wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-31 19:24:42 +02:00
Code Issues Packages Projects Releases Wiki Activity

ASN.1 template: store issuer common name

Browse Source 
Under certain configurations the certificate issuer's common name is
kept in a DecodedCert. Wasn't implemented in ASN.1 template code.
This commit is contained in:
Sean Parkinson
2024-03-14 08:41:30 +10:00
parent 924c0fd911
commit 84c42f4a4e
1 changed files with 164 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

164
wolfcrypt/src/asn.c
View File

@@ -12661,6 +12661,17 @@ static int GetHashId(const byte* id, int length, byte* hash, int hashAlg)
(((id) - 3) >= 0 && ((id) - 3) < certNameSubjectSz && \ (((id) - 3) >= 0 && ((id) - 3) < certNameSubjectSz && \
(certNameSubject[(id) - 3].strLen > 0)) (certNameSubject[(id) - 3].strLen > 0))
/* Set the string for a name component into the issuer name. */
#define SetCertNameIssuer(cert, id, val) \
*((char**)(((byte *)(cert)) + certNameSubject[(id) - 3].dataI)) = (val)
/* Set the string length for a name component into the issuer name. */
#define SetCertNameIssuerLen(cert, id, val) \
*((int*)(((byte *)(cert)) + certNameSubject[(id) - 3].lenI)) = (int)(val)
/* Set the encoding for a name component into the issuer name. */
#define SetCertNameIssuerEnc(cert, id, val) \
*((byte*)(((byte *)(cert)) + certNameSubject[(id) - 3].encI)) = (val)
/* Mapping of certificate name component to useful information. */ /* Mapping of certificate name component to useful information. */
typedef struct CertNameData { typedef struct CertNameData {
/* Type string of name component. */ /* Type string of name component. */
@@ -12674,6 +12685,14 @@ typedef struct CertNameData {
size_t len; size_t len;
/* Offset of encoding in subject name component. */ /* Offset of encoding in subject name component. */
size_t enc; size_t enc;
#ifdef WOLFSSL_HAVE_ISSUER_NAMES
/* Offset of data in subject name component. */
size_t dataI;
/* Offset of length in subject name component. */
size_t lenI;
/* Offset of encoding in subject name component. */
size_t encI;
#endif
#endif #endif
#ifdef WOLFSSL_X509_NAME_AVAILABLE #ifdef WOLFSSL_X509_NAME_AVAILABLE
/* NID of type for subject name component. */ /* NID of type for subject name component. */
@@ -12690,6 +12709,11 @@ static const CertNameData certNameSubject[] = {
OFFSETOF(DecodedCert, subjectCN), OFFSETOF(DecodedCert, subjectCN),
OFFSETOF(DecodedCert, subjectCNLen), OFFSETOF(DecodedCert, subjectCNLen),
OFFSETOF(DecodedCert, subjectCNEnc), OFFSETOF(DecodedCert, subjectCNEnc),
#ifdef WOLFSSL_HAVE_ISSUER_NAMES
OFFSETOF(DecodedCert, issuerCN),
OFFSETOF(DecodedCert, issuerCNLen),
OFFSETOF(DecodedCert, issuerCNEnc),
#endif
#endif #endif
#ifdef WOLFSSL_X509_NAME_AVAILABLE #ifdef WOLFSSL_X509_NAME_AVAILABLE
NID_commonName NID_commonName
@@ -12702,6 +12726,11 @@ static const CertNameData certNameSubject[] = {
OFFSETOF(DecodedCert, subjectSN), OFFSETOF(DecodedCert, subjectSN),
OFFSETOF(DecodedCert, subjectSNLen), OFFSETOF(DecodedCert, subjectSNLen),
OFFSETOF(DecodedCert, subjectSNEnc), OFFSETOF(DecodedCert, subjectSNEnc),
#ifdef WOLFSSL_HAVE_ISSUER_NAMES
OFFSETOF(DecodedCert, issuerSN),
OFFSETOF(DecodedCert, issuerSNLen),
OFFSETOF(DecodedCert, issuerSNEnc),
#endif
#endif #endif
#ifdef WOLFSSL_X509_NAME_AVAILABLE #ifdef WOLFSSL_X509_NAME_AVAILABLE
NID_surname NID_surname
@@ -12714,6 +12743,11 @@ static const CertNameData certNameSubject[] = {
OFFSETOF(DecodedCert, subjectSND), OFFSETOF(DecodedCert, subjectSND),
OFFSETOF(DecodedCert, subjectSNDLen), OFFSETOF(DecodedCert, subjectSNDLen),
OFFSETOF(DecodedCert, subjectSNDEnc), OFFSETOF(DecodedCert, subjectSNDEnc),
#ifdef WOLFSSL_HAVE_ISSUER_NAMES
OFFSETOF(DecodedCert, issuerSND),
OFFSETOF(DecodedCert, issuerSNDLen),
OFFSETOF(DecodedCert, issuerSNDEnc),
#endif
#endif #endif
#ifdef WOLFSSL_X509_NAME_AVAILABLE #ifdef WOLFSSL_X509_NAME_AVAILABLE
NID_serialNumber NID_serialNumber
@@ -12726,6 +12760,11 @@ static const CertNameData certNameSubject[] = {
OFFSETOF(DecodedCert, subjectC), OFFSETOF(DecodedCert, subjectC),
OFFSETOF(DecodedCert, subjectCLen), OFFSETOF(DecodedCert, subjectCLen),
OFFSETOF(DecodedCert, subjectCEnc), OFFSETOF(DecodedCert, subjectCEnc),
#ifdef WOLFSSL_HAVE_ISSUER_NAMES
OFFSETOF(DecodedCert, issuerC),
OFFSETOF(DecodedCert, issuerCLen),
OFFSETOF(DecodedCert, issuerCEnc),
#endif
#endif #endif
#ifdef WOLFSSL_X509_NAME_AVAILABLE #ifdef WOLFSSL_X509_NAME_AVAILABLE
NID_countryName NID_countryName
@@ -12738,6 +12777,11 @@ static const CertNameData certNameSubject[] = {
OFFSETOF(DecodedCert, subjectL), OFFSETOF(DecodedCert, subjectL),
OFFSETOF(DecodedCert, subjectLLen), OFFSETOF(DecodedCert, subjectLLen),
OFFSETOF(DecodedCert, subjectLEnc), OFFSETOF(DecodedCert, subjectLEnc),
#ifdef WOLFSSL_HAVE_ISSUER_NAMES
OFFSETOF(DecodedCert, issuerL),
OFFSETOF(DecodedCert, issuerLLen),
OFFSETOF(DecodedCert, issuerLEnc),
#endif
#endif #endif
#ifdef WOLFSSL_X509_NAME_AVAILABLE #ifdef WOLFSSL_X509_NAME_AVAILABLE
NID_localityName NID_localityName
@@ -12750,6 +12794,11 @@ static const CertNameData certNameSubject[] = {
OFFSETOF(DecodedCert, subjectST), OFFSETOF(DecodedCert, subjectST),
OFFSETOF(DecodedCert, subjectSTLen), OFFSETOF(DecodedCert, subjectSTLen),
OFFSETOF(DecodedCert, subjectSTEnc), OFFSETOF(DecodedCert, subjectSTEnc),
#ifdef WOLFSSL_HAVE_ISSUER_NAMES
OFFSETOF(DecodedCert, issuerST),
OFFSETOF(DecodedCert, issuerSTLen),
OFFSETOF(DecodedCert, issuerSTEnc),
#endif
#endif #endif
#ifdef WOLFSSL_X509_NAME_AVAILABLE #ifdef WOLFSSL_X509_NAME_AVAILABLE
NID_stateOrProvinceName NID_stateOrProvinceName
@@ -12762,6 +12811,11 @@ static const CertNameData certNameSubject[] = {
OFFSETOF(DecodedCert, subjectStreet), OFFSETOF(DecodedCert, subjectStreet),
OFFSETOF(DecodedCert, subjectStreetLen), OFFSETOF(DecodedCert, subjectStreetLen),
OFFSETOF(DecodedCert, subjectStreetEnc), OFFSETOF(DecodedCert, subjectStreetEnc),
#ifdef WOLFSSL_HAVE_ISSUER_NAMES
0,
0,
0,
#endif
#endif #endif
#ifdef WOLFSSL_X509_NAME_AVAILABLE #ifdef WOLFSSL_X509_NAME_AVAILABLE
NID_streetAddress NID_streetAddress
@@ -12774,6 +12828,11 @@ static const CertNameData certNameSubject[] = {
OFFSETOF(DecodedCert, subjectO), OFFSETOF(DecodedCert, subjectO),
OFFSETOF(DecodedCert, subjectOLen), OFFSETOF(DecodedCert, subjectOLen),
OFFSETOF(DecodedCert, subjectOEnc), OFFSETOF(DecodedCert, subjectOEnc),
#ifdef WOLFSSL_HAVE_ISSUER_NAMES
OFFSETOF(DecodedCert, issuerO),
OFFSETOF(DecodedCert, issuerOLen),
OFFSETOF(DecodedCert, issuerOEnc),
#endif
#endif #endif
#ifdef WOLFSSL_X509_NAME_AVAILABLE #ifdef WOLFSSL_X509_NAME_AVAILABLE
NID_organizationName NID_organizationName
@@ -12786,6 +12845,11 @@ static const CertNameData certNameSubject[] = {
OFFSETOF(DecodedCert, subjectOU), OFFSETOF(DecodedCert, subjectOU),
OFFSETOF(DecodedCert, subjectOULen), OFFSETOF(DecodedCert, subjectOULen),
OFFSETOF(DecodedCert, subjectOUEnc), OFFSETOF(DecodedCert, subjectOUEnc),
#ifdef WOLFSSL_HAVE_ISSUER_NAMES
OFFSETOF(DecodedCert, issuerOU),
OFFSETOF(DecodedCert, issuerOULen),
OFFSETOF(DecodedCert, issuerOUEnc),
#endif
#endif #endif
#ifdef WOLFSSL_X509_NAME_AVAILABLE #ifdef WOLFSSL_X509_NAME_AVAILABLE
NID_organizationalUnitName NID_organizationalUnitName
@@ -12798,6 +12862,11 @@ static const CertNameData certNameSubject[] = {
0, 0,
0, 0,
0, 0,
#ifdef WOLFSSL_HAVE_ISSUER_NAMES
0,
0,
0,
#endif
#endif #endif
#ifdef WOLFSSL_X509_NAME_AVAILABLE #ifdef WOLFSSL_X509_NAME_AVAILABLE
0, 0,
@@ -12810,6 +12879,11 @@ static const CertNameData certNameSubject[] = {
0, 0,
0, 0,
0, 0,
#ifdef WOLFSSL_HAVE_ISSUER_NAMES
0,
0,
0,
#endif
#endif #endif
#ifdef WOLFSSL_X509_NAME_AVAILABLE #ifdef WOLFSSL_X509_NAME_AVAILABLE
0, 0,
@@ -12822,6 +12896,11 @@ static const CertNameData certNameSubject[] = {
0, 0,
0, 0,
0, 0,
#ifdef WOLFSSL_HAVE_ISSUER_NAMES
0,
0,
0,
#endif
#endif #endif
#ifdef WOLFSSL_X509_NAME_AVAILABLE #ifdef WOLFSSL_X509_NAME_AVAILABLE
0, 0,
@@ -12834,6 +12913,11 @@ static const CertNameData certNameSubject[] = {
OFFSETOF(DecodedCert, subjectBC), OFFSETOF(DecodedCert, subjectBC),
OFFSETOF(DecodedCert, subjectBCLen), OFFSETOF(DecodedCert, subjectBCLen),
OFFSETOF(DecodedCert, subjectBCEnc), OFFSETOF(DecodedCert, subjectBCEnc),
#ifdef WOLFSSL_HAVE_ISSUER_NAMES
0,
0,
0,
#endif
#endif #endif
#ifdef WOLFSSL_X509_NAME_AVAILABLE #ifdef WOLFSSL_X509_NAME_AVAILABLE
NID_businessCategory NID_businessCategory
@@ -12846,6 +12930,11 @@ static const CertNameData certNameSubject[] = {
0, 0,
0, 0,
0, 0,
#ifdef WOLFSSL_HAVE_ISSUER_NAMES
0,
0,
0,
#endif
#endif #endif
#ifdef WOLFSSL_X509_NAME_AVAILABLE #ifdef WOLFSSL_X509_NAME_AVAILABLE
0, 0,
@@ -12858,6 +12947,11 @@ static const CertNameData certNameSubject[] = {
OFFSETOF(DecodedCert, subjectPC), OFFSETOF(DecodedCert, subjectPC),
OFFSETOF(DecodedCert, subjectPCLen), OFFSETOF(DecodedCert, subjectPCLen),
OFFSETOF(DecodedCert, subjectPCEnc), OFFSETOF(DecodedCert, subjectPCEnc),
#ifdef WOLFSSL_HAVE_ISSUER_NAMES
0,
0,
0,
#endif
#endif #endif
#ifdef WOLFSSL_X509_NAME_AVAILABLE #ifdef WOLFSSL_X509_NAME_AVAILABLE
NID_postalCode NID_postalCode
@@ -12870,6 +12964,11 @@ static const CertNameData certNameSubject[] = {
OFFSETOF(DecodedCert, subjectUID), OFFSETOF(DecodedCert, subjectUID),
OFFSETOF(DecodedCert, subjectUIDLen), OFFSETOF(DecodedCert, subjectUIDLen),
OFFSETOF(DecodedCert, subjectUIDEnc), OFFSETOF(DecodedCert, subjectUIDEnc),
#ifdef WOLFSSL_HAVE_ISSUER_NAMES
0,
0,
0,
#endif
#endif #endif
#ifdef WOLFSSL_X509_NAME_AVAILABLE #ifdef WOLFSSL_X509_NAME_AVAILABLE
NID_userId NID_userId
@@ -12883,6 +12982,11 @@ static const CertNameData certNameSubject[] = {
OFFSETOF(DecodedCert, subjectN), OFFSETOF(DecodedCert, subjectN),
OFFSETOF(DecodedCert, subjectNLen), OFFSETOF(DecodedCert, subjectNLen),
OFFSETOF(DecodedCert, subjectNEnc), OFFSETOF(DecodedCert, subjectNEnc),
#ifdef WOLFSSL_HAVE_ISSUER_NAMES
0,
0,
0,
#endif
#endif #endif
#ifdef WOLFSSL_X509_NAME_AVAILABLE #ifdef WOLFSSL_X509_NAME_AVAILABLE
NID_name NID_name
@@ -12895,6 +12999,11 @@ static const CertNameData certNameSubject[] = {
OFFSETOF(DecodedCert, subjectGN), OFFSETOF(DecodedCert, subjectGN),
OFFSETOF(DecodedCert, subjectGNLen), OFFSETOF(DecodedCert, subjectGNLen),
OFFSETOF(DecodedCert, subjectGNEnc), OFFSETOF(DecodedCert, subjectGNEnc),
#ifdef WOLFSSL_HAVE_ISSUER_NAMES
0,
0,
0,
#endif
#endif #endif
#ifdef WOLFSSL_X509_NAME_AVAILABLE #ifdef WOLFSSL_X509_NAME_AVAILABLE
NID_givenName NID_givenName
@@ -12907,6 +13016,11 @@ static const CertNameData certNameSubject[] = {
OFFSETOF(DecodedCert, subjectI), OFFSETOF(DecodedCert, subjectI),
OFFSETOF(DecodedCert, subjectILen), OFFSETOF(DecodedCert, subjectILen),
OFFSETOF(DecodedCert, subjectIEnc), OFFSETOF(DecodedCert, subjectIEnc),
#ifdef WOLFSSL_HAVE_ISSUER_NAMES
0,
0,
0,
#endif
#endif #endif
#ifdef WOLFSSL_X509_NAME_AVAILABLE #ifdef WOLFSSL_X509_NAME_AVAILABLE
NID_initials NID_initials
@@ -12919,6 +13033,11 @@ static const CertNameData certNameSubject[] = {
OFFSETOF(DecodedCert, subjectDNQ), OFFSETOF(DecodedCert, subjectDNQ),
OFFSETOF(DecodedCert, subjectDNQLen), OFFSETOF(DecodedCert, subjectDNQLen),
OFFSETOF(DecodedCert, subjectDNQEnc), OFFSETOF(DecodedCert, subjectDNQEnc),
#ifdef WOLFSSL_HAVE_ISSUER_NAMES
0,
0,
0,
#endif
#endif #endif
#ifdef WOLFSSL_X509_NAME_AVAILABLE #ifdef WOLFSSL_X509_NAME_AVAILABLE
NID_dnQualifier NID_dnQualifier
@@ -12930,6 +13049,7 @@ static const CertNameData certNameSubject[] = {
static const int certNameSubjectSz = static const int certNameSubjectSz =
(int) (sizeof(certNameSubject) / sizeof(CertNameData)); (int) (sizeof(certNameSubject) / sizeof(CertNameData));
/* ASN.1 template for an RDN. /* ASN.1 template for an RDN.
* X.509: RFC 5280, 4.1.2.4 - RelativeDistinguishedName * X.509: RFC 5280, 4.1.2.4 - RelativeDistinguishedName
*/ */
@@ -13270,6 +13390,43 @@ static int SetSubject(DecodedCert* cert, int id, byte* str, int strLen,
return ret; return ret;
} }
#if (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)) && \
defined(WOLFSSL_HAVE_ISSUER_NAMES)
/* Set the details of an issuer name component into a certificate.
*
* @param [in, out] cert Certificate object.
* @param [in] id Id of component.
* @param [in] str String for component.
* @param [in] strLen Length of string.
* @param [in] tag BER tag representing encoding of string.
* @return 0 on success, negative values on failure.
*/
static int SetIssuer(DecodedCert* cert, int id, byte* str, int strLen,
byte tag)
{
int ret = 0;
/* Put string and encoding into certificate. */
if (id == ASN_COMMON_NAME) {
cert->issuerCN = (char *)str;
cert->issuerCNLen = (int)strLen;
cert->issuerCNEnc = (char)tag;
}
else if (id > ASN_COMMON_NAME && id <= ASN_USER_ID) {
/* Use table and offsets to put data into appropriate fields. */
SetCertNameIssuer(cert, id, (char*)str);
SetCertNameIssuerLen(cert, id, strLen);
SetCertNameIssuerEnc(cert, id, tag);
}
else if (id == ASN_EMAIL) {
cert->issuerEmail = (char*)str;
cert->issuerEmailLen = strLen;
}
return ret;
}
#endif
/* Get a RelativeDistinguishedName from the encoding and put in certificate. /* Get a RelativeDistinguishedName from the encoding and put in certificate.
* *
* @param [in, out] cert Certificate object. * @param [in, out] cert Certificate object.
@@ -13402,6 +13559,13 @@ static int GetRDN(DecodedCert* cert, char* full, word32* idx, int* nid,
/* Store subject field components. */ /* Store subject field components. */
ret = SetSubject(cert, id, str, (int)strLen, tag); ret = SetSubject(cert, id, str, (int)strLen, tag);
} }
#if (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)) && \
defined(WOLFSSL_HAVE_ISSUER_NAMES)
/* Put issuer common name string and encoding into certificate. */
else {
ret = SetIssuer(cert, id, str, (int)strLen, tag);
}
#endif
if (ret == 0) { if (ret == 0) {
/* Check there is space for this in the full name string and /* Check there is space for this in the full name string and
* terminating NUL character. */ * terminating NUL character. */