From 5dcb1ba21f172d5dd0a11eee29d8bd92e354275c Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Wed, 22 Jun 2022 17:17:14 -0600 Subject: [PATCH 1/5] remove carriage return from CONF strings --- src/conf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/conf.c b/src/conf.c index eeace783e..b4cc0eb8b 100644 --- a/src/conf.c +++ b/src/conf.c @@ -926,7 +926,7 @@ int wolfSSL_NCONF_load(WOLFSSL_CONF *conf, const char *file, long *eline) value = idx; /* Find end of value */ idx = maxIdx-1; - while (idx >= value && (*idx == ' ' || *idx == '\t')) + while (idx >= value && (*idx == ' ' || *idx == '\t' || *idx == '\r')) idx--; valueLen = (int)(idx - value + 1); From f6c4e295b11d60a82270e92f5b99517baae247b1 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Wed, 22 Jun 2022 17:28:04 -0600 Subject: [PATCH 2/5] add more subject name support and expande REQ attributes creation support --- src/ssl.c | 1 + src/x509.c | 56 +++++++ wolfcrypt/src/asn.c | 295 ++++++++++++++++++++++++++------- wolfssl/wolfcrypt/asn.h | 27 ++- wolfssl/wolfcrypt/asn_public.h | 9 + 5 files changed, 324 insertions(+), 64 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index ef8c09e35..145acbf80 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -25650,6 +25650,7 @@ const WOLFSSL_ObjectInfo wolfssl_object_info[] = { oidCsrAttrType, "contentType", "contentType" }, { NID_pkcs9_unstructuredName, UNSTRUCTURED_NAME_OID, oidCsrAttrType, "unstructuredName", "unstructuredName" }, + { NID_name, NAME_OID, oidCsrAttrType, "name", "name" }, { NID_surname, SURNAME_OID, oidCsrAttrType, "surname", "surname" }, { NID_givenName, GIVEN_NAME_OID, diff --git a/src/x509.c b/src/x509.c index c5890aea5..8fdcd96ec 100644 --- a/src/x509.c +++ b/src/x509.c @@ -8610,6 +8610,10 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref( } if (ret == WOLFSSL_SUCCESS) { + #if defined(OPENSSL_ALL) + int idx; + #endif + cert->version = req->version; cert->isCA = req->isCa; cert->basicConstSet = req->basicConstSet; @@ -8626,6 +8630,34 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref( XMEMCPY(cert->challengePw, req->challengePw, CTC_NAME_SIZE); cert->challengePwPrintableString = req->challengePw[0] != 0; + #if defined(OPENSSL_ALL) + idx = wolfSSL_X509_REQ_get_attr_by_NID(req, + NID_pkcs9_unstructuredName, -1); + if (idx != WOLFSSL_FATAL_ERROR) { + WOLFSSL_X509_ATTRIBUTE *attr; + attr = wolfSSL_X509_REQ_get_attr(req, idx); + if (attr != NULL) { + const unsigned char *attrData; + int attrDataSz; + + attrData = wolfSSL_ASN1_STRING_get0_data( + attr->value->value.asn1_string); + attrDataSz = wolfSSL_ASN1_STRING_length( + attr->value->value.asn1_string); + + /* +1 to make sure is terminated string */ + if (attrDataSz + 1 > CTC_NAME_SIZE) { + WOLFSSL_MSG("attribute size was too large to copy"); + ret = REQ_ATTRIBUTE_E; + } + else { + XMEMCPY(cert->unstructuredName, attrData, attrDataSz); + cert->unstructuredName[attrDataSz] = '\0'; + } + } + } + #endif /* OPENSSL_ALL */ + #ifdef WOLFSSL_ALT_NAMES cert->altNamesSz = FlattenAltNames(cert->altNames, sizeof(cert->altNames), req->altNames); @@ -9371,6 +9403,10 @@ static int ConvertNIDToWolfSSL(int nid) { switch (nid) { case NID_commonName : return ASN_COMMON_NAME; + case NID_name : return ASN_NAME; + case NID_givenName: return ASN_GIVEN_NAME; + case NID_dnQualifier : return ASN_DNQUALIFIER; + case NID_initials: return ASN_INITIALS; case NID_surname : return ASN_SUR_NAME; case NID_countryName: return ASN_COUNTRY_NAME; case NID_localityName: return ASN_LOCALITY_NAME; @@ -11464,6 +11500,26 @@ static int get_dn_attr_by_nid(int n, const char** buf) str = "emailAddress"; len = 12; break; + case NID_surname: + str = "SN"; + len = 2; + break; + case NID_givenName: + str = "GN"; + len = 2; + break; + case NID_dnQualifier: + str = "dnQualifier"; + len = 11; + break; + case NID_name: + str = "name"; + len = 4; + break; + case NID_initials: + str = "initials"; + len = 8; + break; default: WOLFSSL_MSG("Attribute type not found"); str = NULL; diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 1f3380b73..8202f1ed6 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -9956,6 +9956,10 @@ void InitDecodedCert(DecodedCert* cert, cert->heap = heap; cert->maxPathLen = WOLFSSL_MAX_PATH_LEN; #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) + cert->subjectNEnc = CTC_UTF8; + cert->subjectIEnc = CTC_UTF8; + cert->subjectDNQEnc = CTC_UTF8; + cert->subjectGNEnc = CTC_UTF8; cert->subjectSNEnc = CTC_UTF8; cert->subjectCEnc = CTC_PRINTABLE; cert->subjectLEnc = CTC_UTF8; @@ -10864,6 +10868,54 @@ static const CertNameData certNameSubject[] = { #endif #ifdef WOLFSSL_X509_NAME_AVAILABLE NID_commonName +#endif + }, + /* Given Name */ + { + "/GN=", 4, +#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) + OFFSETOF(DecodedCert, subjectGN), + OFFSETOF(DecodedCert, subjectGNLen), + OFFSETOF(DecodedCert, subjectGNEnc), +#endif +#ifdef WOLFSSL_X509_NAME_AVAILABLE + NID_givenName +#endif + }, + /* initials */ + { + "/initials=", 10, +#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) + OFFSETOF(DecodedCert, subjectI), + OFFSETOF(DecodedCert, subjectILen), + OFFSETOF(DecodedCert, subjectIEnc), +#endif +#ifdef WOLFSSL_X509_NAME_AVAILABLE + NID_initials +#endif + }, + /* DN Qualifier Name */ + { + "/dnQualifier=", 13, +#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) + OFFSETOF(DecodedCert, subjectDNQ), + OFFSETOF(DecodedCert, subjectDNQLen), + OFFSETOF(DecodedCert, subjectDNQEnc), +#endif +#ifdef WOLFSSL_X509_NAME_AVAILABLE + NID_dnQualifier +#endif + }, + /* Name */ + { + "/N=", 3, +#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) + OFFSETOF(DecodedCert, subjectN), + OFFSETOF(DecodedCert, subjectNLen), + OFFSETOF(DecodedCert, subjectNEnc), +#endif +#ifdef WOLFSSL_X509_NAME_AVAILABLE + NID_name #endif }, /* Surname */ @@ -11581,6 +11633,70 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, nid = NID_commonName; #endif /* OPENSSL_EXTRA */ } + else if (id == ASN_NAME) { + copy = WOLFSSL_NAME; + copyLen = sizeof(WOLFSSL_NAME) - 1; + #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) + if (nameType == SUBJECT) { + cert->subjectN = (char*)&input[srcIdx]; + cert->subjectNLen = strLen; + cert->subjectNEnc = b; + } + #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */ + #if (defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL)) \ + && !defined(WOLFCRYPT_ONLY) + nid = NID_name; + #endif /* OPENSSL_EXTRA */ + } + else if (id == ASN_INITIALS) { + copy = WOLFSSL_INITIALS; + copyLen = sizeof(WOLFSSL_INITIALS) - 1; + #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) + if (nameType == SUBJECT) { + cert->subjectI = (char*)&input[srcIdx]; + cert->subjectILen = strLen; + cert->subjectIEnc = b; + } + #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */ + #if (defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL)) \ + && !defined(WOLFCRYPT_ONLY) + nid = NID_initials; + #endif /* OPENSSL_EXTRA */ + } + else if (id == ASN_GIVEN_NAME) { + copy = WOLFSSL_GIVEN_NAME; + copyLen = sizeof(WOLFSSL_GIVEN_NAME) - 1; + #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) + if (nameType == SUBJECT) { + cert->subjectGN = (char*)&input[srcIdx]; + cert->subjectGNLen = strLen; + cert->subjectGNEnc = b; + } + #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */ + #if (defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL)) \ + && !defined(WOLFCRYPT_ONLY) + nid = NID_givenName; + #endif /* OPENSSL_EXTRA */ + } + else if (id == ASN_DNQUALIFIER) { + copy = WOLFSSL_DNQUALIFIER; + copyLen = sizeof(WOLFSSL_DNQUALIFIER) - 1; + #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) + if (nameType == SUBJECT) { + cert->subjectDNQ = (char*)&input[srcIdx]; + cert->subjectDNQLen = strLen; + cert->subjectDNQEnc = b; + } + #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */ + #if (defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL)) \ + && !defined(WOLFCRYPT_ONLY) + nid = NID_dnQualifier; + #endif /* OPENSSL_EXTRA */ + } else if (id == ASN_SUR_NAME) { copy = WOLFSSL_SUR_NAME; copyLen = sizeof(WOLFSSL_SUR_NAME) - 1; @@ -22683,6 +22799,10 @@ static const byte nameOid[][NAME_OID_SZ] = { { 0x55, 0x04, ASN_STATE_NAME }, { 0x55, 0x04, ASN_STREET_ADDR }, { 0x55, 0x04, ASN_LOCALITY_NAME }, + { 0x55, 0x04, ASN_NAME }, + { 0x55, 0x04, ASN_GIVEN_NAME }, + { 0x55, 0x04, ASN_INITIALS }, + { 0x55, 0x04, ASN_DNQUALIFIER }, { 0x55, 0x04, ASN_SUR_NAME }, { 0x55, 0x04, ASN_ORG_NAME }, { 0x00, 0x00, ASN_DOMAIN_COMPONENT}, /* not actual OID - see dcOid */ @@ -22724,6 +22844,14 @@ const char* GetOneCertName(CertName* name, int idx) return name->street; case ASN_LOCALITY_NAME: return name->locality; + case ASN_NAME: + return name->name; + case ASN_GIVEN_NAME: + return name->givenName; + case ASN_INITIALS: + return name->initials; + case ASN_DNQUALIFIER: + return name->dnQualifier; case ASN_SUR_NAME: return name->sur; case ASN_ORG_NAME: @@ -22767,6 +22895,14 @@ static char GetNameType(CertName* name, int idx) return name->streetEnc; case ASN_LOCALITY_NAME: return name->localityEnc; + case ASN_NAME: + return name->nameEnc; + case ASN_GIVEN_NAME: + return name->givenNameEnc; + case ASN_INITIALS: + return name->initialsEnc; + case ASN_DNQUALIFIER: + return name->dnQualifierEnc; case ASN_SUR_NAME: return name->surEnc; case ASN_ORG_NAME: @@ -25950,79 +26086,109 @@ int wc_MakeCert(Cert* cert, byte* derBuffer, word32 derSz, RsaKey* rsaKey, #ifdef WOLFSSL_CERT_REQ #ifndef WOLFSSL_ASN_TEMPLATE -static int SetReqAttrib(byte* output, char* pw, int pwPrintableString, - int extSz) +/* return size of data set on success + * if getting size only then attr and oid should be NULL + */ +static int SetReqAttribSingle(byte* output, int* idx, char* attr, int attrSz, + const byte* oid, int oidSz, byte printable, int extSz) +{ + int totalSz = 0; + int seqSz = 0; + int setSz = 0; + int strSz = 0; + byte seq[MAX_SEQ_SZ]; + byte set[MAX_SET_SZ]; + byte str[MAX_PRSTR_SZ]; + + totalSz = SetObjectId(oidSz, NULL); + totalSz += oidSz; + if (extSz > 0) { + totalSz += setSz = SetSet(extSz, set); + totalSz += seqSz = SetSequence(totalSz + extSz, seq); + totalSz += extSz; + } + else { + if (printable) { + totalSz += strSz = SetPrintableString(attrSz, str); + } + else { + totalSz += strSz = SetUTF8String(attrSz, str); + } + totalSz += setSz = SetSet(strSz + attrSz, set); + totalSz += seqSz = SetSequence(totalSz + attrSz, seq); + totalSz += attrSz; + } + + if (oid) { + XMEMCPY(&output[*idx], seq, seqSz); + *idx += seqSz; + *idx += SetObjectId(oidSz, output + *idx); + XMEMCPY(&output[*idx], oid, oidSz); + *idx += oidSz; + XMEMCPY(&output[*idx], set, setSz); + *idx += setSz; + if (strSz > 0) { + XMEMCPY(&output[*idx], str, strSz); + *idx += strSz; + XMEMCPY(&output[*idx], attr, attrSz); + *idx += attrSz; + } + } + return totalSz; +} + + + +static int SetReqAttrib(byte* output, Cert* cert, int extSz) { int sz = 0; /* overall size */ - int cpSz = 0; /* Challenge Password section size */ - int cpSeqSz = 0; - int cpSetSz = 0; - int cpStrSz = 0; - int pwSz = 0; - int erSz = 0; /* Extension Request section size */ - int erSeqSz = 0; - int erSetSz = 0; - byte cpSeq[MAX_SEQ_SZ]; - byte cpSet[MAX_SET_SZ]; - byte cpStr[MAX_PRSTR_SZ]; - byte erSeq[MAX_SEQ_SZ]; - byte erSet[MAX_SET_SZ]; + int setSz = 0; output[0] = ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED; sz++; - if (pw && pw[0]) { - int cpOidSz = SetObjectId(sizeof(attrChallengePasswordOid), NULL); - cpOidSz += sizeof(attrChallengePasswordOid); - pwSz = (int)XSTRLEN(pw); - if (pwPrintableString) { - cpStrSz = SetPrintableString(pwSz, cpStr); - } else { - cpStrSz = SetUTF8String(pwSz, cpStr); - } - cpSetSz = SetSet(cpStrSz + pwSz, cpSet); - /* +2 for tag and length parts of the TLV triplet */ - cpSeqSz = SetSequence(cpOidSz + cpSetSz + - cpStrSz + pwSz, cpSeq); - cpSz = cpSeqSz + cpOidSz + cpSetSz + - cpStrSz + pwSz; + if (cert->challengePw[0]) { + setSz += SetReqAttribSingle(output, &sz, NULL, + (int)XSTRLEN(cert->challengePw), NULL, + sizeof(attrChallengePasswordOid), + cert->challengePwPrintableString, 0); + } + + if (cert->unstructuredName[0]) { + setSz += SetReqAttribSingle(output, &sz, NULL, + (int)XSTRLEN(cert->unstructuredName), NULL, + sizeof(attrUnstructuredNameOid), 1, 0); } if (extSz) { - int erOidSz = SetObjectId(sizeof(attrExtensionRequestOid), NULL); - erOidSz += sizeof(attrExtensionRequestOid); - erSetSz = SetSet(extSz, erSet); - erSeqSz = SetSequence(erSetSz + erOidSz + extSz, erSeq); - erSz = extSz + erSetSz + erSeqSz + erOidSz; + setSz += SetReqAttribSingle(output, &sz, NULL, 0, NULL, + sizeof(attrExtensionRequestOid), 1, extSz); } /* Put the pieces together. */ - sz += SetLength(cpSz + erSz, &output[sz]); - - if (cpSz) { - XMEMCPY(&output[sz], cpSeq, cpSeqSz); - sz += cpSeqSz; - sz += SetObjectId(sizeof(attrChallengePasswordOid), output + sz); - XMEMCPY(&output[sz], attrChallengePasswordOid, - sizeof(attrChallengePasswordOid)); - sz += sizeof(attrChallengePasswordOid); - XMEMCPY(&output[sz], cpSet, cpSetSz); - sz += cpSetSz; - XMEMCPY(&output[sz], cpStr, cpStrSz); - sz += cpStrSz; - XMEMCPY(&output[sz], pw, pwSz); - sz += pwSz; + sz += SetLength(setSz, &output[sz]); + if (sz + setSz - extSz > MAX_ATTRIB_SZ) { + WOLFSSL_MSG("Attribute Buffer is not big enough!"); + return REQ_ATTRIBUTE_E; } - if (erSz) { - XMEMCPY(&output[sz], erSeq, erSeqSz); - sz += erSeqSz; - sz += SetObjectId(sizeof(attrExtensionRequestOid), output + sz); - XMEMCPY(&output[sz], attrExtensionRequestOid, - sizeof(attrExtensionRequestOid)); - sz += sizeof(attrExtensionRequestOid); - XMEMCPY(&output[sz], erSet, erSetSz); - sz += erSetSz; + if (cert->challengePw[0]) { + SetReqAttribSingle(output, &sz, cert->challengePw, + (int)XSTRLEN(cert->challengePw), &attrChallengePasswordOid[0], + sizeof(attrChallengePasswordOid), + cert->challengePwPrintableString, 0); + } + + if (cert->unstructuredName[0]) { + SetReqAttribSingle(output, &sz, cert->unstructuredName, + (int)XSTRLEN(cert->unstructuredName), + &attrUnstructuredNameOid[0], + sizeof(attrUnstructuredNameOid), 1, 0); + } + + if (extSz) { + SetReqAttribSingle(output, &sz, NULL, 0, &attrExtensionRequestOid[0], + sizeof(attrExtensionRequestOid), 1, extSz); /* The actual extension data will be tacked onto the output later. */ } @@ -26350,9 +26516,7 @@ static int EncodeCertReq(Cert* cert, DerCert* der, RsaKey* rsaKey, #endif /* WOLFSSL_CERT_EXT */ } - der->attribSz = SetReqAttrib(der->attrib, cert->challengePw, - cert->challengePwPrintableString, - der->extensionsSz); + der->attribSz = SetReqAttrib(der->attrib, cert, der->extensionsSz); if (der->attribSz <= 0) return REQ_ATTRIBUTE_E; @@ -27478,6 +27642,13 @@ static void SetNameFromDcert(CertName* cn, DecodedCert* decoded) cn->unit[sz] = '\0'; cn->unitEnc = decoded->subjectOUEnc; } + if (decoded->subjectN) { + sz = (decoded->subjectNLen < CTC_NAME_SIZE) ? decoded->subjectNLen + : CTC_NAME_SIZE - 1; + XSTRNCPY(cn->name, decoded->subjectN, sz); + cn->name[sz] = '\0'; + cn->nameEnc = decoded->subjectNEnc; + } if (decoded->subjectSN) { sz = (decoded->subjectSNLen < CTC_NAME_SIZE) ? decoded->subjectSNLen : CTC_NAME_SIZE - 1; diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 3fd8cab24..d74189b2d 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -674,6 +674,10 @@ enum DN_Tags { ASN_BUS_CAT = 0x0f, /* businessCategory */ ASN_POSTAL_CODE = 0x11, /* postalCode */ ASN_USER_ID = 0x12, /* UserID */ + ASN_NAME = 0x2a, /* name */ + ASN_GIVEN_NAME = 0x29, /* GN */ + ASN_INITIALS = 0x2b, /* initials */ + ASN_DNQUALIFIER = 0x2e, /* dnQualifier */ ASN_EMAIL_NAME = 0x98, /* not actual OID (see attrEmailOid) */ ASN_CUSTOM_NAME = 0x99, /* not actual OID (see CertOidField) */ @@ -703,6 +707,10 @@ extern const WOLFSSL_ObjectInfo wolfssl_object_info[]; #define WOLFSSL_COMMON_NAME "/CN=" #define WOLFSSL_LN_COMMON_NAME "/commonName=" #define WOLFSSL_SUR_NAME "/SN=" +#define WOLFSSL_NAME "/N=" +#define WOLFSSL_INITIALS "/initials=" +#define WOLFSSL_GIVEN_NAME "/GN=" +#define WOLFSSL_DNQUALIFIER "/dnQualifier=" #define WOLFSSL_SERIAL_NUMBER "/serialNumber=" #define WOLFSSL_COUNTRY_NAME "/C=" #define WOLFSSL_LN_COUNTRY_NAME "/countryName=" @@ -791,6 +799,7 @@ enum NID_dnQualifier = 174, NID_commonName = 14, /* CN Changed to not conflict * with PBE_SHA1_DES3 */ + NID_name = 173, /* N */ NID_surname = 0x04, /* SN */ NID_serialNumber = 0x05, /* serialNumber */ NID_countryName = 0x06, /* C */ @@ -918,8 +927,9 @@ enum Misc_ASN { #ifdef WOLFSSL_CERT_GEN #ifdef WOLFSSL_CERT_REQ /* Max encoded cert req attributes length */ - MAX_ATTRIB_SZ = MAX_SEQ_SZ * 3 + (11 + MAX_SEQ_SZ) * 2 + - MAX_PRSTR_SZ + CTC_NAME_SIZE, /* 11 is the OID size */ + MAX_ATTRIB_SZ = MAX_SEQ_SZ * 4 + (11 + MAX_SEQ_SZ) * 3 + + MAX_PRSTR_SZ * 2 + CTC_NAME_SIZE * 2, + /* 11 is the OID size */ #endif #if defined(WOLFSSL_ALT_NAMES) || defined(WOLFSSL_CERT_EXT) MAX_EXTENSIONS_SZ = 1 + MAX_LENGTH_SZ + CTC_MAX_ALT_SIZE, @@ -1237,6 +1247,7 @@ enum CsrAttrType { DNQUALIFIER_OID = 135, INITIALS_OID = 132, SURNAME_OID = 93, + NAME_OID = 130, GIVEN_NAME_OID = 131, }; #endif @@ -1647,6 +1658,18 @@ struct DecodedCert { char* subjectSN; int subjectSNLen; char subjectSNEnc; + char* subjectN; + int subjectNLen; + char subjectNEnc; + char* subjectI; + int subjectILen; + char subjectIEnc; + char* subjectGN; + int subjectGNLen; + char subjectGNEnc; + char* subjectDNQ; + int subjectDNQLen; + char subjectDNQEnc; char* subjectC; int subjectCLen; char subjectCEnc; diff --git a/wolfssl/wolfcrypt/asn_public.h b/wolfssl/wolfcrypt/asn_public.h index c8b077962..556acedc7 100644 --- a/wolfssl/wolfcrypt/asn_public.h +++ b/wolfssl/wolfcrypt/asn_public.h @@ -337,6 +337,14 @@ typedef struct CertName { char localityEnc; char sur[CTC_NAME_SIZE]; char surEnc; + char givenName[CTC_NAME_SIZE]; + char givenNameEnc; + char initials[CTC_NAME_SIZE]; + char initialsEnc; + char dnQualifier[CTC_NAME_SIZE]; + char dnQualifierEnc; + char name[CTC_NAME_SIZE]; + char nameEnc; char org[CTC_NAME_SIZE]; char orgEnc; char unit[CTC_NAME_SIZE]; @@ -433,6 +441,7 @@ typedef struct Cert { #endif #ifdef WOLFSSL_CERT_REQ char challengePw[CTC_NAME_SIZE]; + char unstructuredName[CTC_NAME_SIZE]; int challengePwPrintableString; /* encode as PrintableString */ #endif #ifdef WOLFSSL_CUSTOM_OID From 8862e1f8cfb8be8019e4fb959700b139860b7a72 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Thu, 14 Jul 2022 09:41:36 -0700 Subject: [PATCH 3/5] resolve name conflict --- wolfcrypt/src/asn.c | 10 +++++----- wolfssl/wolfcrypt/asn_public.h | 4 ++-- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 8202f1ed6..c5bef8a5e 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -22845,7 +22845,7 @@ const char* GetOneCertName(CertName* name, int idx) case ASN_LOCALITY_NAME: return name->locality; case ASN_NAME: - return name->name; + return name->dnName; case ASN_GIVEN_NAME: return name->givenName; case ASN_INITIALS: @@ -22896,7 +22896,7 @@ static char GetNameType(CertName* name, int idx) case ASN_LOCALITY_NAME: return name->localityEnc; case ASN_NAME: - return name->nameEnc; + return name->dnNameEnc; case ASN_GIVEN_NAME: return name->givenNameEnc; case ASN_INITIALS: @@ -27645,9 +27645,9 @@ static void SetNameFromDcert(CertName* cn, DecodedCert* decoded) if (decoded->subjectN) { sz = (decoded->subjectNLen < CTC_NAME_SIZE) ? decoded->subjectNLen : CTC_NAME_SIZE - 1; - XSTRNCPY(cn->name, decoded->subjectN, sz); - cn->name[sz] = '\0'; - cn->nameEnc = decoded->subjectNEnc; + XSTRNCPY(cn->dnName, decoded->subjectN, sz); + cn->dnName[sz] = '\0'; + cn->dnNameEnc = decoded->subjectNEnc; } if (decoded->subjectSN) { sz = (decoded->subjectSNLen < CTC_NAME_SIZE) ? decoded->subjectSNLen diff --git a/wolfssl/wolfcrypt/asn_public.h b/wolfssl/wolfcrypt/asn_public.h index 556acedc7..49078277b 100644 --- a/wolfssl/wolfcrypt/asn_public.h +++ b/wolfssl/wolfcrypt/asn_public.h @@ -343,8 +343,8 @@ typedef struct CertName { char initialsEnc; char dnQualifier[CTC_NAME_SIZE]; char dnQualifierEnc; - char name[CTC_NAME_SIZE]; - char nameEnc; + char dnName[CTC_NAME_SIZE]; + char dnNameEnc; char org[CTC_NAME_SIZE]; char orgEnc; char unit[CTC_NAME_SIZE]; From abba59f735a50073178db4ceba6e0451ab820e67 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Thu, 14 Jul 2022 13:15:59 -0700 Subject: [PATCH 4/5] order of array of names for asn template build --- wolfcrypt/src/asn.c | 100 +++++++++++++++++++++------------------- wolfssl/wolfcrypt/asn.h | 8 ++-- 2 files changed, 56 insertions(+), 52 deletions(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index c5bef8a5e..b98b51739 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -10702,6 +10702,10 @@ int wc_OBJ_sn2nid(const char *sn) {WOLFSSL_STATE_NAME, NID_stateOrProvinceName}, {WOLFSSL_ORG_NAME, NID_organizationName}, {WOLFSSL_ORGUNIT_NAME, NID_organizationalUnitName}, + {WOLFSSL_NAME, NID_name}, + {WOLFSSL_INITIALS, NID_initials}, + {WOLFSSL_GIVEN_NAME, NID_givenName}, + {WOLFSSL_DNQUALIFIER, NID_dnQualifier}, {WOLFSSL_EMAIL_ADDR, NID_emailAddress}, {"SHA1", NID_sha1}, {NULL, -1}}; @@ -10868,54 +10872,6 @@ static const CertNameData certNameSubject[] = { #endif #ifdef WOLFSSL_X509_NAME_AVAILABLE NID_commonName -#endif - }, - /* Given Name */ - { - "/GN=", 4, -#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - OFFSETOF(DecodedCert, subjectGN), - OFFSETOF(DecodedCert, subjectGNLen), - OFFSETOF(DecodedCert, subjectGNEnc), -#endif -#ifdef WOLFSSL_X509_NAME_AVAILABLE - NID_givenName -#endif - }, - /* initials */ - { - "/initials=", 10, -#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - OFFSETOF(DecodedCert, subjectI), - OFFSETOF(DecodedCert, subjectILen), - OFFSETOF(DecodedCert, subjectIEnc), -#endif -#ifdef WOLFSSL_X509_NAME_AVAILABLE - NID_initials -#endif - }, - /* DN Qualifier Name */ - { - "/dnQualifier=", 13, -#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - OFFSETOF(DecodedCert, subjectDNQ), - OFFSETOF(DecodedCert, subjectDNQLen), - OFFSETOF(DecodedCert, subjectDNQEnc), -#endif -#ifdef WOLFSSL_X509_NAME_AVAILABLE - NID_dnQualifier -#endif - }, - /* Name */ - { - "/N=", 3, -#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - OFFSETOF(DecodedCert, subjectN), - OFFSETOF(DecodedCert, subjectNLen), - OFFSETOF(DecodedCert, subjectNEnc), -#endif -#ifdef WOLFSSL_X509_NAME_AVAILABLE - NID_name #endif }, /* Surname */ @@ -11096,6 +11052,54 @@ static const CertNameData certNameSubject[] = { #endif #ifdef WOLFSSL_X509_NAME_AVAILABLE NID_userId +#endif + }, + /* Name, id 41 */ + { + "/N=", 3, +#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) + OFFSETOF(DecodedCert, subjectN), + OFFSETOF(DecodedCert, subjectNLen), + OFFSETOF(DecodedCert, subjectNEnc), +#endif +#ifdef WOLFSSL_X509_NAME_AVAILABLE + NID_name +#endif + }, + /* Given Name, id 42 */ + { + "/GN=", 4, +#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) + OFFSETOF(DecodedCert, subjectGN), + OFFSETOF(DecodedCert, subjectGNLen), + OFFSETOF(DecodedCert, subjectGNEnc), +#endif +#ifdef WOLFSSL_X509_NAME_AVAILABLE + NID_givenName +#endif + }, + /* initials, id 43 */ + { + "/initials=", 10, +#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) + OFFSETOF(DecodedCert, subjectI), + OFFSETOF(DecodedCert, subjectILen), + OFFSETOF(DecodedCert, subjectIEnc), +#endif +#ifdef WOLFSSL_X509_NAME_AVAILABLE + NID_initials +#endif + }, + /* DN Qualifier Name, id 46 */ + { + "/dnQualifier=", 13, +#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) + OFFSETOF(DecodedCert, subjectDNQ), + OFFSETOF(DecodedCert, subjectDNQLen), + OFFSETOF(DecodedCert, subjectDNQEnc), +#endif +#ifdef WOLFSSL_X509_NAME_AVAILABLE + NID_dnQualifier #endif }, }; diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index d74189b2d..88eb21c02 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -772,8 +772,8 @@ enum NID_id_pkix_OCSP_basic = 74, NID_any_policy = 75, NID_anyExtendedKeyUsage = 76, - NID_givenName = 99, - NID_initials = 101, + NID_givenName = 99, /* 2.5.4.42 */ + NID_initials = 101, /* 2.5.4.43 */ NID_title = 106, NID_description = 107, NID_basic_constraints = 133, @@ -796,10 +796,10 @@ enum NID_buildingName = 1494, - NID_dnQualifier = 174, + NID_dnQualifier = 174, /* 2.5.4.46 */ NID_commonName = 14, /* CN Changed to not conflict * with PBE_SHA1_DES3 */ - NID_name = 173, /* N */ + NID_name = 173, /* N , OID = 2.5.4.41 */ NID_surname = 0x04, /* SN */ NID_serialNumber = 0x05, /* serialNumber */ NID_countryName = 0x06, /* C */ From 99ed72717934f9b7972dccb0470d0a79305da294 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Mon, 1 Aug 2022 10:52:09 -0700 Subject: [PATCH 5/5] add WOLFSSL_CERT_NAME_ALL macro guard and new values to set subject --- configure.ac | 5 +- src/x509.c | 2 + wolfcrypt/src/asn.c | 87 +++++++++++++++++++++++++--------- wolfssl/wolfcrypt/asn.h | 14 ++++-- wolfssl/wolfcrypt/asn_public.h | 2 + 5 files changed, 82 insertions(+), 28 deletions(-) diff --git a/configure.ac b/configure.ac index e87979e06..0d415e26b 100644 --- a/configure.ac +++ b/configure.ac @@ -830,6 +830,9 @@ then # Certificate extensions and alt. names for FPKI use AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SUBJ_DIR_ATTR -DWOLFSSL_FPKI -DWOLFSSL_SUBJ_INFO_ACC" + + # Handle as many subject/issuer name OIDs as possible + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_NAME_ALL" fi @@ -7450,7 +7453,7 @@ then fi AS_IF([test "x$ENABLED_OPENSSLALL" = "xyes"], - [AM_CFLAGS="$AM_CFLAGS -DOPENSSL_ALL -DWOLFSSL_EITHER_SIDE -DWC_RSA_NO_PADDING -DWC_RSA_PSS -DWOLFSSL_PSS_LONG_SALT -DWOLFSSL_TICKET_HAVE_ID -DWOLFSSL_ERROR_CODE_OPENSSL"]) + [AM_CFLAGS="$AM_CFLAGS -DOPENSSL_ALL -DWOLFSSL_EITHER_SIDE -DWC_RSA_NO_PADDING -DWC_RSA_PSS -DWOLFSSL_PSS_LONG_SALT -DWOLFSSL_TICKET_HAVE_ID -DWOLFSSL_ERROR_CODE_OPENSSL -DWOLFSSL_CERT_NAME_ALL"]) AS_IF([test "x$ENABLED_AESSIV" = "xyes"], [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_SIV"]) diff --git a/src/x509.c b/src/x509.c index 8fdcd96ec..69f853695 100644 --- a/src/x509.c +++ b/src/x509.c @@ -9403,10 +9403,12 @@ static int ConvertNIDToWolfSSL(int nid) { switch (nid) { case NID_commonName : return ASN_COMMON_NAME; + #ifdef WOLFSSL_CERT_NAME_ALL case NID_name : return ASN_NAME; case NID_givenName: return ASN_GIVEN_NAME; case NID_dnQualifier : return ASN_DNQUALIFIER; case NID_initials: return ASN_INITIALS; + #endif /* WOLFSSL_CERT_NAME_ALL */ case NID_surname : return ASN_SUR_NAME; case NID_countryName: return ASN_COUNTRY_NAME; case NID_localityName: return ASN_LOCALITY_NAME; diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index b98b51739..6c0f77109 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -84,6 +84,9 @@ ASN Options: extension. * WOLFSSL_SUBJ_INFO_ACC: Enable support for SubjectInfoAccess extension. * WOLFSSL_FPKI: Enable support for FPKI (Federal PKI) extensions. + * WOLFSSL_CERT_NAME_ALL: Adds more certificate name capability at the + cost of taking up more memory. Adds initials, givenname, dnQualifer for + example. */ #ifndef NO_ASN @@ -9956,10 +9959,12 @@ void InitDecodedCert(DecodedCert* cert, cert->heap = heap; cert->maxPathLen = WOLFSSL_MAX_PATH_LEN; #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) + #ifdef WOLFSSL_CERT_NAME_ALL cert->subjectNEnc = CTC_UTF8; cert->subjectIEnc = CTC_UTF8; cert->subjectDNQEnc = CTC_UTF8; cert->subjectGNEnc = CTC_UTF8; + #endif cert->subjectSNEnc = CTC_UTF8; cert->subjectCEnc = CTC_PRINTABLE; cert->subjectLEnc = CTC_UTF8; @@ -10702,10 +10707,12 @@ int wc_OBJ_sn2nid(const char *sn) {WOLFSSL_STATE_NAME, NID_stateOrProvinceName}, {WOLFSSL_ORG_NAME, NID_organizationName}, {WOLFSSL_ORGUNIT_NAME, NID_organizationalUnitName}, + #ifdef WOLFSSL_CERT_NAME_ALL {WOLFSSL_NAME, NID_name}, {WOLFSSL_INITIALS, NID_initials}, {WOLFSSL_GIVEN_NAME, NID_givenName}, {WOLFSSL_DNQUALIFIER, NID_dnQualifier}, + #endif {WOLFSSL_EMAIL_ADDR, NID_emailAddress}, {"SHA1", NID_sha1}, {NULL, -1}}; @@ -11054,54 +11061,56 @@ static const CertNameData certNameSubject[] = { NID_userId #endif }, +#ifdef WOLFSSL_CERT_NAME_ALL /* Name, id 41 */ { "/N=", 3, -#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) + #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) OFFSETOF(DecodedCert, subjectN), OFFSETOF(DecodedCert, subjectNLen), OFFSETOF(DecodedCert, subjectNEnc), -#endif -#ifdef WOLFSSL_X509_NAME_AVAILABLE + #endif + #ifdef WOLFSSL_X509_NAME_AVAILABLE NID_name -#endif + #endif }, /* Given Name, id 42 */ { "/GN=", 4, -#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) + #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) OFFSETOF(DecodedCert, subjectGN), OFFSETOF(DecodedCert, subjectGNLen), OFFSETOF(DecodedCert, subjectGNEnc), -#endif -#ifdef WOLFSSL_X509_NAME_AVAILABLE + #endif + #ifdef WOLFSSL_X509_NAME_AVAILABLE NID_givenName -#endif + #endif }, /* initials, id 43 */ { "/initials=", 10, -#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) + #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) OFFSETOF(DecodedCert, subjectI), OFFSETOF(DecodedCert, subjectILen), OFFSETOF(DecodedCert, subjectIEnc), -#endif -#ifdef WOLFSSL_X509_NAME_AVAILABLE + #endif + #ifdef WOLFSSL_X509_NAME_AVAILABLE NID_initials -#endif + #endif }, /* DN Qualifier Name, id 46 */ { "/dnQualifier=", 13, -#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) + #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) OFFSETOF(DecodedCert, subjectDNQ), OFFSETOF(DecodedCert, subjectDNQLen), OFFSETOF(DecodedCert, subjectDNQEnc), -#endif -#ifdef WOLFSSL_X509_NAME_AVAILABLE + #endif + #ifdef WOLFSSL_X509_NAME_AVAILABLE NID_dnQualifier -#endif + #endif }, +#endif /* WOLFSSL_CERT_NAME_ALL */ }; static const int certNameSubjectSz = @@ -11637,6 +11646,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, nid = NID_commonName; #endif /* OPENSSL_EXTRA */ } + #ifdef WOLFSSL_CERT_NAME_ALL else if (id == ASN_NAME) { copy = WOLFSSL_NAME; copyLen = sizeof(WOLFSSL_NAME) - 1; @@ -11701,6 +11711,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, nid = NID_dnQualifier; #endif /* OPENSSL_EXTRA */ } + #endif /* WOLFSSL_CERT_NAME_ALL */ else if (id == ASN_SUR_NAME) { copy = WOLFSSL_SUR_NAME; copyLen = sizeof(WOLFSSL_SUR_NAME) - 1; @@ -22803,10 +22814,12 @@ static const byte nameOid[][NAME_OID_SZ] = { { 0x55, 0x04, ASN_STATE_NAME }, { 0x55, 0x04, ASN_STREET_ADDR }, { 0x55, 0x04, ASN_LOCALITY_NAME }, +#ifdef WOLFSSL_CERT_NAME_ALL { 0x55, 0x04, ASN_NAME }, { 0x55, 0x04, ASN_GIVEN_NAME }, { 0x55, 0x04, ASN_INITIALS }, { 0x55, 0x04, ASN_DNQUALIFIER }, +#endif { 0x55, 0x04, ASN_SUR_NAME }, { 0x55, 0x04, ASN_ORG_NAME }, { 0x00, 0x00, ASN_DOMAIN_COMPONENT}, /* not actual OID - see dcOid */ @@ -22848,6 +22861,7 @@ const char* GetOneCertName(CertName* name, int idx) return name->street; case ASN_LOCALITY_NAME: return name->locality; +#ifdef WOLFSSL_CERT_NAME_ALL case ASN_NAME: return name->dnName; case ASN_GIVEN_NAME: @@ -22856,6 +22870,7 @@ const char* GetOneCertName(CertName* name, int idx) return name->initials; case ASN_DNQUALIFIER: return name->dnQualifier; +#endif /* WOLFSSL_CERT_NAME_ALL */ case ASN_SUR_NAME: return name->sur; case ASN_ORG_NAME: @@ -22899,6 +22914,7 @@ static char GetNameType(CertName* name, int idx) return name->streetEnc; case ASN_LOCALITY_NAME: return name->localityEnc; +#ifdef WOLFSSL_CERT_NAME_ALL case ASN_NAME: return name->dnNameEnc; case ASN_GIVEN_NAME: @@ -22907,6 +22923,7 @@ static char GetNameType(CertName* name, int idx) return name->initialsEnc; case ASN_DNQUALIFIER: return name->dnQualifierEnc; +#endif /* WOLFSSL_CERT_NAME_ALL */ case ASN_SUR_NAME: return name->surEnc; case ASN_ORG_NAME: @@ -27646,13 +27663,6 @@ static void SetNameFromDcert(CertName* cn, DecodedCert* decoded) cn->unit[sz] = '\0'; cn->unitEnc = decoded->subjectOUEnc; } - if (decoded->subjectN) { - sz = (decoded->subjectNLen < CTC_NAME_SIZE) ? decoded->subjectNLen - : CTC_NAME_SIZE - 1; - XSTRNCPY(cn->dnName, decoded->subjectN, sz); - cn->dnName[sz] = '\0'; - cn->dnNameEnc = decoded->subjectNEnc; - } if (decoded->subjectSN) { sz = (decoded->subjectSNLen < CTC_NAME_SIZE) ? decoded->subjectSNLen : CTC_NAME_SIZE - 1; @@ -27703,6 +27713,37 @@ static void SetNameFromDcert(CertName* cn, DecodedCert* decoded) XSTRNCPY(cn->email, decoded->subjectEmail, sz); cn->email[sz] = '\0'; } +#if defined(WOLFSSL_CERT_NAME_ALL) && \ + (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)) + if (decoded->subjectN) { + sz = (decoded->subjectNLen < CTC_NAME_SIZE) ? decoded->subjectNLen + : CTC_NAME_SIZE - 1; + XSTRNCPY(cn->dnName, decoded->subjectN, sz); + cn->dnName[sz] = '\0'; + cn->dnNameEnc = decoded->subjectNEnc; + } + if (decoded->subjectI) { + sz = (decoded->subjectILen < CTC_NAME_SIZE) ? decoded->subjectILen + : CTC_NAME_SIZE - 1; + XSTRNCPY(cn->initials, decoded->subjectI, sz); + cn->initials[sz] = '\0'; + cn->initialsEnc = decoded->subjectIEnc; + } + if (decoded->subjectGN) { + sz = (decoded->subjectGNLen < CTC_NAME_SIZE) ? decoded->subjectGNLen + : CTC_NAME_SIZE - 1; + XSTRNCPY(cn->givenName, decoded->subjectGN, sz); + cn->givenName[sz] = '\0'; + cn->givenNameEnc = decoded->subjectGNEnc; + } + if (decoded->subjectDNQ) { + sz = (decoded->subjectDNQLen < CTC_NAME_SIZE) ? decoded->subjectDNQLen + : CTC_NAME_SIZE - 1; + XSTRNCPY(cn->dnQualifier, decoded->subjectDNQ, sz); + cn->dnQualifier[sz] = '\0'; + cn->dnQualifierEnc = decoded->subjectDNQEnc; + } +#endif /* WOLFSSL_CERT_NAME_ALL */ } #ifndef NO_FILESYSTEM diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 88eb21c02..0212d1fe1 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -674,10 +674,12 @@ enum DN_Tags { ASN_BUS_CAT = 0x0f, /* businessCategory */ ASN_POSTAL_CODE = 0x11, /* postalCode */ ASN_USER_ID = 0x12, /* UserID */ +#ifdef WOLFSSL_CERT_NAME_ALL ASN_NAME = 0x2a, /* name */ ASN_GIVEN_NAME = 0x29, /* GN */ ASN_INITIALS = 0x2b, /* initials */ ASN_DNQUALIFIER = 0x2e, /* dnQualifier */ +#endif /* WOLFSSL_CERT_NAME_ALL */ ASN_EMAIL_NAME = 0x98, /* not actual OID (see attrEmailOid) */ ASN_CUSTOM_NAME = 0x99, /* not actual OID (see CertOidField) */ @@ -707,10 +709,12 @@ extern const WOLFSSL_ObjectInfo wolfssl_object_info[]; #define WOLFSSL_COMMON_NAME "/CN=" #define WOLFSSL_LN_COMMON_NAME "/commonName=" #define WOLFSSL_SUR_NAME "/SN=" -#define WOLFSSL_NAME "/N=" -#define WOLFSSL_INITIALS "/initials=" -#define WOLFSSL_GIVEN_NAME "/GN=" -#define WOLFSSL_DNQUALIFIER "/dnQualifier=" +#ifdef WOLFSSL_CERT_NAME_ALL + #define WOLFSSL_NAME "/N=" + #define WOLFSSL_INITIALS "/initials=" + #define WOLFSSL_GIVEN_NAME "/GN=" + #define WOLFSSL_DNQUALIFIER "/dnQualifier=" +#endif /* WOLFSSL_CERT_NAME_ALL */ #define WOLFSSL_SERIAL_NUMBER "/serialNumber=" #define WOLFSSL_COUNTRY_NAME "/C=" #define WOLFSSL_LN_COUNTRY_NAME "/countryName=" @@ -1658,6 +1662,7 @@ struct DecodedCert { char* subjectSN; int subjectSNLen; char subjectSNEnc; + #ifdef WOLFSSL_CERT_NAME_ALL char* subjectN; int subjectNLen; char subjectNEnc; @@ -1670,6 +1675,7 @@ struct DecodedCert { char* subjectDNQ; int subjectDNQLen; char subjectDNQEnc; + #endif /*WOLFSSL_CERT_NAME_ALL */ char* subjectC; int subjectCLen; char subjectCEnc; diff --git a/wolfssl/wolfcrypt/asn_public.h b/wolfssl/wolfcrypt/asn_public.h index 49078277b..f99e7fb9f 100644 --- a/wolfssl/wolfcrypt/asn_public.h +++ b/wolfssl/wolfcrypt/asn_public.h @@ -337,6 +337,7 @@ typedef struct CertName { char localityEnc; char sur[CTC_NAME_SIZE]; char surEnc; +#ifdef WOLFSSL_CERT_NAME_ALL char givenName[CTC_NAME_SIZE]; char givenNameEnc; char initials[CTC_NAME_SIZE]; @@ -345,6 +346,7 @@ typedef struct CertName { char dnQualifierEnc; char dnName[CTC_NAME_SIZE]; char dnNameEnc; +#endif /* WOLFSSL_CERT_NAME_ALL */ char org[CTC_NAME_SIZE]; char orgEnc; char unit[CTC_NAME_SIZE];