); - idx += 14; - if (dName->serialIdx == -1) - XMEMCPY(fullName + idx, data, dName->serialLen); - else { - XMEMCPY(fullName + idx, dName->fullName + dName->serialIdx, - dName->serialLen); - } - dName->serialIdx = idx; - idx += dName->serialLen; - } + entryCount = 0; + entryCount += AddAllEntry(name, fullName, totalLen, &idx); - if (dName->fullName != NULL) - XFREE(dName->fullName, NULL, DYNAMIC_TYPE_X509); - dName->fullName = fullName; - dName->fullNameLen = idx + 1; + if (name->dynamicName) { + XFREE(name->name, NULL, DYNAMIC_TYPE_X509); + } + fullName[idx] = '\0'; + name->name = fullName; + name->dynamicName = 1; + name->sz = idx + 1; /* size includes null terminator */ + name->entrySz = entryCount; return 0; } @@ -38153,136 +38041,65 @@ err: int wolfSSL_X509_NAME_add_entry(WOLFSSL_X509_NAME* name, WOLFSSL_X509_NAME_ENTRY* entry, int idx, int set) { + WOLFSSL_X509_NAME_ENTRY* current = NULL; int i; - int fullName = 1; WOLFSSL_ENTER("wolfSSL_X509_NAME_add_entry()"); - switch (entry->nid) { - case ASN_COMMON_NAME: - name->fullName.cnIdx = -1; - name->fullName.cnLen = entry->value->length; - name->fullName.cnNid = entry->nid; - break; - case ASN_SUR_NAME: - name->fullName.snIdx = -1; - name->fullName.snLen = entry->value->length; - name->fullName.snNid = entry->nid; - break; - case ASN_SERIAL_NUMBER: - name->fullName.serialIdx = -1; - name->fullName.serialLen = entry->value->length; - name->fullName.serialNid = entry->nid; - break; - case ASN_COUNTRY_NAME: - name->fullName.cIdx = -1; - name->fullName.cLen = entry->value->length; - name->fullName.cNid = entry->nid; - break; - case ASN_LOCALITY_NAME: - name->fullName.lIdx = -1; - name->fullName.lLen = entry->value->length; - name->fullName.lNid = entry->nid; - break; - case ASN_STATE_NAME: - name->fullName.stIdx = -1; - name->fullName.stLen = entry->value->length; - name->fullName.stNid = entry->nid; - break; - case ASN_ORG_NAME: - name->fullName.oIdx = -1; - name->fullName.oLen = entry->value->length; - name->fullName.oNid = entry->nid; - break; - case ASN_ORGUNIT_NAME: - name->fullName.ouIdx = -1; - name->fullName.ouLen = entry->value->length; - name->fullName.ouNid = entry->nid; - break; - case NID_emailAddress: - name->fullName.emailIdx = -1; - name->fullName.emailLen = entry->value->length; - name->fullName.emailNid = entry->nid; - break; - case ASN_USER_ID: - name->fullName.uidIdx = -1; - name->fullName.uidLen = entry->value->length; - name->fullName.uidNid = entry->nid; - break; - case ASN_DOMAIN_COMPONENT: - name->fullName.dcIdx[0] = -1; - name->fullName.dcLen[0] = entry->value->length; - break; - default: - fullName = 0; - break; + if (name == NULL || entry == NULL) { + WOLFSSL_MSG("NULL argument passed in"); + return WOLFSSL_FAILURE; } - if (fullName) { - int nid = entry->nid; + if (idx >= 0) { + /* place in specific index */ - if (nid == NID_emailAddress) { - nid = (int)ASN_EMAIL_NAME; - } - - if (idx >= DN_NAMES_MAX + DOMAIN_COMPONENT_MAX) { + if (idx >= MAX_NAME_ENTRIES) { + WOLFSSL_MSG("Error index to insert entry is larger than array"); return WOLFSSL_FAILURE; } - - if (idx >= 0) { - name->fullName.loc[idx] = nid; - if (idx == name->fullName.locSz) { - name->fullName.locSz += 1; - } - } - - /* place at end */ - if (idx < 0 && name->fullName.locSz + 1 - < DN_NAMES_MAX + DOMAIN_COMPONENT_MAX) { - name->fullName.loc[name->fullName.locSz] = nid; - name->fullName.locSz += 1; - } - - if (RebuildFullNameAdd(&name->fullName, entry->value->data) != 0) - return WOLFSSL_FAILURE; + i = idx; } else { + /* iterate through and find first open spot */ for (i = 0; i < MAX_NAME_ENTRIES; i++) { - if (name->extra[i].set != 1) { /* not set so overwritten */ - WOLFSSL_X509_NAME_ENTRY* current = &(name->extra[i]); - WOLFSSL_ASN1_STRING* str; - + if (name->entry[i].set != 1) { /* not set so overwritten */ WOLFSSL_MSG("Found place for name entry"); - - XMEMCPY(current, entry, sizeof(WOLFSSL_X509_NAME_ENTRY)); - str = entry->value; - XMEMCPY(&(current->data), str, sizeof(WOLFSSL_ASN1_STRING)); - current->value = &(current->data); - current->data.data = (char*)XMALLOC(str->length, - name->x509->heap, DYNAMIC_TYPE_OPENSSL); - - if (current->data.data == NULL) { - return SSL_FAILURE; - } - XMEMCPY(current->data.data, str->data, str->length); - - /* make sure is null terminated */ - current->data.data[str->length - 1] = '\0'; - - current->set = 1; /* make sure now listed as set */ break; } } if (i == MAX_NAME_ENTRIES) { WOLFSSL_MSG("No spot found for name entry"); - return SSL_FAILURE; + return WOLFSSL_FAILURE; } } - (void)idx; + if (wolfSSL_ASN1_STRING_length(entry->value) == 0) { + WOLFSSL_MSG("Entry to add was empty"); + return WOLFSSL_FAILURE; + } + + current = &(name->entry[i]); + if (current->set == 0) + name->entrySz++; + if (wolfSSL_X509_NAME_ENTRY_create_by_NID(¤t, + entry->nid, + wolfSSL_ASN1_STRING_type(entry->value), + wolfSSL_ASN1_STRING_data(entry->value), + wolfSSL_ASN1_STRING_length(entry->value)) + == NULL) { + WOLFSSL_MSG("Issue adding the name entry"); + if (current->set == 0) + name->entrySz--; + return WOLFSSL_FAILURE; + } + + if (RebuildFullName(name) != 0) + return WOLFSSL_FAILURE; + (void)set; - return SSL_SUCCESS; + return WOLFSSL_SUCCESS; } int wolfSSL_X509_NAME_add_entry_by_txt(WOLFSSL_X509_NAME *name, @@ -38300,8 +38117,10 @@ err: if (name == NULL || field == NULL) return WOLFSSL_FAILURE; - if ((nid = wolfSSL_OBJ_txt2nid(field)) == NID_undef) + if ((nid = wolfSSL_OBJ_txt2nid(field)) == NID_undef) { + WOLFSSL_MSG("Unable convert text to NID"); return WOLFSSL_FAILURE; + } entry = wolfSSL_X509_NAME_ENTRY_create_by_NID(NULL, nid, type, (unsigned char*)bytes, len); @@ -38541,55 +38360,26 @@ err: #endif /* OPENSSL_EXTRA */ #if defined(OPENSSL_EXTRA) && !defined(NO_ASN) - /* DN_Tags to strings */ - static const struct DN_Tag_Strings { - enum DN_Tags tag; - const char* str; - } dn_tag_strings[] = { - { ASN_COMMON_NAME, "CN" }, - { ASN_SUR_NAME, "SN" }, - { ASN_SERIAL_NUMBER, "serialNumber" }, - { ASN_COUNTRY_NAME, "C" }, - { ASN_LOCALITY_NAME, "L" }, - { ASN_STATE_NAME, "ST" }, - { ASN_ORG_NAME, "O"}, - { ASN_ORGUNIT_NAME, "OU"}, - { ASN_BUS_CAT, "businessCategory"}, - { ASN_EMAIL_NAME, "emailAddress"}, - { ASN_USER_ID, "UID"}, - { ASN_DOMAIN_COMPONENT, "DC"}, - { ASN_DN_NULL, NULL } - }; - int wolfSSL_X509_NAME_get_index_by_OBJ(WOLFSSL_X509_NAME *name, const WOLFSSL_ASN1_OBJECT *obj, int idx) { - const struct DN_Tag_Strings* dn; - enum DN_Tags tag = ASN_DN_NULL; - - if (!name || idx >= name->fullName.locSz || + if (!name || idx >= MAX_NAME_ENTRIES || !obj || !obj->obj) { return -1; } if (idx < 0) { - idx = 0; + idx = -1; } - for (dn = dn_tag_strings; dn->str != NULL; dn++) { - /* Find the DN_Tags number for the name */ - if (XSTRNCMP((const char*) obj->sName, dn->str, obj->objSz - 1) == 0) { - tag = dn->tag; - break; - } - } - if (!tag) { - /* Unable to identify desired name */ - return -1; - } - for (idx++; idx < name->fullName.locSz; idx++) { + + for (idx++; idx < MAX_NAME_ENTRIES; idx++) { /* Find index of desired name */ - if ((enum DN_Tags)name->fullName.loc[idx] == tag) { - return idx; + if (name->entry[idx].set) { + if (XSTRLEN(obj->sName) == XSTRLEN(name->entry[idx].object.sName) && + XSTRNCMP((const char*) obj->sName, + name->entry[idx].object.sName, obj->objSz - 1) == 0) { + return idx; + } } } return -1; @@ -39058,12 +38848,14 @@ err: /* try as a short name */ len = (int)XSTRLEN(s); - if (XSTRNCMP(wolfssl_object_info[i].sName, s, len) == 0) { + if ((int)XSTRLEN(wolfssl_object_info[i].sName) == len && + XSTRNCMP(wolfssl_object_info[i].sName, s, len) == 0) { return wolfssl_object_info[i].nid; } /* try as a long name */ - if (XSTRNCMP(wolfssl_object_info[i].lName, s, len) == 0) { + if ((int)XSTRLEN(wolfssl_object_info[i].lName) == len && + XSTRNCMP(wolfssl_object_info[i].lName, s, len) == 0) { return wolfssl_object_info[i].nid; } } @@ -39166,116 +38958,8 @@ err: #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) - /* looks up the DN given the location "loc". "loc" is the number indicating - * the order that the DN was parsed as, 0 is first DN parsed. - * - * returns the setup WOLFSSL_X509_NAME pointer on success and NULL on fail - */ - static WOLFSSL_X509_NAME* wolfSSL_nameByLoc(WOLFSSL_X509_NAME *name, int loc) - { - char* pt = NULL; - int sz = 0; - - switch (name->fullName.loc[loc]) - { - case ASN_COMMON_NAME: - sz = name->fullName.cnLen; - pt = &name->fullName.fullName[name->fullName.cnIdx]; - name->cnEntry.nid = name->fullName.cnNid; - break; - case ASN_COUNTRY_NAME: - sz = name->fullName.cLen; - pt = &name->fullName.fullName[name->fullName.cIdx]; - name->cnEntry.nid = name->fullName.cNid; - break; - case ASN_LOCALITY_NAME: - sz = name->fullName.lLen; - pt = &name->fullName.fullName[name->fullName.lIdx]; - name->cnEntry.nid = name->fullName.lNid; - break; - case ASN_STATE_NAME: - sz = name->fullName.stLen; - pt = &name->fullName.fullName[name->fullName.stIdx]; - name->cnEntry.nid = name->fullName.stNid; - break; - case ASN_ORG_NAME: - sz = name->fullName.oLen; - pt = &name->fullName.fullName[name->fullName.oIdx]; - name->cnEntry.nid = name->fullName.oNid; - break; - case ASN_ORGUNIT_NAME: - sz = name->fullName.ouLen; - pt = &name->fullName.fullName[name->fullName.ouIdx]; - name->cnEntry.nid = name->fullName.ouNid; - break; - case ASN_EMAIL_NAME: - sz = name->fullName.emailLen; - pt = &name->fullName.fullName[name->fullName.emailIdx]; - name->cnEntry.nid = name->fullName.emailNid; - break; - case ASN_SUR_NAME: - sz = name->fullName.snLen; - pt = &name->fullName.fullName[name->fullName.snIdx]; - name->cnEntry.nid = name->fullName.snNid; - break; - case ASN_USER_ID: - sz = name->fullName.uidLen; - pt = &name->fullName.fullName[name->fullName.uidIdx]; - name->cnEntry.nid = name->fullName.uidNid; - break; - case ASN_SERIAL_NUMBER: - sz = name->fullName.serialLen; - pt = &name->fullName.fullName[name->fullName.serialIdx]; - name->cnEntry.nid = name->fullName.serialNid; - break; -#ifdef WOLFSSL_CERT_EXT - case ASN_BUS_CAT: - sz = name->fullName.bcLen; - pt = &name->fullName.fullName[name->fullName.bcIdx]; - break; -#endif - - case ASN_DOMAIN_COMPONENT: - /* get index of DC i.e. first or second or ... case */ - { - int idx = 0, i; - for (i = 0; i < loc; i++) { - if (name->fullName.loc[i] == ASN_DOMAIN_COMPONENT) { - idx++; - } - } - - /* check that index is not larger than max buffer size or larger - * than the number of domain components parsed */ - if (idx >= DOMAIN_COMPONENT_MAX || idx > name->fullName.dcNum) { - WOLFSSL_MSG("Index was larger then domain buffer"); - return NULL; - } - pt = &name->fullName.fullName[name->fullName.dcIdx[idx]], - sz = name->fullName.dcLen[idx]; - name->cnEntry.nid = ASN_DOMAIN_COMPONENT; - name->cnEntry.data.type = CTC_UTF8; - } - break; - - default: - return NULL; - } - - /* -1 to leave room for trailing terminator 0 */ - if (sz == 0 || sz >= CTC_NAME_SIZE - 1) - return NULL; - if (wolfSSL_ASN1_STRING_set(name->cnEntry.value, pt, sz) != - WOLFSSL_SUCCESS) { - WOLFSSL_MSG("Error setting local ASN1 string data"); - return NULL; - } - name->cnEntry.value->type = CTC_UTF8; - name->cnEntry.set = 1; - return name; - } - - + /* returns a pointer to the internal entry at location 'loc' on success, + * a null pointer is returned in fail cases */ WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry( WOLFSSL_X509_NAME *name, int loc) { @@ -39285,44 +38969,17 @@ err: return NULL; } - if (loc < 0) { + if (loc < 0 || loc >= MAX_NAME_ENTRIES) { WOLFSSL_MSG("Bad argument"); return NULL; } - if (loc <= DN_NAMES_MAX + name->fullName.dcNum) { - if (wolfSSL_nameByLoc(name, loc) != NULL) - return &name->cnEntry; + if (name->entry[loc].set) { + return &name->entry[loc]; } - /* DC component */ - if (name->fullName.dcMode) { - if (name->fullName.fullName != NULL){ - if (loc == name->fullName.dcNum){ - name->cnEntry.data.data - = &name->fullName.fullName[name->fullName.cIdx]; - name->cnEntry.data.length = name->fullName.cLen; - name->cnEntry.nid = ASN_COUNTRY_NAME; - } else { - name->cnEntry.data.data - = &name->fullName.fullName[name->fullName.dcIdx[loc]]; - name->cnEntry.data.length = name->fullName.dcLen[loc]; - name->cnEntry.nid = ASN_DOMAIN_COMPONENT; - } - } - name->cnEntry.data.type = CTC_UTF8; - /* common name index case */ - } else if (loc == name->fullName.cnIdx && name->x509 != NULL) { - /* get CN shortcut from x509 since it has null terminator */ - name->cnEntry.data.data = name->x509->subjectCN; - name->cnEntry.data.length = name->fullName.cnLen; - name->cnEntry.data.type = CTC_UTF8; - name->cnEntry.nid = ASN_COMMON_NAME; - name->cnEntry.set = 1; - } else { - WOLFSSL_MSG("loc passed in is not in range of parsed DN's"); + else { return NULL; } - return &name->cnEntry; } #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ @@ -43239,8 +42896,8 @@ int wolfSSL_X509_NAME_digest(const WOLFSSL_X509_NAME *name, return WOLFSSL_FAILURE; #if !defined(NO_FILESYSTEM) && !defined(NO_PWDBASED) - return wolfSSL_EVP_Digest((unsigned char*)name->fullName.fullName, - name->fullName.fullNameLen, md, len, type, NULL); + return wolfSSL_EVP_Digest((unsigned char*)name->name, + name->sz, md, len, type, NULL); #else (void)md; (void)len; @@ -47727,71 +47384,86 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_AutoPrivateKey(WOLFSSL_EVP_PKEY** pkey, #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) -int wolfSSL_X509_set_subject_name(WOLFSSL_X509 *cert, WOLFSSL_X509_NAME *name) +/* unlike wolfSSL_X509_NAME_dup this does not malloc a duplicate, only deep + * copy. "to" is expected to be a fresh blank name, if not pointers could be + * lost */ +static int wolfSSL_X509_NAME_copy(WOLFSSL_X509_NAME* from, + WOLFSSL_X509_NAME* to, void* heap) { int i; WOLFSSL_X509_NAME_ENTRY* ne; + WOLFSSL_ENTER("wolfSSL_X509_NAME_copy"); + + if (from == NULL || to == NULL) { + WOLFSSL_MSG("NULL parameter"); + return BAD_FUNC_ARG; + } + + if (from->dynamicName) { + to->name = (char*)XMALLOC(from->sz, heap, DYNAMIC_TYPE_SUBJECT_CN); + if (to->name == NULL) + return WOLFSSL_FAILURE; + } + XMEMCPY(to->name, from->name, from->sz); + to->sz = from->sz; + + for (i = 0; i < MAX_NAME_ENTRIES; i++) { + ne = wolfSSL_X509_NAME_get_entry(from, i); + if (ne != NULL) + wolfSSL_X509_NAME_add_entry(to, ne, i, 1); + } + to->entrySz = from->entrySz; + return WOLFSSL_SUCCESS; +} + + +/* copies over information from "name" to the "cert" subject name + * returns WOLFSSL_SUCCESS on success */ +int wolfSSL_X509_set_subject_name(WOLFSSL_X509 *cert, WOLFSSL_X509_NAME *name) +{ WOLFSSL_ENTER("X509_set_subject_name"); if (cert == NULL || name == NULL) return WOLFSSL_FAILURE; FreeX509Name(&cert->subject, cert->heap); InitX509Name(&cert->subject, 0); - if (name->dynamicName) { - cert->subject.name = (char*)XMALLOC(name->sz, cert->heap, - DYNAMIC_TYPE_SUBJECT_CN); - if (cert->subject.name == NULL) - return WOLFSSL_FAILURE; - } - XMEMCPY(cert->subject.name, name->name, name->sz); - cert->subject.sz = name->sz; - for (i = 0; i < 10; i++) { - ne = wolfSSL_X509_NAME_get_entry(name, i); - if (ne != NULL) - wolfSSL_X509_NAME_add_entry(&cert->subject, ne, i, 1); + if (wolfSSL_X509_NAME_copy(name, &cert->subject, cert->heap) != + WOLFSSL_SUCCESS) { + FreeX509Name(&cert->subject, cert->heap); + return WOLFSSL_FAILURE; } + cert->subject.x509 = cert; - cert->subject.name = cert->subject.fullName.fullName; - cert->subject.sz = cert->subject.fullName.fullNameLen; - return WOLFSSL_SUCCESS; } + +/* copies over information from "name" to the "cert" issuer name + * returns WOLFSSL_SUCCESS on success */ int wolfSSL_X509_set_issuer_name(WOLFSSL_X509 *cert, WOLFSSL_X509_NAME *name) { - int i; - WOLFSSL_X509_NAME_ENTRY* ne; - WOLFSSL_ENTER("X509_set_issuer_name"); if (cert == NULL || name == NULL) return WOLFSSL_FAILURE; FreeX509Name(&cert->issuer, cert->heap); InitX509Name(&cert->issuer, 0); - if (name->dynamicName) { - cert->issuer.name = (char*)XMALLOC(name->sz, cert->heap, - DYNAMIC_TYPE_SUBJECT_CN); - if (cert->issuer.name == NULL) - return WOLFSSL_FAILURE; - } - XMEMCPY(cert->issuer.name, name->name, name->sz); - cert->issuer.sz = name->sz; - for (i = 0; i < 10; i++) { - ne = wolfSSL_X509_NAME_get_entry(name, i); - if (ne != NULL) - wolfSSL_X509_NAME_add_entry(&cert->issuer, ne, i, 1); + if (wolfSSL_X509_NAME_copy(name, &cert->issuer, cert->heap) != + WOLFSSL_SUCCESS) { + FreeX509Name(&cert->subject, cert->heap); + return WOLFSSL_FAILURE; } + cert->issuer.x509 = cert; - cert->issuer.name = cert->issuer.fullName.fullName; - cert->issuer.sz = cert->issuer.fullName.fullNameLen; cert->issuerSet = 1; return WOLFSSL_SUCCESS; } + int wolfSSL_X509_set_notAfter(WOLFSSL_X509* x509, const WOLFSSL_ASN1_TIME* t) { if (x509 == NULL || t == NULL) { diff --git a/tests/api.c b/tests/api.c index 553b74d38..c0c5d491e 100644 --- a/tests/api.c +++ b/tests/api.c @@ -24480,35 +24480,35 @@ static void test_wolfSSL_X509_NID(void) /* extract subjectName info */ AssertNotNull(name = X509_get_subject_name(cert)); AssertIntEQ(X509_NAME_get_text_by_NID(name, -1, NULL, 0), -1); - AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, ASN_COMMON_NAME, + AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_commonName, NULL, 0)), 0); AssertIntEQ(nameSz, 15); - AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, ASN_COMMON_NAME, + AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_commonName, commonName, sizeof(commonName))), 0); AssertIntEQ(nameSz, 15); AssertIntEQ(XMEMCMP(commonName, "www.wolfssl.com", nameSz), 0); - AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, ASN_COMMON_NAME, + AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_commonName, commonName, 9)), 0); AssertIntEQ(nameSz, 8); AssertIntEQ(XMEMCMP(commonName, "www.wolf", nameSz), 0); - AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, ASN_COUNTRY_NAME, + AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_countryName, countryName, sizeof(countryName))), 0); AssertIntEQ(XMEMCMP(countryName, "US", nameSz), 0); - AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, ASN_LOCALITY_NAME, + AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_localityName, localityName, sizeof(localityName))), 0); AssertIntEQ(XMEMCMP(localityName, "Bozeman", nameSz), 0); - AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, ASN_STATE_NAME, + AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_stateOrProvinceName, stateName, sizeof(stateName))), 0); AssertIntEQ(XMEMCMP(stateName, "Montana", nameSz), 0); - AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, ASN_ORG_NAME, + AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_organizationName, orgName, sizeof(orgName))), 0); AssertIntEQ(XMEMCMP(orgName, "wolfSSL_2048", nameSz), 0); - AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, ASN_ORGUNIT_NAME, + AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_organizationalUnitName, orgUnit, sizeof(orgUnit))), 0); AssertIntEQ(XMEMCMP(orgUnit, "Programming-2048", nameSz), 0); @@ -25931,7 +25931,7 @@ static void test_wolfSSL_X509_sign(void) /* Set X509_NAME fields */ AssertNotNull(name = X509_NAME_new()); - AssertIntEQ(X509_NAME_add_entry_by_txt(name, "country", MBSTRING_UTF8, + AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, (byte*)"US", 2, -1, 0), SSL_SUCCESS); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS); diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 310d5ce31..553ec68b4 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -5044,10 +5044,10 @@ void FreeDecodedCert(DecodedCert* cert) XFREE(cert->hwSerialNum, cert->heap, DYNAMIC_TYPE_X509_EXT); #endif /* WOLFSSL_SEP */ #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) - if (cert->issuerName.fullName != NULL) - XFREE(cert->issuerName.fullName, cert->heap, DYNAMIC_TYPE_X509); - if (cert->subjectName.fullName != NULL) - XFREE(cert->subjectName.fullName, cert->heap, DYNAMIC_TYPE_X509); + if (cert->issuerName != NULL) + wolfSSL_X509_NAME_free(cert->issuerName); + if (cert->subjectName != NULL) + wolfSSL_X509_NAME_free(cert->subjectName); #endif /* OPENSSL_EXTRA */ #ifdef WOLFSSL_RENESAS_TSIP_TLS if (cert->tsip_encRsaKeyIdx != NULL) @@ -5538,7 +5538,8 @@ int CalcHashId(const byte* data, word32 len, byte* hash) return ret; } -/* process NAME, either issuer or subject */ +/* process NAME, either issuer or subject + * returns 0 on success and negative values on fail */ static int GetName(DecodedCert* cert, int nameType, int maxIdx) { int length; /* length of all distinguished names */ @@ -5548,14 +5549,10 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx) byte* hash; word32 idx, localIdx = 0; byte tag; - #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) - DecodedName* dName = - (nameType == ISSUER) ? &cert->issuerName : &cert->subjectName; - int dcnum = 0; - #ifdef OPENSSL_EXTRA - int count = 0; - #endif - #endif /* OPENSSL_EXTRA */ +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + WOLFSSL_X509_NAME* dName; + int nid; +#endif /* OPENSSL_EXTRA */ WOLFSSL_MSG("Getting Cert Name"); @@ -5612,6 +5609,12 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx) cert->subjectRawLen = length - cert->srcIdx; } #endif +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + dName = wolfSSL_X509_NAME_new(); + if (dName == NULL) { + return MEMORY_E; + } +#endif /* OPENSSL_EXTRA */ while (cert->srcIdx < (word32)length) { byte b = 0; @@ -5627,16 +5630,28 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx) WOLFSSL_MSG("Cert name lacks set header, trying sequence"); } - if (GetSequence(cert->source, &cert->srcIdx, &dummy, maxIdx) <= 0) + if (GetSequence(cert->source, &cert->srcIdx, &dummy, maxIdx) <= 0) { + #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + wolfSSL_X509_NAME_free(dName); + #endif /* OPENSSL_EXTRA */ return ASN_PARSE_E; + } ret = GetASNObjectId(cert->source, &cert->srcIdx, &oidSz, maxIdx); - if (ret != 0) + if (ret != 0) { + #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + wolfSSL_X509_NAME_free(dName); + #endif /* OPENSSL_EXTRA */ return ret; + } /* make sure there is room for joint */ - if ((cert->srcIdx + sizeof(joint)) > (word32)maxIdx) + if ((cert->srcIdx + sizeof(joint)) > (word32)maxIdx) { + #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + wolfSSL_X509_NAME_free(dName); + #endif /* OPENSSL_EXTRA */ return ASN_PARSE_E; + } XMEMCPY(joint, &cert->source[cert->srcIdx], sizeof(joint)); @@ -5646,6 +5661,9 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx) id = joint[2]; if (GetHeader(cert->source, &b, &cert->srcIdx, &strLen, maxIdx, 1) < 0) { + #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + wolfSSL_X509_NAME_free(dName); + #endif /* OPENSSL_EXTRA */ return ASN_PARSE_E; } @@ -5658,10 +5676,9 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx) copy = WOLFSSL_COMMON_NAME; copyLen = sizeof(WOLFSSL_COMMON_NAME) - 1; - #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) - dName->cnIdx = cert->srcIdx; - dName->cnLen = strLen; - #endif /* OPENSSL_EXTRA */ + #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + nid = NID_commonName; + #endif /* OPENSSL_EXTRA */ } else if (id == ASN_SUR_NAME) { copy = WOLFSSL_SUR_NAME; @@ -5674,8 +5691,7 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx) } #endif /* WOLFSSL_CERT_GEN */ #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) - dName->snIdx = cert->srcIdx; - dName->snLen = strLen; + nid = NID_surname; #endif /* OPENSSL_EXTRA */ } else if (id == ASN_COUNTRY_NAME) { @@ -5689,8 +5705,7 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx) } #endif /* WOLFSSL_CERT_GEN */ #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) - dName->cIdx = cert->srcIdx; - dName->cLen = strLen; + nid = NID_countryName; #endif /* OPENSSL_EXTRA */ } else if (id == ASN_LOCALITY_NAME) { @@ -5704,8 +5719,7 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx) } #endif /* WOLFSSL_CERT_GEN */ #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) - dName->lIdx = cert->srcIdx; - dName->lLen = strLen; + nid = NID_localityName; #endif /* OPENSSL_EXTRA */ } else if (id == ASN_STATE_NAME) { @@ -5719,8 +5733,7 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx) } #endif /* WOLFSSL_CERT_GEN */ #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) - dName->stIdx = cert->srcIdx; - dName->stLen = strLen; + nid = NID_stateOrProvinceName; #endif /* OPENSSL_EXTRA */ } else if (id == ASN_ORG_NAME) { @@ -5734,8 +5747,7 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx) } #endif /* WOLFSSL_CERT_GEN */ #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) - dName->oIdx = cert->srcIdx; - dName->oLen = strLen; + nid = NID_organizationName; #endif /* OPENSSL_EXTRA */ } else if (id == ASN_ORGUNIT_NAME) { @@ -5749,8 +5761,7 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx) } #endif /* WOLFSSL_CERT_GEN */ #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) - dName->ouIdx = cert->srcIdx; - dName->ouLen = strLen; + nid = NID_organizationalUnitName; #endif /* OPENSSL_EXTRA */ } else if (id == ASN_SERIAL_NUMBER) { @@ -5764,8 +5775,7 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx) } #endif /* WOLFSSL_CERT_GEN */ #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) - dName->snIdx = cert->srcIdx; - dName->snLen = strLen; + nid = NID_serialNumber; #endif /* OPENSSL_EXTRA */ } #ifdef WOLFSSL_CERT_EXT @@ -5780,8 +5790,7 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx) } #endif /* WOLFSSL_CERT_GEN */ #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) - dName->bcIdx = cert->srcIdx; - dName->bcLen = strLen; + nid = NID_businessCategory; #endif /* OPENSSL_EXTRA */ } #endif /* WOLFSSL_CERT_EXT */ @@ -5798,8 +5807,12 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx) b = cert->source[cert->srcIdx++]; /* encoding */ if (GetLength(cert->source, &cert->srcIdx, &strLen, - maxIdx) < 0) + maxIdx) < 0) { + #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + wolfSSL_X509_NAME_free(dName); + #endif /* OPENSSL_EXTRA */ return ASN_PARSE_E; + } /* Check for jurisdiction of incorporation country name */ if (id == ASN_JOI_C) { @@ -5813,8 +5826,7 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx) } #endif /* WOLFSSL_CERT_GEN */ #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) - dName->jcIdx = cert->srcIdx; - dName->jcLen = strLen; + nid = NID_jurisdictionCountryName; #endif /* OPENSSL_EXTRA */ } @@ -5830,8 +5842,7 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx) } #endif /* WOLFSSL_CERT_GEN */ #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) - dName->jsIdx = cert->srcIdx; - dName->jsLen = strLen; + nid = NID_jurisdictionStateOrProvinceName; #endif /* OPENSSL_EXTRA */ } @@ -5859,8 +5870,12 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx) cert->srcIdx += oidSz + 1; - if (GetLength(cert->source, &cert->srcIdx, &strLen, maxIdx) < 0) + if (GetLength(cert->source, &cert->srcIdx, &strLen, maxIdx) < 0) { + #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + wolfSSL_X509_NAME_free(dName); + #endif /* OPENSSL_EXTRA */ return ASN_PARSE_E; + } if (strLen > (int)(ASN_NAME_MAX - idx)) { WOLFSSL_MSG("ASN name too big, skipping"); @@ -5884,8 +5899,7 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx) } #endif /* WOLFSSL_CERT_GEN */ #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) - dName->emailIdx = cert->srcIdx; - dName->emailLen = strLen; + nid = NID_emailAddress; #endif /* OPENSSL_EXTRA */ #ifndef IGNORE_NAME_CONSTRAINTS { @@ -5895,6 +5909,10 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx) cert->heap, DYNAMIC_TYPE_ALTNAME); if (emailName == NULL) { WOLFSSL_MSG("\tOut of Memory"); + #if defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL) + wolfSSL_X509_NAME_free(dName); + #endif /* OPENSSL_EXTRA */ return MEMORY_E; } emailName->type = 0; @@ -5903,6 +5921,10 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx) if (emailName->name == NULL) { WOLFSSL_MSG("\tOut of Memory"); XFREE(emailName, cert->heap, DYNAMIC_TYPE_ALTNAME); + #if defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL) + wolfSSL_X509_NAME_free(dName); + #endif /* OPENSSL_EXTRA */ return MEMORY_E; } emailName->len = strLen; @@ -5923,8 +5945,7 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx) copyLen = sizeof(WOLFSSL_USER_ID) - 1; #if defined(OPENSSL_EXTRA) || \ defined(OPENSSL_EXTRA_X509_SMALL) - dName->uidIdx = cert->srcIdx; - dName->uidLen = strLen; + nid = NID_userId; #endif /* OPENSSL_EXTRA */ break; @@ -5933,15 +5954,16 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx) copyLen = sizeof(WOLFSSL_DOMAIN_COMPONENT) - 1; #if defined(OPENSSL_EXTRA) || \ defined(OPENSSL_EXTRA_X509_SMALL) - dName->dcIdx[dcnum] = cert->srcIdx; - dName->dcLen[dcnum] = strLen; - dName->dcNum = dcnum + 1; - dcnum++; + nid = NID_domainComponent; #endif /* OPENSSL_EXTRA */ break; default: WOLFSSL_MSG("Unknown pilot attribute type"); + #if defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL) + wolfSSL_X509_NAME_free(dName); + #endif /* OPENSSL_EXTRA */ return ASN_PARSE_E; } } @@ -5956,174 +5978,28 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx) idx += copyLen; XMEMCPY(&full[idx], &cert->source[cert->srcIdx], strLen); idx += strLen; - - #ifdef OPENSSL_EXTRA - if (count < DOMAIN_COMPONENT_MAX) { - /* store order that DN was parsed */ - dName->loc[count++] = id; - } - #endif } + #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + if (wolfSSL_X509_NAME_add_entry_by_NID(dName, nid, MBSTRING_UTF8, + &cert->source[cert->srcIdx], strLen, -1, -1) != + WOLFSSL_SUCCESS) { + wolfSSL_X509_NAME_free(dName); + return ASN_PARSE_E; + } + #endif /* OPENSSL_EXTRA */ cert->srcIdx += strLen; } full[idx++] = 0; -#if defined(OPENSSL_EXTRA) - /* store order that DN was parsed */ - dName->locSz = count; -#endif - #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) - { - int totalLen = 0; - int i = 0; - if (dName->cnLen != 0) - totalLen += dName->cnLen + 4; - if (dName->snLen != 0) - totalLen += dName->snLen + 4; - if (dName->cLen != 0) - totalLen += dName->cLen + 3; - if (dName->lLen != 0) - totalLen += dName->lLen + 3; - if (dName->stLen != 0) - totalLen += dName->stLen + 4; - if (dName->oLen != 0) - totalLen += dName->oLen + 3; - if (dName->ouLen != 0) - totalLen += dName->ouLen + 4; - if (dName->emailLen != 0) - totalLen += dName->emailLen + 14; - if (dName->uidLen != 0) - totalLen += dName->uidLen + 5; - if (dName->serialLen != 0) - totalLen += dName->serialLen + 14; - if (dName->dcNum != 0){ - for (i = 0;i < dName->dcNum;i++) - totalLen += dName->dcLen[i] + 4; - } - - dName->fullName = (char*)XMALLOC(totalLen + 1, cert->heap, - DYNAMIC_TYPE_X509); - if (dName->fullName != NULL) { - idx = 0; - - if (dName->cnLen != 0) { - dName->entryCount++; - XMEMCPY(&dName->fullName[idx], WOLFSSL_COMMON_NAME, 4); - dName->cnNid = wc_OBJ_sn2nid((const char *)WOLFSSL_COMMON_NAME); - idx += 4; - XMEMCPY(&dName->fullName[idx], - &cert->source[dName->cnIdx], dName->cnLen); - dName->cnIdx = idx; - idx += dName->cnLen; - } - if (dName->snLen != 0) { - dName->entryCount++; - XMEMCPY(&dName->fullName[idx], WOLFSSL_SUR_NAME, 4); - dName->snNid = wc_OBJ_sn2nid((const char *)WOLFSSL_SUR_NAME); - idx += 4; - XMEMCPY(&dName->fullName[idx], - &cert->source[dName->snIdx], dName->snLen); - dName->snIdx = idx; - idx += dName->snLen; - } - if (dName->cLen != 0) { - dName->entryCount++; - XMEMCPY(&dName->fullName[idx], WOLFSSL_COUNTRY_NAME, 3); - dName->cNid = wc_OBJ_sn2nid((const char *)WOLFSSL_COUNTRY_NAME); - idx += 3; - XMEMCPY(&dName->fullName[idx], - &cert->source[dName->cIdx], dName->cLen); - dName->cIdx = idx; - idx += dName->cLen; - } - if (dName->lLen != 0) { - dName->entryCount++; - XMEMCPY(&dName->fullName[idx], WOLFSSL_LOCALITY_NAME, 3); - dName->lNid = wc_OBJ_sn2nid((const char *)WOLFSSL_LOCALITY_NAME); - idx += 3; - XMEMCPY(&dName->fullName[idx], - &cert->source[dName->lIdx], dName->lLen); - dName->lIdx = idx; - idx += dName->lLen; - } - if (dName->stLen != 0) { - dName->entryCount++; - XMEMCPY(&dName->fullName[idx], WOLFSSL_STATE_NAME, 4); - dName->stNid = wc_OBJ_sn2nid((const char *)WOLFSSL_STATE_NAME); - idx += 4; - XMEMCPY(&dName->fullName[idx], - &cert->source[dName->stIdx], dName->stLen); - dName->stIdx = idx; - idx += dName->stLen; - } - if (dName->oLen != 0) { - dName->entryCount++; - XMEMCPY(&dName->fullName[idx], WOLFSSL_ORG_NAME, 3); - dName->oNid = wc_OBJ_sn2nid((const char *)WOLFSSL_ORG_NAME); - idx += 3; - XMEMCPY(&dName->fullName[idx], - &cert->source[dName->oIdx], dName->oLen); - dName->oIdx = idx; - idx += dName->oLen; - } - if (dName->ouLen != 0) { - dName->entryCount++; - XMEMCPY(&dName->fullName[idx], WOLFSSL_ORGUNIT_NAME, 4); - dName->ouNid = wc_OBJ_sn2nid((const char *)WOLFSSL_ORGUNIT_NAME); - idx += 4; - XMEMCPY(&dName->fullName[idx], - &cert->source[dName->ouIdx], dName->ouLen); - dName->ouIdx = idx; - idx += dName->ouLen; - } - if (dName->emailLen != 0) { - dName->entryCount++; - XMEMCPY(&dName->fullName[idx], "/emailAddress=", 14); - dName->emailNid = wc_OBJ_sn2nid((const char *)"/emailAddress="); - idx += 14; - XMEMCPY(&dName->fullName[idx], - &cert->source[dName->emailIdx], dName->emailLen); - dName->emailIdx = idx; - idx += dName->emailLen; - } - for (i = 0;i < dName->dcNum;i++){ - if (dName->dcLen[i] != 0) { - dName->entryCount++; - XMEMCPY(&dName->fullName[idx], WOLFSSL_DOMAIN_COMPONENT, 4); - idx += 4; - XMEMCPY(&dName->fullName[idx], - &cert->source[dName->dcIdx[i]], dName->dcLen[i]); - dName->dcIdx[i] = idx; - idx += dName->dcLen[i]; - } - } - if (dName->uidLen != 0) { - dName->entryCount++; - XMEMCPY(&dName->fullName[idx], "/UID=", 5); - dName->uidNid = wc_OBJ_sn2nid((const char *)"/UID="); - idx += 5; - XMEMCPY(&dName->fullName[idx], - &cert->source[dName->uidIdx], dName->uidLen); - dName->uidIdx = idx; - idx += dName->uidLen; - } - if (dName->serialLen != 0) { - dName->entryCount++; - XMEMCPY(&dName->fullName[idx], WOLFSSL_SERIAL_NUMBER, 14); - dName->serialNid = wc_OBJ_sn2nid((const char *)WOLFSSL_SERIAL_NUMBER); - idx += 14; - XMEMCPY(&dName->fullName[idx], - &cert->source[dName->serialIdx], dName->serialLen); - dName->serialIdx = idx; - idx += dName->serialLen; - } - dName->fullName[idx] = '\0'; - dName->fullNameLen = totalLen; - } +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + if (nameType == ISSUER) { + cert->issuerName = dName; } - #endif /* OPENSSL_EXTRA */ - + else { + cert->subjectName = dName; + } +#endif return 0; } @@ -12033,7 +11909,7 @@ typedef struct EncodedName { /* Get Which Name from index */ -static const char* GetOneName(CertName* name, int idx) +const char* GetOneCertName(CertName* name, int idx) { switch (idx) { case 0: @@ -12122,7 +11998,7 @@ static char GetNameType(CertName* name, int idx) /* Get ASN Name from index */ -static byte GetNameId(int idx) +byte GetCertNameId(int idx) { switch (idx) { case 0: @@ -12164,6 +12040,7 @@ static byte GetNameId(int idx) } } + /* Extensions ::= SEQUENCE OF Extension @@ -12757,10 +12634,10 @@ int SetName(byte* output, word32 outputSz, CertName* name) for (i = 0; i < NAME_ENTRIES; i++) { int ret; - const char* nameStr = GetOneName(name, i); + const char* nameStr = GetOneCertName(name, i); ret = wc_EncodeName(&names[i], nameStr, GetNameType(name, i), - GetNameId(i)); + GetCertNameId(i)); if (ret < 0) { #ifdef WOLFSSL_SMALL_STACK XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -12801,7 +12678,7 @@ int SetName(byte* output, word32 outputSz, CertName* name) for (i = 0; i < NAME_ENTRIES; i++) { #ifdef WOLFSSL_MULTI_ATTRIB - type = GetNameId(i); + type = GetCertNameId(i); /* list all DC values before OUs */ if (type == ASN_ORGUNIT_NAME) { diff --git a/wolfssl/internal.h b/wolfssl/internal.h index ad9524fc6..651072ed4 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -3593,9 +3593,8 @@ struct WOLFSSL_X509_NAME { char staticName[ASN_NAME_MAX]; #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ !defined(NO_ASN) - DecodedName fullName; - WOLFSSL_X509_NAME_ENTRY cnEntry; - WOLFSSL_X509_NAME_ENTRY extra[MAX_NAME_ENTRIES]; /* extra entries added */ + int entrySz; /* number of entries */ + WOLFSSL_X509_NAME_ENTRY entry[MAX_NAME_ENTRIES]; /* all entries i.e. CN */ WOLFSSL_X509* x509; /* x509 that struct belongs to */ #endif /* OPENSSL_EXTRA */ #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index b92c494ca..4337feb87 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -233,6 +233,7 @@ enum NID_jurisdictionStateOrProvinceName = 0xd, NID_businessCategory = ASN_BUS_CAT, NID_domainComponent = ASN_DOMAIN_COMPONENT, + NID_userId = 458, NID_emailAddress = 0x30, /* emailAddress */ NID_id_on_dnsSRV = 82, /* 1.3.6.1.5.5.7.8.7 */ NID_ms_upn = 265, /* 1.3.6.1.4.1.311.20.2.3 */ @@ -356,7 +357,7 @@ enum Misc_ASN { MAX_CERTPOL_SZ = CTC_MAX_CERTPOL_SZ, #endif MAX_AIA_SZ = 2, /* Max Authority Info Access extension size*/ - MAX_NAME_ENTRIES = 5, /* extra entries added to x509 name struct */ + MAX_NAME_ENTRIES = 13, /* entries added to x509 name struct */ OCSP_NONCE_EXT_SZ = 35, /* OCSP Nonce Extension size */ MAX_OCSP_EXT_SZ = 58, /* Max OCSP Extension length */ MAX_OCSP_NONCE_SZ = 16, /* OCSP Nonce size */ @@ -611,64 +612,6 @@ struct Base_entry { byte type; /* Name base type (DNS or RFC822) */ }; -#define DOMAIN_COMPONENT_MAX 10 -#define DN_NAMES_MAX 9 - -struct DecodedName { - char* fullName; - int fullNameLen; - int entryCount; - int cnIdx; - int cnLen; - int cnNid; - int snIdx; - int snLen; - int snNid; - int cIdx; - int cLen; - int cNid; - int lIdx; - int lLen; - int lNid; - int stIdx; - int stLen; - int stNid; - int oIdx; - int oLen; - int oNid; - int ouIdx; - int ouLen; -#ifdef WOLFSSL_CERT_EXT - int bcIdx; - int bcLen; - int jcIdx; - int jcLen; - int jsIdx; - int jsLen; -#endif - int ouNid; - int emailIdx; - int emailLen; - int emailNid; - int uidIdx; - int uidLen; - int uidNid; - int serialIdx; - int serialLen; - int serialNid; - int dcIdx[DOMAIN_COMPONENT_MAX]; - int dcLen[DOMAIN_COMPONENT_MAX]; - int dcNum; - int dcMode; -#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) - /* hold the location / order with which each of the DN tags was found - * - * example of ASN_DOMAIN_COMPONENT at index 0 if first found and so on. - */ - int loc[DOMAIN_COMPONENT_MAX + DN_NAMES_MAX]; - int locSz; -#endif -}; enum SignatureState { SIG_STATE_BEGIN, @@ -786,7 +729,6 @@ struct CertSignCtx { #endif typedef struct DecodedCert DecodedCert; -typedef struct DecodedName DecodedName; typedef struct Signer Signer; #ifdef WOLFSSL_TRUST_PEER_CERT typedef struct TrustedPeerCert TrustedPeerCert; @@ -913,8 +855,9 @@ struct DecodedCert { int subjectEmailLen; #endif /* WOLFSSL_CERT_GEN */ #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) - DecodedName issuerName; - DecodedName subjectName; + /* WOLFSSL_X509_NAME structures (used void* to avoid including ssl.h) */ + void* issuerName; + void* subjectName; #endif /* OPENSSL_EXTRA */ #ifdef WOLFSSL_SEP int deviceTypeSz; @@ -1126,6 +1069,8 @@ WOLFSSL_LOCAL int wc_OBJ_sn2nid(const char *sn); /* ASN.1 helper functions */ #ifdef WOLFSSL_CERT_GEN WOLFSSL_ASN_API int SetName(byte* output, word32 outputSz, CertName* name); +WOLFSSL_LOCAL const char* GetOneCertName(CertName* name, int idx); +WOLFSSL_LOCAL byte GetCertNameId(int idx); #endif WOLFSSL_LOCAL int GetShortInt(const byte* input, word32* inOutIdx, int* number, word32 maxIdx);