forked from wolfSSL/wolfssl
add WOLFSSL_CERT_NAME_ALL macro guard and new values to set subject
This commit is contained in:
JacobBarthelmeh
@@ -830,6 +830,9 @@ then
|
||||
|
||||
# Certificate extensions and alt. names for FPKI use
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SUBJ_DIR_ATTR -DWOLFSSL_FPKI -DWOLFSSL_SUBJ_INFO_ACC"
|
||||
|
||||
# Handle as many subject/issuer name OIDs as possible
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_NAME_ALL"
|
||||
fi
|
||||
|
||||
|
||||
@@ -7450,7 +7453,7 @@ then
|
||||
fi
|
||||
|
||||
AS_IF([test "x$ENABLED_OPENSSLALL" = "xyes"],
|
||||
[AM_CFLAGS="$AM_CFLAGS -DOPENSSL_ALL -DWOLFSSL_EITHER_SIDE -DWC_RSA_NO_PADDING -DWC_RSA_PSS -DWOLFSSL_PSS_LONG_SALT -DWOLFSSL_TICKET_HAVE_ID -DWOLFSSL_ERROR_CODE_OPENSSL"])
|
||||
[AM_CFLAGS="$AM_CFLAGS -DOPENSSL_ALL -DWOLFSSL_EITHER_SIDE -DWC_RSA_NO_PADDING -DWC_RSA_PSS -DWOLFSSL_PSS_LONG_SALT -DWOLFSSL_TICKET_HAVE_ID -DWOLFSSL_ERROR_CODE_OPENSSL -DWOLFSSL_CERT_NAME_ALL"])
|
||||
|
||||
AS_IF([test "x$ENABLED_AESSIV" = "xyes"], [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_SIV"])
|
||||
|
||||
|
||||
@@ -9403,10 +9403,12 @@ static int ConvertNIDToWolfSSL(int nid)
|
||||
{
|
||||
switch (nid) {
|
||||
case NID_commonName : return ASN_COMMON_NAME;
|
||||
#ifdef WOLFSSL_CERT_NAME_ALL
|
||||
case NID_name : return ASN_NAME;
|
||||
case NID_givenName: return ASN_GIVEN_NAME;
|
||||
case NID_dnQualifier : return ASN_DNQUALIFIER;
|
||||
case NID_initials: return ASN_INITIALS;
|
||||
#endif /* WOLFSSL_CERT_NAME_ALL */
|
||||
case NID_surname : return ASN_SUR_NAME;
|
||||
case NID_countryName: return ASN_COUNTRY_NAME;
|
||||
case NID_localityName: return ASN_LOCALITY_NAME;
|
||||
|
||||
@@ -84,6 +84,9 @@ ASN Options:
|
||||
extension.
|
||||
* WOLFSSL_SUBJ_INFO_ACC: Enable support for SubjectInfoAccess extension.
|
||||
* WOLFSSL_FPKI: Enable support for FPKI (Federal PKI) extensions.
|
||||
* WOLFSSL_CERT_NAME_ALL: Adds more certificate name capability at the
|
||||
cost of taking up more memory. Adds initials, givenname, dnQualifer for
|
||||
example.
|
||||
*/
|
||||
|
||||
#ifndef NO_ASN
|
||||
@@ -9956,10 +9959,12 @@ void InitDecodedCert(DecodedCert* cert,
|
||||
cert->heap = heap;
|
||||
cert->maxPathLen = WOLFSSL_MAX_PATH_LEN;
|
||||
#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
|
||||
#ifdef WOLFSSL_CERT_NAME_ALL
|
||||
cert->subjectNEnc = CTC_UTF8;
|
||||
cert->subjectIEnc = CTC_UTF8;
|
||||
cert->subjectDNQEnc = CTC_UTF8;
|
||||
cert->subjectGNEnc = CTC_UTF8;
|
||||
#endif
|
||||
cert->subjectSNEnc = CTC_UTF8;
|
||||
cert->subjectCEnc = CTC_PRINTABLE;
|
||||
cert->subjectLEnc = CTC_UTF8;
|
||||
@@ -10702,10 +10707,12 @@ int wc_OBJ_sn2nid(const char *sn)
|
||||
{WOLFSSL_STATE_NAME, NID_stateOrProvinceName},
|
||||
{WOLFSSL_ORG_NAME, NID_organizationName},
|
||||
{WOLFSSL_ORGUNIT_NAME, NID_organizationalUnitName},
|
||||
#ifdef WOLFSSL_CERT_NAME_ALL
|
||||
{WOLFSSL_NAME, NID_name},
|
||||
{WOLFSSL_INITIALS, NID_initials},
|
||||
{WOLFSSL_GIVEN_NAME, NID_givenName},
|
||||
{WOLFSSL_DNQUALIFIER, NID_dnQualifier},
|
||||
#endif
|
||||
{WOLFSSL_EMAIL_ADDR, NID_emailAddress},
|
||||
{"SHA1", NID_sha1},
|
||||
{NULL, -1}};
|
||||
@@ -11054,54 +11061,56 @@ static const CertNameData certNameSubject[] = {
|
||||
NID_userId
|
||||
#endif
|
||||
},
|
||||
#ifdef WOLFSSL_CERT_NAME_ALL
|
||||
/* Name, id 41 */
|
||||
{
|
||||
"/N=", 3,
|
||||
#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
|
||||
#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
|
||||
OFFSETOF(DecodedCert, subjectN),
|
||||
OFFSETOF(DecodedCert, subjectNLen),
|
||||
OFFSETOF(DecodedCert, subjectNEnc),
|
||||
#endif
|
||||
#ifdef WOLFSSL_X509_NAME_AVAILABLE
|
||||
#endif
|
||||
#ifdef WOLFSSL_X509_NAME_AVAILABLE
|
||||
NID_name
|
||||
#endif
|
||||
#endif
|
||||
},
|
||||
/* Given Name, id 42 */
|
||||
{
|
||||
"/GN=", 4,
|
||||
#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
|
||||
#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
|
||||
OFFSETOF(DecodedCert, subjectGN),
|
||||
OFFSETOF(DecodedCert, subjectGNLen),
|
||||
OFFSETOF(DecodedCert, subjectGNEnc),
|
||||
#endif
|
||||
#ifdef WOLFSSL_X509_NAME_AVAILABLE
|
||||
#endif
|
||||
#ifdef WOLFSSL_X509_NAME_AVAILABLE
|
||||
NID_givenName
|
||||
#endif
|
||||
#endif
|
||||
},
|
||||
/* initials, id 43 */
|
||||
{
|
||||
"/initials=", 10,
|
||||
#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
|
||||
#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
|
||||
OFFSETOF(DecodedCert, subjectI),
|
||||
OFFSETOF(DecodedCert, subjectILen),
|
||||
OFFSETOF(DecodedCert, subjectIEnc),
|
||||
#endif
|
||||
#ifdef WOLFSSL_X509_NAME_AVAILABLE
|
||||
#endif
|
||||
#ifdef WOLFSSL_X509_NAME_AVAILABLE
|
||||
NID_initials
|
||||
#endif
|
||||
#endif
|
||||
},
|
||||
/* DN Qualifier Name, id 46 */
|
||||
{
|
||||
"/dnQualifier=", 13,
|
||||
#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
|
||||
#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
|
||||
OFFSETOF(DecodedCert, subjectDNQ),
|
||||
OFFSETOF(DecodedCert, subjectDNQLen),
|
||||
OFFSETOF(DecodedCert, subjectDNQEnc),
|
||||
#endif
|
||||
#ifdef WOLFSSL_X509_NAME_AVAILABLE
|
||||
#endif
|
||||
#ifdef WOLFSSL_X509_NAME_AVAILABLE
|
||||
NID_dnQualifier
|
||||
#endif
|
||||
#endif
|
||||
},
|
||||
#endif /* WOLFSSL_CERT_NAME_ALL */
|
||||
};
|
||||
|
||||
static const int certNameSubjectSz =
|
||||
@@ -11637,6 +11646,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
|
||||
nid = NID_commonName;
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
}
|
||||
#ifdef WOLFSSL_CERT_NAME_ALL
|
||||
else if (id == ASN_NAME) {
|
||||
copy = WOLFSSL_NAME;
|
||||
copyLen = sizeof(WOLFSSL_NAME) - 1;
|
||||
@@ -11701,6 +11711,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
|
||||
nid = NID_dnQualifier;
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
}
|
||||
#endif /* WOLFSSL_CERT_NAME_ALL */
|
||||
else if (id == ASN_SUR_NAME) {
|
||||
copy = WOLFSSL_SUR_NAME;
|
||||
copyLen = sizeof(WOLFSSL_SUR_NAME) - 1;
|
||||
@@ -22803,10 +22814,12 @@ static const byte nameOid[][NAME_OID_SZ] = {
|
||||
{ 0x55, 0x04, ASN_STATE_NAME },
|
||||
{ 0x55, 0x04, ASN_STREET_ADDR },
|
||||
{ 0x55, 0x04, ASN_LOCALITY_NAME },
|
||||
#ifdef WOLFSSL_CERT_NAME_ALL
|
||||
{ 0x55, 0x04, ASN_NAME },
|
||||
{ 0x55, 0x04, ASN_GIVEN_NAME },
|
||||
{ 0x55, 0x04, ASN_INITIALS },
|
||||
{ 0x55, 0x04, ASN_DNQUALIFIER },
|
||||
#endif
|
||||
{ 0x55, 0x04, ASN_SUR_NAME },
|
||||
{ 0x55, 0x04, ASN_ORG_NAME },
|
||||
{ 0x00, 0x00, ASN_DOMAIN_COMPONENT}, /* not actual OID - see dcOid */
|
||||
@@ -22848,6 +22861,7 @@ const char* GetOneCertName(CertName* name, int idx)
|
||||
return name->street;
|
||||
case ASN_LOCALITY_NAME:
|
||||
return name->locality;
|
||||
#ifdef WOLFSSL_CERT_NAME_ALL
|
||||
case ASN_NAME:
|
||||
return name->dnName;
|
||||
case ASN_GIVEN_NAME:
|
||||
@@ -22856,6 +22870,7 @@ const char* GetOneCertName(CertName* name, int idx)
|
||||
return name->initials;
|
||||
case ASN_DNQUALIFIER:
|
||||
return name->dnQualifier;
|
||||
#endif /* WOLFSSL_CERT_NAME_ALL */
|
||||
case ASN_SUR_NAME:
|
||||
return name->sur;
|
||||
case ASN_ORG_NAME:
|
||||
@@ -22899,6 +22914,7 @@ static char GetNameType(CertName* name, int idx)
|
||||
return name->streetEnc;
|
||||
case ASN_LOCALITY_NAME:
|
||||
return name->localityEnc;
|
||||
#ifdef WOLFSSL_CERT_NAME_ALL
|
||||
case ASN_NAME:
|
||||
return name->dnNameEnc;
|
||||
case ASN_GIVEN_NAME:
|
||||
@@ -22907,6 +22923,7 @@ static char GetNameType(CertName* name, int idx)
|
||||
return name->initialsEnc;
|
||||
case ASN_DNQUALIFIER:
|
||||
return name->dnQualifierEnc;
|
||||
#endif /* WOLFSSL_CERT_NAME_ALL */
|
||||
case ASN_SUR_NAME:
|
||||
return name->surEnc;
|
||||
case ASN_ORG_NAME:
|
||||
@@ -27646,13 +27663,6 @@ static void SetNameFromDcert(CertName* cn, DecodedCert* decoded)
|
||||
cn->unit[sz] = '\0';
|
||||
cn->unitEnc = decoded->subjectOUEnc;
|
||||
}
|
||||
if (decoded->subjectN) {
|
||||
sz = (decoded->subjectNLen < CTC_NAME_SIZE) ? decoded->subjectNLen
|
||||
: CTC_NAME_SIZE - 1;
|
||||
XSTRNCPY(cn->dnName, decoded->subjectN, sz);
|
||||
cn->dnName[sz] = '\0';
|
||||
cn->dnNameEnc = decoded->subjectNEnc;
|
||||
}
|
||||
if (decoded->subjectSN) {
|
||||
sz = (decoded->subjectSNLen < CTC_NAME_SIZE) ? decoded->subjectSNLen
|
||||
: CTC_NAME_SIZE - 1;
|
||||
@@ -27703,6 +27713,37 @@ static void SetNameFromDcert(CertName* cn, DecodedCert* decoded)
|
||||
XSTRNCPY(cn->email, decoded->subjectEmail, sz);
|
||||
cn->email[sz] = '\0';
|
||||
}
|
||||
#if defined(WOLFSSL_CERT_NAME_ALL) && \
|
||||
(defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT))
|
||||
if (decoded->subjectN) {
|
||||
sz = (decoded->subjectNLen < CTC_NAME_SIZE) ? decoded->subjectNLen
|
||||
: CTC_NAME_SIZE - 1;
|
||||
XSTRNCPY(cn->dnName, decoded->subjectN, sz);
|
||||
cn->dnName[sz] = '\0';
|
||||
cn->dnNameEnc = decoded->subjectNEnc;
|
||||
}
|
||||
if (decoded->subjectI) {
|
||||
sz = (decoded->subjectILen < CTC_NAME_SIZE) ? decoded->subjectILen
|
||||
: CTC_NAME_SIZE - 1;
|
||||
XSTRNCPY(cn->initials, decoded->subjectI, sz);
|
||||
cn->initials[sz] = '\0';
|
||||
cn->initialsEnc = decoded->subjectIEnc;
|
||||
}
|
||||
if (decoded->subjectGN) {
|
||||
sz = (decoded->subjectGNLen < CTC_NAME_SIZE) ? decoded->subjectGNLen
|
||||
: CTC_NAME_SIZE - 1;
|
||||
XSTRNCPY(cn->givenName, decoded->subjectGN, sz);
|
||||
cn->givenName[sz] = '\0';
|
||||
cn->givenNameEnc = decoded->subjectGNEnc;
|
||||
}
|
||||
if (decoded->subjectDNQ) {
|
||||
sz = (decoded->subjectDNQLen < CTC_NAME_SIZE) ? decoded->subjectDNQLen
|
||||
: CTC_NAME_SIZE - 1;
|
||||
XSTRNCPY(cn->dnQualifier, decoded->subjectDNQ, sz);
|
||||
cn->dnQualifier[sz] = '\0';
|
||||
cn->dnQualifierEnc = decoded->subjectDNQEnc;
|
||||
}
|
||||
#endif /* WOLFSSL_CERT_NAME_ALL */
|
||||
}
|
||||
|
||||
#ifndef NO_FILESYSTEM
|
||||
|
||||
@@ -674,10 +674,12 @@ enum DN_Tags {
|
||||
ASN_BUS_CAT = 0x0f, /* businessCategory */
|
||||
ASN_POSTAL_CODE = 0x11, /* postalCode */
|
||||
ASN_USER_ID = 0x12, /* UserID */
|
||||
#ifdef WOLFSSL_CERT_NAME_ALL
|
||||
ASN_NAME = 0x2a, /* name */
|
||||
ASN_GIVEN_NAME = 0x29, /* GN */
|
||||
ASN_INITIALS = 0x2b, /* initials */
|
||||
ASN_DNQUALIFIER = 0x2e, /* dnQualifier */
|
||||
#endif /* WOLFSSL_CERT_NAME_ALL */
|
||||
|
||||
ASN_EMAIL_NAME = 0x98, /* not actual OID (see attrEmailOid) */
|
||||
ASN_CUSTOM_NAME = 0x99, /* not actual OID (see CertOidField) */
|
||||
@@ -707,10 +709,12 @@ extern const WOLFSSL_ObjectInfo wolfssl_object_info[];
|
||||
#define WOLFSSL_COMMON_NAME "/CN="
|
||||
#define WOLFSSL_LN_COMMON_NAME "/commonName="
|
||||
#define WOLFSSL_SUR_NAME "/SN="
|
||||
#define WOLFSSL_NAME "/N="
|
||||
#define WOLFSSL_INITIALS "/initials="
|
||||
#define WOLFSSL_GIVEN_NAME "/GN="
|
||||
#define WOLFSSL_DNQUALIFIER "/dnQualifier="
|
||||
#ifdef WOLFSSL_CERT_NAME_ALL
|
||||
#define WOLFSSL_NAME "/N="
|
||||
#define WOLFSSL_INITIALS "/initials="
|
||||
#define WOLFSSL_GIVEN_NAME "/GN="
|
||||
#define WOLFSSL_DNQUALIFIER "/dnQualifier="
|
||||
#endif /* WOLFSSL_CERT_NAME_ALL */
|
||||
#define WOLFSSL_SERIAL_NUMBER "/serialNumber="
|
||||
#define WOLFSSL_COUNTRY_NAME "/C="
|
||||
#define WOLFSSL_LN_COUNTRY_NAME "/countryName="
|
||||
@@ -1658,6 +1662,7 @@ struct DecodedCert {
|
||||
char* subjectSN;
|
||||
int subjectSNLen;
|
||||
char subjectSNEnc;
|
||||
#ifdef WOLFSSL_CERT_NAME_ALL
|
||||
char* subjectN;
|
||||
int subjectNLen;
|
||||
char subjectNEnc;
|
||||
@@ -1670,6 +1675,7 @@ struct DecodedCert {
|
||||
char* subjectDNQ;
|
||||
int subjectDNQLen;
|
||||
char subjectDNQEnc;
|
||||
#endif /*WOLFSSL_CERT_NAME_ALL */
|
||||
char* subjectC;
|
||||
int subjectCLen;
|
||||
char subjectCEnc;
|
||||
|
||||
@@ -337,6 +337,7 @@ typedef struct CertName {
|
||||
char localityEnc;
|
||||
char sur[CTC_NAME_SIZE];
|
||||
char surEnc;
|
||||
#ifdef WOLFSSL_CERT_NAME_ALL
|
||||
char givenName[CTC_NAME_SIZE];
|
||||
char givenNameEnc;
|
||||
char initials[CTC_NAME_SIZE];
|
||||
@@ -345,6 +346,7 @@ typedef struct CertName {
|
||||
char dnQualifierEnc;
|
||||
char dnName[CTC_NAME_SIZE];
|
||||
char dnNameEnc;
|
||||
#endif /* WOLFSSL_CERT_NAME_ALL */
|
||||
char org[CTC_NAME_SIZE];
|
||||
char orgEnc;
|
||||
char unit[CTC_NAME_SIZE];
|
||||
|
||||
Reference in New Issue
Block a user