diff --git a/src/x509.c b/src/x509.c index 144731f7d..5ce7f3a10 100644 --- a/src/x509.c +++ b/src/x509.c @@ -10500,6 +10500,7 @@ static int ConvertNIDToWolfSSL(int nid) case NID_organizationName: return ASN_ORG_NAME; case NID_organizationalUnitName: return ASN_ORGUNIT_NAME; case NID_emailAddress: return ASN_EMAIL_NAME; + case NID_pkcs9_contentType: return ASN_CONTENT_TYPE; case NID_serialNumber: return ASN_SERIAL_NUMBER; case NID_userId: return ASN_USER_ID; case NID_businessCategory: return ASN_BUS_CAT; @@ -12631,6 +12632,10 @@ static int get_dn_attr_by_nid(int n, const char** buf) str = "DC"; len = 2; break; + case NID_pkcs9_contentType: + str = "contentType"; + len = 11; + break; default: WOLFSSL_MSG("Attribute type not found"); str = NULL; diff --git a/tests/api.c b/tests/api.c index 520977ec1..a0991e231 100644 --- a/tests/api.c +++ b/tests/api.c @@ -39717,6 +39717,7 @@ static int test_wolfSSL_X509_NAME_ENTRY(void) ExpectNotNull(subject = X509_NAME_oneline(nm, 0, 0)); ExpectNotNull(XSTRSTR(subject, "favouriteDrink=tequila")); + ExpectNotNull(XSTRSTR(subject, "contentType=Server")); #ifdef DEBUG_WOLFSSL if (subject != NULL) { fprintf(stderr, "\n\t%s\n", subject); @@ -57149,7 +57150,8 @@ static int test_ECDH_compute_key(void) #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && \ !defined(NO_ASN_TIME) -static int test_openssl_make_self_signed_certificate(EVP_PKEY* pkey) +static int test_openssl_make_self_signed_certificate(EVP_PKEY* pkey, + int expectedDerSz) { EXPECT_DECLS; X509* x509 = NULL; @@ -57158,6 +57160,7 @@ static int test_openssl_make_self_signed_certificate(EVP_PKEY* pkey) time_t epoch_off = 0; ASN1_INTEGER* asn1_serial_number; long not_before, not_after; + int derSz; ExpectNotNull(x509 = X509_new()); @@ -57175,6 +57178,8 @@ static int test_openssl_make_self_signed_certificate(EVP_PKEY* pkey) ExpectIntNE(X509_NAME_add_entry_by_NID(name, NID_commonName, MBSTRING_UTF8, (unsigned char*)"www.wolfssl.com", -1, -1, 0), 0); + ExpectIntNE(X509_NAME_add_entry_by_NID(name, NID_pkcs9_contentType, + MBSTRING_UTF8,(unsigned char*)"Server", -1, -1, 0), 0); ExpectIntNE(X509_set_subject_name(x509, name), 0); ExpectIntNE(X509_set_issuer_name(x509, name), 0); @@ -57188,6 +57193,9 @@ static int test_openssl_make_self_signed_certificate(EVP_PKEY* pkey) ExpectIntNE(X509_sign(x509, pkey, EVP_sha256()), 0); + ExpectNotNull(wolfSSL_X509_get_der(x509, &derSz)); + ExpectIntGE(derSz, expectedDerSz); + BN_free(serial_number); X509_NAME_free(name); X509_free(x509); @@ -57205,6 +57213,7 @@ static int test_openssl_generate_key_and_cert(void) EC_KEY* ec_key = NULL; #endif #if !defined(NO_RSA) + int expectedDerSz; int key_length = 2048; BIGNUM* exponent = NULL; RSA* rsa = NULL; @@ -57243,11 +57252,13 @@ static int test_openssl_generate_key_and_cert(void) #if !defined(NO_CERTS) && defined(WOLFSSL_CERT_GEN) && \ defined(WOLFSSL_CERT_REQ) && !defined(NO_ASN_TIME) - ExpectIntEQ(test_openssl_make_self_signed_certificate(pkey), - TEST_SUCCESS); + expectedDerSz = 743; + ExpectIntEQ(test_openssl_make_self_signed_certificate(pkey, + expectedDerSz), TEST_SUCCESS); #endif } + (void)expectedDerSz; EVP_PKEY_free(pkey); pkey = NULL; BN_free(exponent); @@ -57269,7 +57280,9 @@ static int test_openssl_generate_key_and_cert(void) #if !defined(NO_CERTS) && defined(WOLFSSL_CERT_GEN) && \ defined(WOLFSSL_CERT_REQ) && !defined(NO_ASN_TIME) - ExpectIntEQ(test_openssl_make_self_signed_certificate(pkey), TEST_SUCCESS); + expectedDerSz = 345; + ExpectIntEQ(test_openssl_make_self_signed_certificate(pkey, expectedDerSz), + TEST_SUCCESS); #endif EVP_PKEY_free(pkey); diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 62206bb22..e225b9940 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -13194,6 +13194,18 @@ static int GetRDN(DecodedCert* cert, char* full, word32* idx, int* nid, *nid = NID_favouriteDrink; #endif } +#ifdef WOLFSSL_CERT_REQ + else if (oidSz == sizeof(attrPkcs9ContentTypeOid) && + XMEMCMP(oid, attrPkcs9ContentTypeOid, oidSz) == 0) { + /* Set the pkcs9_contentType, type string, length and NID. */ + id = ASN_CONTENT_TYPE; + typeStr = WOLFSSL_CONTENT_TYPE; + typeStrLen = sizeof(WOLFSSL_CONTENT_TYPE) - 1; + #ifdef WOLFSSL_X509_NAME_AVAILABLE + *nid = NID_pkcs9_contentType; + #endif + } +#endif /* Other OIDs that start with the same values. */ else if (oidSz == sizeof(dcOid) && XMEMCMP(oid, dcOid, oidSz-1) == 0) { WOLFSSL_MSG("Unknown pilot attribute type"); @@ -13845,7 +13857,6 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, nid = NID_userId; #endif /* OPENSSL_EXTRA */ break; - case ASN_DOMAIN_COMPONENT: copy = WOLFSSL_DOMAIN_COMPONENT; copyLen = sizeof(WOLFSSL_DOMAIN_COMPONENT) - 1; @@ -13864,7 +13875,15 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, nid = NID_favouriteDrink; #endif /* OPENSSL_EXTRA */ break; - + case ASN_CONTENT_TYPE: + copy = WOLFSSL_CONTENT_TYPE; + copyLen = sizeof(WOLFSSL_CONTENT_TYPE) - 1; + #if (defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL)) \ + && !defined(WOLFCRYPT_ONLY) + nid = NID_pkcs9_contentType; + #endif /* OPENSSL_EXTRA */ + break; default: WOLFSSL_MSG("Unknown pilot attribute type"); #if (defined(OPENSSL_EXTRA) || \ @@ -26457,6 +26476,12 @@ static int EncodeName(EncodedName* name, const char* nameStr, thisLen += cname->custom.oidSz; firstSz = cname->custom.oidSz; break; + #endif + #ifdef WOLFSSL_CERT_REQ + case ASN_CONTENT_TYPE: + thisLen += (int)sizeof(attrPkcs9ContentTypeOid); + firstSz = (int)sizeof(attrPkcs9ContentTypeOid); + break; #endif default: thisLen += DN_OID_SZ; @@ -26521,6 +26546,15 @@ static int EncodeName(EncodedName* name, const char* nameStr, /* str type */ name->encoded[idx++] = nameTag; break; + #endif + #ifdef WOLFSSL_CERT_REQ + case ASN_CONTENT_TYPE: + XMEMCPY(name->encoded + idx, attrPkcs9ContentTypeOid, + sizeof(attrPkcs9ContentTypeOid)); + idx += (int)sizeof(attrPkcs9ContentTypeOid); + /* str type */ + name->encoded[idx++] = nameTag; + break; #endif default: name->encoded[idx++] = 0x55; @@ -26593,6 +26627,12 @@ static int EncodeName(EncodedName* name, const char* nameStr, oid = cname->custom.oid; oidSz = cname->custom.oidSz; break; + #endif + #ifdef WOLFSSL_CERT_REQ + case ASN_CONTENT_TYPE: + oid = attrPkcs9ContentTypeOid; + oidSz = sizeof(attrPkcs9ContentTypeOid); + break; #endif default: /* Construct OID using type. */ diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index abad111ec..0a386d454 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -710,8 +710,10 @@ enum DN_Tags { ASN_DNQUALIFIER = 0x2e, /* dnQualifier */ #endif /* WOLFSSL_CERT_NAME_ALL */ - ASN_EMAIL_NAME = 0x98, /* not actual OID (see attrEmailOid) */ - ASN_CUSTOM_NAME = 0x99, /* not actual OID (see CertOidField) */ + + ASN_CONTENT_TYPE = 0x97, /* not actual OID (see attrPkcs9ContentTypeOid) */ + ASN_EMAIL_NAME = 0x98, /* not actual OID (see attrEmailOid) */ + ASN_CUSTOM_NAME = 0x99, /* not actual OID (see CertOidField) */ /* pilot attribute types * OID values of 0.9.2342.19200300.100.1.* */ @@ -768,6 +770,7 @@ extern const WOLFSSL_ObjectInfo wolfssl_object_info[]; #define WOLFSSL_USER_ID "/UID=" #define WOLFSSL_DOMAIN_COMPONENT "/DC=" #define WOLFSSL_FAVOURITE_DRINK "/favouriteDrink=" +#define WOLFSSL_CONTENT_TYPE "/contentType=" #if defined(WOLFSSL_APACHE_HTTPD) /* otherName strings */