diff --git a/configure.ac b/configure.ac index 5797fdd35..6caad120a 100644 --- a/configure.ac +++ b/configure.ac @@ -709,6 +709,9 @@ then # Enable deterministic ECC signing API with variant AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT" + + # Store issuer name components when parsing certificates. + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_ISSUER_NAMES" fi diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 0e7512fe2..e174d9501 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -78,6 +78,8 @@ ASN Options: Only supports copying full AKID from an existing certificate. * WOLFSSL_CUSTOM_OID: Enable custom OID support for subject and request extensions + * WOLFSSL_HAVE_ISSUER_NAMES: Store pointers to issuer name components and their + lengths and encodings. */ #ifndef NO_ASN @@ -9769,14 +9771,22 @@ void InitDecodedCert(DecodedCert* cert, cert->maxIdx = inSz; /* can't go over this index */ cert->heap = heap; cert->maxPathLen = WOLFSSL_MAX_PATH_LEN; - #ifdef WOLFSSL_CERT_GEN + #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) cert->subjectSNEnc = CTC_UTF8; cert->subjectCEnc = CTC_PRINTABLE; cert->subjectLEnc = CTC_UTF8; cert->subjectSTEnc = CTC_UTF8; cert->subjectOEnc = CTC_UTF8; cert->subjectOUEnc = CTC_UTF8; - #endif /* WOLFSSL_CERT_GEN */ + #ifdef WOLFSSL_HAVE_ISSUER_NAMES + cert->issuerSNEnc = CTC_UTF8; + cert->issuerCEnc = CTC_PRINTABLE; + cert->issuerLEnc = CTC_UTF8; + cert->issuerSTEnc = CTC_UTF8; + cert->issuerOEnc = CTC_UTF8; + cert->issuerOUEnc = CTC_UTF8; + #endif /* WOLFSSL_HAVE_ISSUER_NAMES */ + #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */ #ifndef NO_CERTS InitSignatureCtx(&cert->sigCtx, heap, INVALID_DEVID); @@ -11347,6 +11357,14 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, cert->subjectCNLen = strLen; cert->subjectCNEnc = b; } + #if (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)) && \ + defined(WOLFSSL_HAVE_ISSUER_NAMES) + else if (nameType == ISSUER) { + cert->issuerCN = (char*)&input[srcIdx]; + cert->issuerCNLen = strLen; + cert->issuerCNEnc = b; + } + #endif copy = WOLFSSL_COMMON_NAME; copyLen = sizeof(WOLFSSL_COMMON_NAME) - 1; @@ -11358,13 +11376,20 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, else if (id == ASN_SUR_NAME) { copy = WOLFSSL_SUR_NAME; copyLen = sizeof(WOLFSSL_SUR_NAME) - 1; - #ifdef WOLFSSL_CERT_GEN + #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) if (nameType == SUBJECT) { cert->subjectSN = (char*)&input[srcIdx]; cert->subjectSNLen = strLen; cert->subjectSNEnc = b; } - #endif /* WOLFSSL_CERT_GEN */ + #if defined(WOLFSSL_HAVE_ISSUER_NAMES) + else if (nameType == ISSUER) { + cert->issuerSN = (char*)&input[srcIdx]; + cert->issuerSNLen = strLen; + cert->issuerSNEnc = b; + } + #endif /* WOLFSSL_HAVE_ISSUER_NAMES */ + #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */ #if (defined(OPENSSL_EXTRA) || \ defined(OPENSSL_EXTRA_X509_SMALL)) \ && !defined(WOLFCRYPT_ONLY) @@ -11374,13 +11399,20 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, else if (id == ASN_COUNTRY_NAME) { copy = WOLFSSL_COUNTRY_NAME; copyLen = sizeof(WOLFSSL_COUNTRY_NAME) - 1; - #ifdef WOLFSSL_CERT_GEN + #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) if (nameType == SUBJECT) { cert->subjectC = (char*)&input[srcIdx]; cert->subjectCLen = strLen; cert->subjectCEnc = b; } - #endif /* WOLFSSL_CERT_GEN */ + #if defined(WOLFSSL_HAVE_ISSUER_NAMES) + else if (nameType == ISSUER) { + cert->issuerC = (char*)&input[srcIdx]; + cert->issuerCLen = strLen; + cert->issuerCEnc = b; + } + #endif /* WOLFSSL_HAVE_ISSUER_NAMES */ + #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */ #if (defined(OPENSSL_EXTRA) || \ defined(OPENSSL_EXTRA_X509_SMALL)) \ && !defined(WOLFCRYPT_ONLY) @@ -11390,13 +11422,20 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, else if (id == ASN_LOCALITY_NAME) { copy = WOLFSSL_LOCALITY_NAME; copyLen = sizeof(WOLFSSL_LOCALITY_NAME) - 1; - #ifdef WOLFSSL_CERT_GEN + #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) if (nameType == SUBJECT) { cert->subjectL = (char*)&input[srcIdx]; cert->subjectLLen = strLen; cert->subjectLEnc = b; } - #endif /* WOLFSSL_CERT_GEN */ + #if defined(WOLFSSL_HAVE_ISSUER_NAMES) + else if (nameType == ISSUER) { + cert->issuerL = (char*)&input[srcIdx]; + cert->issuerLLen = strLen; + cert->issuerLEnc = b; + } + #endif /* WOLFSSL_HAVE_ISSUER_NAMES */ + #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */ #if (defined(OPENSSL_EXTRA) || \ defined(OPENSSL_EXTRA_X509_SMALL)) \ && !defined(WOLFCRYPT_ONLY) @@ -11406,13 +11445,20 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, else if (id == ASN_STATE_NAME) { copy = WOLFSSL_STATE_NAME; copyLen = sizeof(WOLFSSL_STATE_NAME) - 1; - #ifdef WOLFSSL_CERT_GEN + #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) if (nameType == SUBJECT) { cert->subjectST = (char*)&input[srcIdx]; cert->subjectSTLen = strLen; cert->subjectSTEnc = b; } - #endif /* WOLFSSL_CERT_GEN */ + #if defined(WOLFSSL_HAVE_ISSUER_NAMES) + else if (nameType == ISSUER) { + cert->issuerST = (char*)&input[srcIdx]; + cert->issuerSTLen = strLen; + cert->issuerSTEnc = b; + } + #endif /* WOLFSSL_HAVE_ISSUER_NAMES */ + #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT*/ #if (defined(OPENSSL_EXTRA) || \ defined(OPENSSL_EXTRA_X509_SMALL)) \ && !defined(WOLFCRYPT_ONLY) @@ -11422,13 +11468,20 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, else if (id == ASN_ORG_NAME) { copy = WOLFSSL_ORG_NAME; copyLen = sizeof(WOLFSSL_ORG_NAME) - 1; - #ifdef WOLFSSL_CERT_GEN + #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) if (nameType == SUBJECT) { cert->subjectO = (char*)&input[srcIdx]; cert->subjectOLen = strLen; cert->subjectOEnc = b; } - #endif /* WOLFSSL_CERT_GEN */ + #if defined(WOLFSSL_HAVE_ISSUER_NAMES) + else if (nameType == ISSUER) { + cert->issuerO = (char*)&input[srcIdx]; + cert->issuerOLen = strLen; + cert->issuerOEnc = b; + } + #endif /* WOLFSSL_HAVE_ISSUER_NAMES */ + #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */ #if (defined(OPENSSL_EXTRA) || \ defined(OPENSSL_EXTRA_X509_SMALL)) \ && !defined(WOLFCRYPT_ONLY) @@ -11438,13 +11491,20 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, else if (id == ASN_ORGUNIT_NAME) { copy = WOLFSSL_ORGUNIT_NAME; copyLen = sizeof(WOLFSSL_ORGUNIT_NAME) - 1; - #ifdef WOLFSSL_CERT_GEN + #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) if (nameType == SUBJECT) { cert->subjectOU = (char*)&input[srcIdx]; cert->subjectOULen = strLen; cert->subjectOUEnc = b; } - #endif /* WOLFSSL_CERT_GEN */ + #if defined(WOLFSSL_HAVE_ISSUER_NAMES) + else if (nameType == ISSUER) { + cert->issuerOU = (char*)&input[srcIdx]; + cert->issuerOULen = strLen; + cert->issuerOUEnc = b; + } + #endif /* WOLFSSL_HAVE_ISSUER_NAMES */ + #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */ #if (defined(OPENSSL_EXTRA) || \ defined(OPENSSL_EXTRA_X509_SMALL)) \ && !defined(WOLFCRYPT_ONLY) @@ -11454,13 +11514,20 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, else if (id == ASN_SERIAL_NUMBER) { copy = WOLFSSL_SERIAL_NUMBER; copyLen = sizeof(WOLFSSL_SERIAL_NUMBER) - 1; - #ifdef WOLFSSL_CERT_GEN + #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) if (nameType == SUBJECT) { cert->subjectSND = (char*)&input[srcIdx]; cert->subjectSNDLen = strLen; cert->subjectSNDEnc = b; } - #endif /* WOLFSSL_CERT_GEN */ + #if defined(WOLFSSL_HAVE_ISSUER_NAMES) + else if (nameType == ISSUER) { + cert->issuerSND = (char*)&input[srcIdx]; + cert->issuerSNDLen = strLen; + cert->issuerSNDEnc = b; + } + #endif /* WOLFSSL_HAVE_ISSUER_NAMES */ + #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */ #if (defined(OPENSSL_EXTRA) || \ defined(OPENSSL_EXTRA_X509_SMALL)) \ && !defined(WOLFCRYPT_ONLY) @@ -11470,13 +11537,13 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, else if (id == ASN_USER_ID) { copy = WOLFSSL_USER_ID; copyLen = sizeof(WOLFSSL_USER_ID) - 1; - #ifdef WOLFSSL_CERT_GEN + #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) if (nameType == SUBJECT) { cert->subjectUID = (char*)&input[srcIdx]; cert->subjectUIDLen = strLen; cert->subjectUIDEnc = b; } - #endif /* WOLFSSL_CERT_GEN */ + #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */ #if (defined(OPENSSL_EXTRA) || \ defined(OPENSSL_EXTRA_X509_SMALL)) \ && !defined(WOLFCRYPT_ONLY) @@ -11487,13 +11554,13 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, else if (id == ASN_STREET_ADDR) { copy = WOLFSSL_STREET_ADDR_NAME; copyLen = sizeof(WOLFSSL_STREET_ADDR_NAME) - 1; - #ifdef WOLFSSL_CERT_GEN + #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) if (nameType == SUBJECT) { cert->subjectStreet = (char*)&input[srcIdx]; cert->subjectStreetLen = strLen; cert->subjectStreetEnc = b; } - #endif /* WOLFSSL_CERT_GEN */ + #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */ #if (defined(OPENSSL_EXTRA) || \ defined(OPENSSL_EXTRA_X509_SMALL)) \ && !defined(WOLFCRYPT_ONLY) @@ -11503,13 +11570,13 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, else if (id == ASN_BUS_CAT) { copy = WOLFSSL_BUS_CAT; copyLen = sizeof(WOLFSSL_BUS_CAT) - 1; - #ifdef WOLFSSL_CERT_GEN + #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) if (nameType == SUBJECT) { cert->subjectBC = (char*)&input[srcIdx]; cert->subjectBCLen = strLen; cert->subjectBCEnc = b; } - #endif /* WOLFSSL_CERT_GEN */ + #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */ #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) \ && !defined(WOLFCRYPT_ONLY) nid = NID_businessCategory; @@ -11518,13 +11585,13 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, else if (id == ASN_POSTAL_CODE) { copy = WOLFSSL_POSTAL_NAME; copyLen = sizeof(WOLFSSL_POSTAL_NAME) - 1; - #ifdef WOLFSSL_CERT_GEN + #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) if (nameType == SUBJECT) { cert->subjectPC = (char*)&input[srcIdx]; cert->subjectPCLen = strLen; cert->subjectPCEnc = b; } - #endif /* WOLFSSL_CERT_GEN */ + #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT*/ #if (defined(OPENSSL_EXTRA) || \ defined(OPENSSL_EXTRA_X509_SMALL)) \ && !defined(WOLFCRYPT_ONLY) @@ -11557,13 +11624,13 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, if (id == ASN_JOI_C) { copy = WOLFSSL_JOI_C; copyLen = sizeof(WOLFSSL_JOI_C) - 1; - #ifdef WOLFSSL_CERT_GEN + #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) if (nameType == SUBJECT) { cert->subjectJC = (char*)&input[srcIdx]; cert->subjectJCLen = strLen; cert->subjectJCEnc = b; } - #endif /* WOLFSSL_CERT_GEN */ + #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */ #if (defined(OPENSSL_EXTRA) || \ defined(OPENSSL_EXTRA_X509_SMALL)) \ && !defined(WOLFCRYPT_ONLY) @@ -11575,13 +11642,13 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, else if (id == ASN_JOI_ST) { copy = WOLFSSL_JOI_ST; copyLen = sizeof(WOLFSSL_JOI_ST) - 1; - #ifdef WOLFSSL_CERT_GEN + #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) if (nameType == SUBJECT) { cert->subjectJS = (char*)&input[srcIdx]; cert->subjectJSLen = strLen; cert->subjectJSEnc = b; } - #endif /* WOLFSSL_CERT_GEN */ + #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */ #if (defined(OPENSSL_EXTRA) || \ defined(OPENSSL_EXTRA_X509_SMALL)) \ && !defined(WOLFCRYPT_ONLY) @@ -11638,12 +11705,18 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, copy = WOLFSSL_EMAIL_ADDR; } - #ifdef WOLFSSL_CERT_GEN + #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) if (nameType == SUBJECT) { cert->subjectEmail = (char*)&input[srcIdx]; cert->subjectEmailLen = strLen; } - #endif /* WOLFSSL_CERT_GEN */ + #if defined(WOLFSSL_HAVE_ISSUER_NAMES) + else if (nameType == ISSUER) { + cert->issuerEmail = (char*)&input[srcIdx]; + cert->issuerEmailLen = strLen; + } + #endif /* WOLFSSL_HAVE_ISSUER_NAMES */ + #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */ #if (defined(OPENSSL_EXTRA) || \ defined(OPENSSL_EXTRA_X509_SMALL)) \ && !defined(WOLFCRYPT_ONLY) diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index bf80d7ad0..e2973eb12 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -1607,6 +1607,34 @@ struct DecodedCert { char subjectPCEnc; char* subjectEmail; int subjectEmailLen; +#if defined(WOLFSSL_HAVE_ISSUER_NAMES) + char* issuerCN; + int issuerCNLen; + char issuerCNEnc; + char* issuerSN; + int issuerSNLen; + char issuerSNEnc; + char* issuerC; + int issuerCLen; + char issuerCEnc; + char* issuerL; + int issuerLLen; + char issuerLEnc; + char* issuerST; + int issuerSTLen; + char issuerSTEnc; + char* issuerO; + int issuerOLen; + char issuerOEnc; + char* issuerOU; + int issuerOULen; + char issuerOUEnc; + char* issuerSND; + int issuerSNDLen; + char issuerSNDEnc; + char* issuerEmail; + int issuerEmailLen; +#endif /* WOLFSSL_HAVE_ISSUER_NAMES */ #endif /* defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) */ #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) /* WOLFSSL_X509_NAME structures (used void* to avoid including ssl.h) */