wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 18:57:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5277 from JacobBarthelmeh/req_attr

Browse Source 
expand subject name and req attribute support
This commit is contained in:
Sean Parkinson
2022-08-04 14:32:14 +10:00
committed by GitHub
parent 2c2a7750a4 99ed727179
commit 9ea3e173d0
7 changed files with 387 additions and 69 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
configure.ac
View File

@ -830,6 +830,9 @@ then
# Certificate extensions and alt. names for FPKI use # Certificate extensions and alt. names for FPKI use
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SUBJ_DIR_ATTR -DWOLFSSL_FPKI -DWOLFSSL_SUBJ_INFO_ACC" AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SUBJ_DIR_ATTR -DWOLFSSL_FPKI -DWOLFSSL_SUBJ_INFO_ACC"
# Handle as many subject/issuer name OIDs as possible
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_NAME_ALL"
fi fi
@ -7463,7 +7466,7 @@ then
fi fi
AS_IF([test "x$ENABLED_OPENSSLALL" = "xyes"], AS_IF([test "x$ENABLED_OPENSSLALL" = "xyes"],
[AM_CFLAGS="$AM_CFLAGS -DOPENSSL_ALL -DWOLFSSL_EITHER_SIDE -DWC_RSA_NO_PADDING -DWC_RSA_PSS -DWOLFSSL_PSS_LONG_SALT -DWOLFSSL_TICKET_HAVE_ID -DWOLFSSL_ERROR_CODE_OPENSSL"]) [AM_CFLAGS="$AM_CFLAGS -DOPENSSL_ALL -DWOLFSSL_EITHER_SIDE -DWC_RSA_NO_PADDING -DWC_RSA_PSS -DWOLFSSL_PSS_LONG_SALT -DWOLFSSL_TICKET_HAVE_ID -DWOLFSSL_ERROR_CODE_OPENSSL -DWOLFSSL_CERT_NAME_ALL"])
AS_IF([test "x$ENABLED_AESSIV" = "xyes"], [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_SIV"]) AS_IF([test "x$ENABLED_AESSIV" = "xyes"], [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_SIV"])

2
src/conf.c
View File

@ -926,7 +926,7 @@ int wolfSSL_NCONF_load(WOLFSSL_CONF *conf, const char *file, long *eline)
value = idx; value = idx;
/* Find end of value */ /* Find end of value */
idx = maxIdx-1; idx = maxIdx-1;
while (idx >= value && (*idx == ' ' || *idx == '\t')) while (idx >= value && (*idx == ' ' || *idx == '\t' || *idx == '\r'))
idx--; idx--;
valueLen = (int)(idx - value + 1); valueLen = (int)(idx - value + 1);

1
src/ssl.c
View File

@ -25574,6 +25574,7 @@ const WOLFSSL_ObjectInfo wolfssl_object_info[] = {
oidCsrAttrType, "contentType", "contentType" }, oidCsrAttrType, "contentType", "contentType" },
{ NID_pkcs9_unstructuredName, UNSTRUCTURED_NAME_OID, { NID_pkcs9_unstructuredName, UNSTRUCTURED_NAME_OID,
oidCsrAttrType, "unstructuredName", "unstructuredName" }, oidCsrAttrType, "unstructuredName", "unstructuredName" },
{ NID_name, NAME_OID, oidCsrAttrType, "name", "name" },
{ NID_surname, SURNAME_OID, { NID_surname, SURNAME_OID,
oidCsrAttrType, "surname", "surname" }, oidCsrAttrType, "surname", "surname" },
{ NID_givenName, GIVEN_NAME_OID, { NID_givenName, GIVEN_NAME_OID,

58
src/x509.c
View File

@ -8610,6 +8610,10 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref(
} }
if (ret == WOLFSSL_SUCCESS) { if (ret == WOLFSSL_SUCCESS) {
#if defined(OPENSSL_ALL)
int idx;
#endif
cert->version = req->version; cert->version = req->version;
cert->isCA = req->isCa; cert->isCA = req->isCa;
cert->basicConstSet = req->basicConstSet; cert->basicConstSet = req->basicConstSet;
@ -8626,6 +8630,34 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref(
XMEMCPY(cert->challengePw, req->challengePw, CTC_NAME_SIZE); XMEMCPY(cert->challengePw, req->challengePw, CTC_NAME_SIZE);
cert->challengePwPrintableString = req->challengePw[0] != 0; cert->challengePwPrintableString = req->challengePw[0] != 0;
#if defined(OPENSSL_ALL)
idx = wolfSSL_X509_REQ_get_attr_by_NID(req,
NID_pkcs9_unstructuredName, -1);
if (idx != WOLFSSL_FATAL_ERROR) {
WOLFSSL_X509_ATTRIBUTE *attr;
attr = wolfSSL_X509_REQ_get_attr(req, idx);
if (attr != NULL) {
const unsigned char *attrData;
int attrDataSz;
attrData = wolfSSL_ASN1_STRING_get0_data(
attr->value->value.asn1_string);
attrDataSz = wolfSSL_ASN1_STRING_length(
attr->value->value.asn1_string);
/* +1 to make sure is terminated string */
if (attrDataSz + 1 > CTC_NAME_SIZE) {
WOLFSSL_MSG("attribute size was too large to copy");
ret = REQ_ATTRIBUTE_E;
}
else {
XMEMCPY(cert->unstructuredName, attrData, attrDataSz);
cert->unstructuredName[attrDataSz] = '\0';
}
}
}
#endif /* OPENSSL_ALL */
#ifdef WOLFSSL_ALT_NAMES #ifdef WOLFSSL_ALT_NAMES
cert->altNamesSz = FlattenAltNames(cert->altNames, cert->altNamesSz = FlattenAltNames(cert->altNames,
sizeof(cert->altNames), req->altNames); sizeof(cert->altNames), req->altNames);
@ -9371,6 +9403,12 @@ static int ConvertNIDToWolfSSL(int nid)
{ {
switch (nid) { switch (nid) {
case NID_commonName : return ASN_COMMON_NAME; case NID_commonName : return ASN_COMMON_NAME;
#ifdef WOLFSSL_CERT_NAME_ALL
case NID_name : return ASN_NAME;
case NID_givenName: return ASN_GIVEN_NAME;
case NID_dnQualifier : return ASN_DNQUALIFIER;
case NID_initials: return ASN_INITIALS;
#endif /* WOLFSSL_CERT_NAME_ALL */
case NID_surname : return ASN_SUR_NAME; case NID_surname : return ASN_SUR_NAME;
case NID_countryName: return ASN_COUNTRY_NAME; case NID_countryName: return ASN_COUNTRY_NAME;
case NID_localityName: return ASN_LOCALITY_NAME; case NID_localityName: return ASN_LOCALITY_NAME;
@ -11464,6 +11502,26 @@ static int get_dn_attr_by_nid(int n, const char** buf)
str = "emailAddress"; str = "emailAddress";
len = 12; len = 12;
break; break;
case NID_surname:
str = "SN";
len = 2;
break;
case NID_givenName:
str = "GN";
len = 2;
break;
case NID_dnQualifier:
str = "dnQualifier";
len = 11;
break;
case NID_name:
str = "name";
len = 4;
break;
case NID_initials:
str = "initials";
len = 8;
break;
default: default:
WOLFSSL_MSG("Attribute type not found"); WOLFSSL_MSG("Attribute type not found");
str = NULL; str = NULL;

340
wolfcrypt/src/asn.c
View File

@ -84,6 +84,9 @@ ASN Options:
extension. extension.
* WOLFSSL_SUBJ_INFO_ACC: Enable support for SubjectInfoAccess extension. * WOLFSSL_SUBJ_INFO_ACC: Enable support for SubjectInfoAccess extension.
* WOLFSSL_FPKI: Enable support for FPKI (Federal PKI) extensions. * WOLFSSL_FPKI: Enable support for FPKI (Federal PKI) extensions.
* WOLFSSL_CERT_NAME_ALL: Adds more certificate name capability at the
cost of taking up more memory. Adds initials, givenname, dnQualifer for
example.
*/ */
#ifndef NO_ASN #ifndef NO_ASN
@ -9956,6 +9959,12 @@ void InitDecodedCert(DecodedCert* cert,
cert->heap = heap; cert->heap = heap;
cert->maxPathLen = WOLFSSL_MAX_PATH_LEN; cert->maxPathLen = WOLFSSL_MAX_PATH_LEN;
#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
#ifdef WOLFSSL_CERT_NAME_ALL
cert->subjectNEnc = CTC_UTF8;
cert->subjectIEnc = CTC_UTF8;
cert->subjectDNQEnc = CTC_UTF8;
cert->subjectGNEnc = CTC_UTF8;
#endif
cert->subjectSNEnc = CTC_UTF8; cert->subjectSNEnc = CTC_UTF8;
cert->subjectCEnc = CTC_PRINTABLE; cert->subjectCEnc = CTC_PRINTABLE;
cert->subjectLEnc = CTC_UTF8; cert->subjectLEnc = CTC_UTF8;
@ -10698,6 +10707,12 @@ int wc_OBJ_sn2nid(const char *sn)
{WOLFSSL_STATE_NAME, NID_stateOrProvinceName}, {WOLFSSL_STATE_NAME, NID_stateOrProvinceName},
{WOLFSSL_ORG_NAME, NID_organizationName}, {WOLFSSL_ORG_NAME, NID_organizationName},
{WOLFSSL_ORGUNIT_NAME, NID_organizationalUnitName}, {WOLFSSL_ORGUNIT_NAME, NID_organizationalUnitName},
#ifdef WOLFSSL_CERT_NAME_ALL
{WOLFSSL_NAME, NID_name},
{WOLFSSL_INITIALS, NID_initials},
{WOLFSSL_GIVEN_NAME, NID_givenName},
{WOLFSSL_DNQUALIFIER, NID_dnQualifier},
#endif
{WOLFSSL_EMAIL_ADDR, NID_emailAddress}, {WOLFSSL_EMAIL_ADDR, NID_emailAddress},
{"SHA1", NID_sha1}, {"SHA1", NID_sha1},
{NULL, -1}}; {NULL, -1}};
@ -11046,6 +11061,56 @@ static const CertNameData certNameSubject[] = {
NID_userId NID_userId
#endif #endif
}, },
#ifdef WOLFSSL_CERT_NAME_ALL
/* Name, id 41 */
{
"/N=", 3,
#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
OFFSETOF(DecodedCert, subjectN),
OFFSETOF(DecodedCert, subjectNLen),
OFFSETOF(DecodedCert, subjectNEnc),
#endif
#ifdef WOLFSSL_X509_NAME_AVAILABLE
NID_name
#endif
},
/* Given Name, id 42 */
{
"/GN=", 4,
#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
OFFSETOF(DecodedCert, subjectGN),
OFFSETOF(DecodedCert, subjectGNLen),
OFFSETOF(DecodedCert, subjectGNEnc),
#endif
#ifdef WOLFSSL_X509_NAME_AVAILABLE
NID_givenName
#endif
},
/* initials, id 43 */
{
"/initials=", 10,
#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
OFFSETOF(DecodedCert, subjectI),
OFFSETOF(DecodedCert, subjectILen),
OFFSETOF(DecodedCert, subjectIEnc),
#endif
#ifdef WOLFSSL_X509_NAME_AVAILABLE
NID_initials
#endif
},
/* DN Qualifier Name, id 46 */
{
"/dnQualifier=", 13,
#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
OFFSETOF(DecodedCert, subjectDNQ),
OFFSETOF(DecodedCert, subjectDNQLen),
OFFSETOF(DecodedCert, subjectDNQEnc),
#endif
#ifdef WOLFSSL_X509_NAME_AVAILABLE
NID_dnQualifier
#endif
},
#endif /* WOLFSSL_CERT_NAME_ALL */
}; };
static const int certNameSubjectSz = static const int certNameSubjectSz =
@ -11583,6 +11648,72 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
nid = NID_commonName; nid = NID_commonName;
#endif /* OPENSSL_EXTRA */ #endif /* OPENSSL_EXTRA */
} }
#ifdef WOLFSSL_CERT_NAME_ALL
else if (id == ASN_NAME) {
copy = WOLFSSL_NAME;
copyLen = sizeof(WOLFSSL_NAME) - 1;
#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
if (nameType == SUBJECT) {
cert->subjectN = (char*)&input[srcIdx];
cert->subjectNLen = strLen;
cert->subjectNEnc = b;
}
#endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */
#if (defined(OPENSSL_EXTRA) || \
defined(OPENSSL_EXTRA_X509_SMALL)) \
&& !defined(WOLFCRYPT_ONLY)
nid = NID_name;
#endif /* OPENSSL_EXTRA */
}
else if (id == ASN_INITIALS) {
copy = WOLFSSL_INITIALS;
copyLen = sizeof(WOLFSSL_INITIALS) - 1;
#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
if (nameType == SUBJECT) {
cert->subjectI = (char*)&input[srcIdx];
cert->subjectILen = strLen;
cert->subjectIEnc = b;
}
#endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */
#if (defined(OPENSSL_EXTRA) || \
defined(OPENSSL_EXTRA_X509_SMALL)) \
&& !defined(WOLFCRYPT_ONLY)
nid = NID_initials;
#endif /* OPENSSL_EXTRA */
}
else if (id == ASN_GIVEN_NAME) {
copy = WOLFSSL_GIVEN_NAME;
copyLen = sizeof(WOLFSSL_GIVEN_NAME) - 1;
#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
if (nameType == SUBJECT) {
cert->subjectGN = (char*)&input[srcIdx];
cert->subjectGNLen = strLen;
cert->subjectGNEnc = b;
}
#endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */
#if (defined(OPENSSL_EXTRA) || \
defined(OPENSSL_EXTRA_X509_SMALL)) \
&& !defined(WOLFCRYPT_ONLY)
nid = NID_givenName;
#endif /* OPENSSL_EXTRA */
}
else if (id == ASN_DNQUALIFIER) {
copy = WOLFSSL_DNQUALIFIER;
copyLen = sizeof(WOLFSSL_DNQUALIFIER) - 1;
#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
if (nameType == SUBJECT) {
cert->subjectDNQ = (char*)&input[srcIdx];
cert->subjectDNQLen = strLen;
cert->subjectDNQEnc = b;
}
#endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */
#if (defined(OPENSSL_EXTRA) || \
defined(OPENSSL_EXTRA_X509_SMALL)) \
&& !defined(WOLFCRYPT_ONLY)
nid = NID_dnQualifier;
#endif /* OPENSSL_EXTRA */
}
#endif /* WOLFSSL_CERT_NAME_ALL */
else if (id == ASN_SUR_NAME) { else if (id == ASN_SUR_NAME) {
copy = WOLFSSL_SUR_NAME; copy = WOLFSSL_SUR_NAME;
copyLen = sizeof(WOLFSSL_SUR_NAME) - 1; copyLen = sizeof(WOLFSSL_SUR_NAME) - 1;
@ -22685,6 +22816,12 @@ static const byte nameOid[][NAME_OID_SZ] = {
{ 0x55, 0x04, ASN_STATE_NAME }, { 0x55, 0x04, ASN_STATE_NAME },
{ 0x55, 0x04, ASN_STREET_ADDR }, { 0x55, 0x04, ASN_STREET_ADDR },
{ 0x55, 0x04, ASN_LOCALITY_NAME }, { 0x55, 0x04, ASN_LOCALITY_NAME },
#ifdef WOLFSSL_CERT_NAME_ALL
{ 0x55, 0x04, ASN_NAME },
{ 0x55, 0x04, ASN_GIVEN_NAME },
{ 0x55, 0x04, ASN_INITIALS },
{ 0x55, 0x04, ASN_DNQUALIFIER },
#endif
{ 0x55, 0x04, ASN_SUR_NAME }, { 0x55, 0x04, ASN_SUR_NAME },
{ 0x55, 0x04, ASN_ORG_NAME }, { 0x55, 0x04, ASN_ORG_NAME },
{ 0x00, 0x00, ASN_DOMAIN_COMPONENT}, /* not actual OID - see dcOid */ { 0x00, 0x00, ASN_DOMAIN_COMPONENT}, /* not actual OID - see dcOid */
@ -22726,6 +22863,16 @@ const char* GetOneCertName(CertName* name, int idx)
return name->street; return name->street;
case ASN_LOCALITY_NAME: case ASN_LOCALITY_NAME:
return name->locality; return name->locality;
#ifdef WOLFSSL_CERT_NAME_ALL
case ASN_NAME:
return name->dnName;
case ASN_GIVEN_NAME:
return name->givenName;
case ASN_INITIALS:
return name->initials;
case ASN_DNQUALIFIER:
return name->dnQualifier;
#endif /* WOLFSSL_CERT_NAME_ALL */
case ASN_SUR_NAME: case ASN_SUR_NAME:
return name->sur; return name->sur;
case ASN_ORG_NAME: case ASN_ORG_NAME:
@ -22769,6 +22916,16 @@ static char GetNameType(CertName* name, int idx)
return name->streetEnc; return name->streetEnc;
case ASN_LOCALITY_NAME: case ASN_LOCALITY_NAME:
return name->localityEnc; return name->localityEnc;
#ifdef WOLFSSL_CERT_NAME_ALL
case ASN_NAME:
return name->dnNameEnc;
case ASN_GIVEN_NAME:
return name->givenNameEnc;
case ASN_INITIALS:
return name->initialsEnc;
case ASN_DNQUALIFIER:
return name->dnQualifierEnc;
#endif /* WOLFSSL_CERT_NAME_ALL */
case ASN_SUR_NAME: case ASN_SUR_NAME:
return name->surEnc; return name->surEnc;
case ASN_ORG_NAME: case ASN_ORG_NAME:
@ -26026,79 +26183,109 @@ int wc_MakeCert(Cert* cert, byte* derBuffer, word32 derSz, RsaKey* rsaKey,
#ifdef WOLFSSL_CERT_REQ #ifdef WOLFSSL_CERT_REQ
#ifndef WOLFSSL_ASN_TEMPLATE #ifndef WOLFSSL_ASN_TEMPLATE
static int SetReqAttrib(byte* output, char* pw, int pwPrintableString, /* return size of data set on success
int extSz) * if getting size only then attr and oid should be NULL
*/
static int SetReqAttribSingle(byte* output, int* idx, char* attr, int attrSz,
const byte* oid, int oidSz, byte printable, int extSz)
{
int totalSz = 0;
int seqSz = 0;
int setSz = 0;
int strSz = 0;
byte seq[MAX_SEQ_SZ];
byte set[MAX_SET_SZ];
byte str[MAX_PRSTR_SZ];
totalSz = SetObjectId(oidSz, NULL);
totalSz += oidSz;
if (extSz > 0) {
totalSz += setSz = SetSet(extSz, set);
totalSz += seqSz = SetSequence(totalSz + extSz, seq);
totalSz += extSz;
}
else {
if (printable) {
totalSz += strSz = SetPrintableString(attrSz, str);
}
else {
totalSz += strSz = SetUTF8String(attrSz, str);
}
totalSz += setSz = SetSet(strSz + attrSz, set);
totalSz += seqSz = SetSequence(totalSz + attrSz, seq);
totalSz += attrSz;
}
if (oid) {
XMEMCPY(&output[*idx], seq, seqSz);
*idx += seqSz;
*idx += SetObjectId(oidSz, output + *idx);
XMEMCPY(&output[*idx], oid, oidSz);
*idx += oidSz;
XMEMCPY(&output[*idx], set, setSz);
*idx += setSz;
if (strSz > 0) {
XMEMCPY(&output[*idx], str, strSz);
*idx += strSz;
XMEMCPY(&output[*idx], attr, attrSz);
*idx += attrSz;
}
}
return totalSz;
}
static int SetReqAttrib(byte* output, Cert* cert, int extSz)
{ {
int sz = 0; /* overall size */ int sz = 0; /* overall size */
int cpSz = 0; /* Challenge Password section size */ int setSz = 0;
int cpSeqSz = 0;
int cpSetSz = 0;
int cpStrSz = 0;
int pwSz = 0;
int erSz = 0; /* Extension Request section size */
int erSeqSz = 0;
int erSetSz = 0;
byte cpSeq[MAX_SEQ_SZ];
byte cpSet[MAX_SET_SZ];
byte cpStr[MAX_PRSTR_SZ];
byte erSeq[MAX_SEQ_SZ];
byte erSet[MAX_SET_SZ];
output[0] = ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED; output[0] = ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED;
sz++; sz++;
if (pw && pw[0]) { if (cert->challengePw[0]) {
int cpOidSz = SetObjectId(sizeof(attrChallengePasswordOid), NULL); setSz += SetReqAttribSingle(output, &sz, NULL,
cpOidSz += sizeof(attrChallengePasswordOid); (int)XSTRLEN(cert->challengePw), NULL,
pwSz = (int)XSTRLEN(pw); sizeof(attrChallengePasswordOid),
if (pwPrintableString) { cert->challengePwPrintableString, 0);
cpStrSz = SetPrintableString(pwSz, cpStr); }
} else {
cpStrSz = SetUTF8String(pwSz, cpStr); if (cert->unstructuredName[0]) {
} setSz += SetReqAttribSingle(output, &sz, NULL,
cpSetSz = SetSet(cpStrSz + pwSz, cpSet); (int)XSTRLEN(cert->unstructuredName), NULL,
/* +2 for tag and length parts of the TLV triplet */ sizeof(attrUnstructuredNameOid), 1, 0);
cpSeqSz = SetSequence(cpOidSz + cpSetSz +
cpStrSz + pwSz, cpSeq);
cpSz = cpSeqSz + cpOidSz + cpSetSz +
cpStrSz + pwSz;
} }
if (extSz) { if (extSz) {
int erOidSz = SetObjectId(sizeof(attrExtensionRequestOid), NULL); setSz += SetReqAttribSingle(output, &sz, NULL, 0, NULL,
erOidSz += sizeof(attrExtensionRequestOid); sizeof(attrExtensionRequestOid), 1, extSz);
erSetSz = SetSet(extSz, erSet);
erSeqSz = SetSequence(erSetSz + erOidSz + extSz, erSeq);
erSz = extSz + erSetSz + erSeqSz + erOidSz;
} }
/* Put the pieces together. */ /* Put the pieces together. */
sz += SetLength(cpSz + erSz, &output[sz]); sz += SetLength(setSz, &output[sz]);
if (sz + setSz - extSz > MAX_ATTRIB_SZ) {
if (cpSz) { WOLFSSL_MSG("Attribute Buffer is not big enough!");
XMEMCPY(&output[sz], cpSeq, cpSeqSz); return REQ_ATTRIBUTE_E;
sz += cpSeqSz;
sz += SetObjectId(sizeof(attrChallengePasswordOid), output + sz);
XMEMCPY(&output[sz], attrChallengePasswordOid,
sizeof(attrChallengePasswordOid));
sz += sizeof(attrChallengePasswordOid);
XMEMCPY(&output[sz], cpSet, cpSetSz);
sz += cpSetSz;
XMEMCPY(&output[sz], cpStr, cpStrSz);
sz += cpStrSz;
XMEMCPY(&output[sz], pw, pwSz);
sz += pwSz;
} }
if (erSz) { if (cert->challengePw[0]) {
XMEMCPY(&output[sz], erSeq, erSeqSz); SetReqAttribSingle(output, &sz, cert->challengePw,
sz += erSeqSz; (int)XSTRLEN(cert->challengePw), &attrChallengePasswordOid[0],
sz += SetObjectId(sizeof(attrExtensionRequestOid), output + sz); sizeof(attrChallengePasswordOid),
XMEMCPY(&output[sz], attrExtensionRequestOid, cert->challengePwPrintableString, 0);
sizeof(attrExtensionRequestOid)); }
sz += sizeof(attrExtensionRequestOid);
XMEMCPY(&output[sz], erSet, erSetSz); if (cert->unstructuredName[0]) {
sz += erSetSz; SetReqAttribSingle(output, &sz, cert->unstructuredName,
(int)XSTRLEN(cert->unstructuredName),
&attrUnstructuredNameOid[0],
sizeof(attrUnstructuredNameOid), 1, 0);
}
if (extSz) {
SetReqAttribSingle(output, &sz, NULL, 0, &attrExtensionRequestOid[0],
sizeof(attrExtensionRequestOid), 1, extSz);
/* The actual extension data will be tacked onto the output later. */ /* The actual extension data will be tacked onto the output later. */
} }
@ -26443,9 +26630,7 @@ static int EncodeCertReq(Cert* cert, DerCert* der, RsaKey* rsaKey,
#endif /* WOLFSSL_CERT_EXT */ #endif /* WOLFSSL_CERT_EXT */
} }
der->attribSz = SetReqAttrib(der->attrib, cert->challengePw, der->attribSz = SetReqAttrib(der->attrib, cert, der->extensionsSz);
cert->challengePwPrintableString,
der->extensionsSz);
if (der->attribSz <= 0) if (der->attribSz <= 0)
return REQ_ATTRIBUTE_E; return REQ_ATTRIBUTE_E;
@ -27621,6 +27806,37 @@ static void SetNameFromDcert(CertName* cn, DecodedCert* decoded)
XSTRNCPY(cn->email, decoded->subjectEmail, sz); XSTRNCPY(cn->email, decoded->subjectEmail, sz);
cn->email[sz] = '\0'; cn->email[sz] = '\0';
} }
#if defined(WOLFSSL_CERT_NAME_ALL) && \
(defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT))
if (decoded->subjectN) {
sz = (decoded->subjectNLen < CTC_NAME_SIZE) ? decoded->subjectNLen
: CTC_NAME_SIZE - 1;
XSTRNCPY(cn->dnName, decoded->subjectN, sz);
cn->dnName[sz] = '\0';
cn->dnNameEnc = decoded->subjectNEnc;
}
if (decoded->subjectI) {
sz = (decoded->subjectILen < CTC_NAME_SIZE) ? decoded->subjectILen
: CTC_NAME_SIZE - 1;
XSTRNCPY(cn->initials, decoded->subjectI, sz);
cn->initials[sz] = '\0';
cn->initialsEnc = decoded->subjectIEnc;
}
if (decoded->subjectGN) {
sz = (decoded->subjectGNLen < CTC_NAME_SIZE) ? decoded->subjectGNLen
: CTC_NAME_SIZE - 1;
XSTRNCPY(cn->givenName, decoded->subjectGN, sz);
cn->givenName[sz] = '\0';
cn->givenNameEnc = decoded->subjectGNEnc;
}
if (decoded->subjectDNQ) {
sz = (decoded->subjectDNQLen < CTC_NAME_SIZE) ? decoded->subjectDNQLen
: CTC_NAME_SIZE - 1;
XSTRNCPY(cn->dnQualifier, decoded->subjectDNQ, sz);
cn->dnQualifier[sz] = '\0';
cn->dnQualifierEnc = decoded->subjectDNQEnc;
}
#endif /* WOLFSSL_CERT_NAME_ALL */
} }
#ifndef NO_FILESYSTEM #ifndef NO_FILESYSTEM

39
wolfssl/wolfcrypt/asn.h
View File

@ -674,6 +674,12 @@ enum DN_Tags {
ASN_BUS_CAT = 0x0f, /* businessCategory */ ASN_BUS_CAT = 0x0f, /* businessCategory */
ASN_POSTAL_CODE = 0x11, /* postalCode */ ASN_POSTAL_CODE = 0x11, /* postalCode */
ASN_USER_ID = 0x12, /* UserID */ ASN_USER_ID = 0x12, /* UserID */
#ifdef WOLFSSL_CERT_NAME_ALL
ASN_NAME = 0x2a, /* name */
ASN_GIVEN_NAME = 0x29, /* GN */
ASN_INITIALS = 0x2b, /* initials */
ASN_DNQUALIFIER = 0x2e, /* dnQualifier */
#endif /* WOLFSSL_CERT_NAME_ALL */
ASN_EMAIL_NAME = 0x98, /* not actual OID (see attrEmailOid) */ ASN_EMAIL_NAME = 0x98, /* not actual OID (see attrEmailOid) */
ASN_CUSTOM_NAME = 0x99, /* not actual OID (see CertOidField) */ ASN_CUSTOM_NAME = 0x99, /* not actual OID (see CertOidField) */
@ -703,6 +709,12 @@ extern const WOLFSSL_ObjectInfo wolfssl_object_info[];
#define WOLFSSL_COMMON_NAME "/CN=" #define WOLFSSL_COMMON_NAME "/CN="
#define WOLFSSL_LN_COMMON_NAME "/commonName=" #define WOLFSSL_LN_COMMON_NAME "/commonName="
#define WOLFSSL_SUR_NAME "/SN=" #define WOLFSSL_SUR_NAME "/SN="
#ifdef WOLFSSL_CERT_NAME_ALL
#define WOLFSSL_NAME "/N="
#define WOLFSSL_INITIALS "/initials="
#define WOLFSSL_GIVEN_NAME "/GN="
#define WOLFSSL_DNQUALIFIER "/dnQualifier="
#endif /* WOLFSSL_CERT_NAME_ALL */
#define WOLFSSL_SERIAL_NUMBER "/serialNumber=" #define WOLFSSL_SERIAL_NUMBER "/serialNumber="
#define WOLFSSL_COUNTRY_NAME "/C=" #define WOLFSSL_COUNTRY_NAME "/C="
#define WOLFSSL_LN_COUNTRY_NAME "/countryName=" #define WOLFSSL_LN_COUNTRY_NAME "/countryName="
@ -764,8 +776,8 @@ enum
NID_id_pkix_OCSP_basic = 74, NID_id_pkix_OCSP_basic = 74,
NID_any_policy = 75, NID_any_policy = 75,
NID_anyExtendedKeyUsage = 76, NID_anyExtendedKeyUsage = 76,
NID_givenName = 99, NID_givenName = 99, /* 2.5.4.42 */
NID_initials = 101, NID_initials = 101, /* 2.5.4.43 */
NID_title = 106, NID_title = 106,
NID_description = 107, NID_description = 107,
NID_basic_constraints = 133, NID_basic_constraints = 133,
@ -788,9 +800,10 @@ enum
NID_buildingName = 1494, NID_buildingName = 1494,
NID_dnQualifier = 174, NID_dnQualifier = 174, /* 2.5.4.46 */
NID_commonName = 14, /* CN Changed to not conflict NID_commonName = 14, /* CN Changed to not conflict
* with PBE_SHA1_DES3 */ * with PBE_SHA1_DES3 */
NID_name = 173, /* N , OID = 2.5.4.41 */
NID_surname = 0x04, /* SN */ NID_surname = 0x04, /* SN */
NID_serialNumber = 0x05, /* serialNumber */ NID_serialNumber = 0x05, /* serialNumber */
NID_countryName = 0x06, /* C */ NID_countryName = 0x06, /* C */
@ -918,8 +931,9 @@ enum Misc_ASN {
#ifdef WOLFSSL_CERT_GEN #ifdef WOLFSSL_CERT_GEN
#ifdef WOLFSSL_CERT_REQ #ifdef WOLFSSL_CERT_REQ
/* Max encoded cert req attributes length */ /* Max encoded cert req attributes length */
MAX_ATTRIB_SZ = MAX_SEQ_SZ * 3 + (11 + MAX_SEQ_SZ) * 2 + MAX_ATTRIB_SZ = MAX_SEQ_SZ * 4 + (11 + MAX_SEQ_SZ) * 3 +
MAX_PRSTR_SZ + CTC_NAME_SIZE, /* 11 is the OID size */ MAX_PRSTR_SZ * 2 + CTC_NAME_SIZE * 2,
/* 11 is the OID size */
#endif #endif
#if defined(WOLFSSL_ALT_NAMES) || defined(WOLFSSL_CERT_EXT) #if defined(WOLFSSL_ALT_NAMES) || defined(WOLFSSL_CERT_EXT)
MAX_EXTENSIONS_SZ = 1 + MAX_LENGTH_SZ + CTC_MAX_ALT_SIZE, MAX_EXTENSIONS_SZ = 1 + MAX_LENGTH_SZ + CTC_MAX_ALT_SIZE,
@ -1237,6 +1251,7 @@ enum CsrAttrType {
DNQUALIFIER_OID = 135, DNQUALIFIER_OID = 135,
INITIALS_OID = 132, INITIALS_OID = 132,
SURNAME_OID = 93, SURNAME_OID = 93,
NAME_OID = 130,
GIVEN_NAME_OID = 131, GIVEN_NAME_OID = 131,
}; };
#endif #endif
@ -1647,6 +1662,20 @@ struct DecodedCert {
char* subjectSN; char* subjectSN;
int subjectSNLen; int subjectSNLen;
char subjectSNEnc; char subjectSNEnc;
#ifdef WOLFSSL_CERT_NAME_ALL
char* subjectN;
int subjectNLen;
char subjectNEnc;
char* subjectI;
int subjectILen;
char subjectIEnc;
char* subjectGN;
int subjectGNLen;
char subjectGNEnc;
char* subjectDNQ;
int subjectDNQLen;
char subjectDNQEnc;
#endif /*WOLFSSL_CERT_NAME_ALL */
char* subjectC; char* subjectC;
int subjectCLen; int subjectCLen;
char subjectCEnc; char subjectCEnc;

11
wolfssl/wolfcrypt/asn_public.h
View File

@ -337,6 +337,16 @@ typedef struct CertName {
char localityEnc; char localityEnc;
char sur[CTC_NAME_SIZE]; char sur[CTC_NAME_SIZE];
char surEnc; char surEnc;
#ifdef WOLFSSL_CERT_NAME_ALL
char givenName[CTC_NAME_SIZE];
char givenNameEnc;
char initials[CTC_NAME_SIZE];
char initialsEnc;
char dnQualifier[CTC_NAME_SIZE];
char dnQualifierEnc;
char dnName[CTC_NAME_SIZE];
char dnNameEnc;
#endif /* WOLFSSL_CERT_NAME_ALL */
char org[CTC_NAME_SIZE]; char org[CTC_NAME_SIZE];
char orgEnc; char orgEnc;
char unit[CTC_NAME_SIZE]; char unit[CTC_NAME_SIZE];
@ -435,6 +445,7 @@ typedef struct Cert {
#endif #endif
#ifdef WOLFSSL_CERT_REQ #ifdef WOLFSSL_CERT_REQ
char challengePw[CTC_NAME_SIZE]; char challengePw[CTC_NAME_SIZE];
char unstructuredName[CTC_NAME_SIZE];
int challengePwPrintableString; /* encode as PrintableString */ int challengePwPrintableString; /* encode as PrintableString */
#endif #endif
#ifdef WOLFSSL_CUSTOM_OID #ifdef WOLFSSL_CUSTOM_OID