mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2025-07-29 18:27:29 +02:00
Merge pull request #5132 from JacobBarthelmeh/req
Add support for additional CSR attributes
This commit is contained in:
David Garske
GitHub
143
src/internal.c
143
src/internal.c
@ -4018,8 +4018,8 @@ void FreeX509(WOLFSSL_X509* x509)
|
||||
}
|
||||
#endif /* OPENSSL_ALL */
|
||||
#if defined(WOLFSSL_CERT_REQ) && defined(OPENSSL_ALL)
|
||||
if (x509->challengePwAttr) {
|
||||
wolfSSL_X509_ATTRIBUTE_free(x509->challengePwAttr);
|
||||
if (x509->reqAttributes) {
|
||||
wolfSSL_sk_pop_free(x509->reqAttributes, NULL);
|
||||
}
|
||||
#endif /* WOLFSSL_CERT_REQ */
|
||||
if (x509->altNames) {
|
||||
@ -10559,6 +10559,108 @@ static int CopyAdditionalAltNames(DNS_entry** to, DNS_entry* from, int type,
|
||||
}
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
|
||||
#ifdef WOLFSSL_CERT_REQ
|
||||
static int CopyREQAttributes(WOLFSSL_X509* x509, DecodedCert* dCert)
|
||||
{
|
||||
int ret = 0;
|
||||
|
||||
if (dCert->cPwd) {
|
||||
if (dCert->cPwdLen < CTC_NAME_SIZE) {
|
||||
XMEMCPY(x509->challengePw, dCert->cPwd, dCert->cPwdLen);
|
||||
x509->challengePw[dCert->cPwdLen] = '\0';
|
||||
#ifdef OPENSSL_ALL
|
||||
if (wolfSSL_X509_REQ_add1_attr_by_NID(x509,
|
||||
NID_pkcs9_challengePassword,
|
||||
MBSTRING_ASC,
|
||||
(const byte*)dCert->cPwd,
|
||||
dCert->cPwdLen) != WOLFSSL_SUCCESS) {
|
||||
ret = REQ_ATTRIBUTE_E;
|
||||
}
|
||||
#endif
|
||||
}
|
||||
else {
|
||||
WOLFSSL_MSG("Challenge password too long");
|
||||
ret = MEMORY_E;
|
||||
}
|
||||
}
|
||||
|
||||
if (dCert->contentType) {
|
||||
if (dCert->contentTypeLen < CTC_NAME_SIZE) {
|
||||
XMEMCPY(x509->contentType, dCert->contentType, dCert->contentTypeLen);
|
||||
x509->contentType[dCert->contentTypeLen] = '\0';
|
||||
}
|
||||
#ifdef OPENSSL_ALL
|
||||
if (wolfSSL_X509_REQ_add1_attr_by_NID(x509,
|
||||
NID_pkcs9_contentType,
|
||||
MBSTRING_ASC,
|
||||
(const byte*)dCert->contentType,
|
||||
dCert->contentTypeLen) !=
|
||||
WOLFSSL_SUCCESS) {
|
||||
ret = REQ_ATTRIBUTE_E;
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
#ifdef OPENSSL_ALL
|
||||
if (dCert->sNum) {
|
||||
if (wolfSSL_X509_REQ_add1_attr_by_NID(x509,
|
||||
NID_serialNumber,
|
||||
MBSTRING_ASC,
|
||||
(const byte*)dCert->sNum,
|
||||
dCert->sNumLen) != WOLFSSL_SUCCESS) {
|
||||
ret = REQ_ATTRIBUTE_E;
|
||||
}
|
||||
}
|
||||
if (dCert->unstructuredName) {
|
||||
if (wolfSSL_X509_REQ_add1_attr_by_NID(x509,
|
||||
NID_pkcs9_unstructuredName,
|
||||
MBSTRING_ASC,
|
||||
(const byte*)dCert->unstructuredName,
|
||||
dCert->unstructuredNameLen)
|
||||
!= WOLFSSL_SUCCESS) {
|
||||
ret = REQ_ATTRIBUTE_E;
|
||||
}
|
||||
}
|
||||
if (dCert->surname) {
|
||||
if (wolfSSL_X509_REQ_add1_attr_by_NID(x509,
|
||||
NID_surname,
|
||||
MBSTRING_ASC,
|
||||
(const byte*)dCert->surname,
|
||||
dCert->surnameLen) != WOLFSSL_SUCCESS) {
|
||||
ret = REQ_ATTRIBUTE_E;
|
||||
}
|
||||
}
|
||||
if (dCert->givenName) {
|
||||
if (wolfSSL_X509_REQ_add1_attr_by_NID(x509,
|
||||
NID_givenName,
|
||||
MBSTRING_ASC,
|
||||
(const byte*)dCert->givenName,
|
||||
dCert->givenNameLen) != WOLFSSL_SUCCESS) {
|
||||
ret = REQ_ATTRIBUTE_E;
|
||||
}
|
||||
}
|
||||
if (dCert->dnQualifier) {
|
||||
if (wolfSSL_X509_REQ_add1_attr_by_NID(x509,
|
||||
NID_dnQualifier,
|
||||
MBSTRING_ASC,
|
||||
(const byte*)dCert->dnQualifier,
|
||||
dCert->dnQualifierLen) != WOLFSSL_SUCCESS) {
|
||||
ret = REQ_ATTRIBUTE_E;
|
||||
}
|
||||
}
|
||||
if (dCert->initials) {
|
||||
if (wolfSSL_X509_REQ_add1_attr_by_NID(x509,
|
||||
NID_initials,
|
||||
MBSTRING_ASC,
|
||||
(const byte*)dCert->initials,
|
||||
dCert->initialsLen) != WOLFSSL_SUCCESS) {
|
||||
ret = REQ_ATTRIBUTE_E;
|
||||
}
|
||||
}
|
||||
#endif /* OPENSSL_ALL */
|
||||
return ret;
|
||||
}
|
||||
#endif /* WOLFSSL_CERT_REQ */
|
||||
|
||||
/* Copy parts X509 needs from Decoded cert, 0 on success */
|
||||
/* The same DecodedCert cannot be copied to WOLFSSL_X509 twice otherwise the
|
||||
@ -10606,41 +10708,10 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
|
||||
|
||||
#ifdef WOLFSSL_CERT_REQ
|
||||
x509->isCSR = dCert->isCSR;
|
||||
|
||||
/* CSR attributes */
|
||||
if (dCert->cPwd) {
|
||||
if (dCert->cPwdLen < CTC_NAME_SIZE) {
|
||||
XMEMCPY(x509->challengePw, dCert->cPwd, dCert->cPwdLen);
|
||||
x509->challengePw[dCert->cPwdLen] = '\0';
|
||||
#ifdef OPENSSL_ALL
|
||||
if (x509->challengePwAttr) {
|
||||
wolfSSL_X509_ATTRIBUTE_free(x509->challengePwAttr);
|
||||
}
|
||||
x509->challengePwAttr = wolfSSL_X509_ATTRIBUTE_new();
|
||||
if (x509->challengePwAttr) {
|
||||
x509->challengePwAttr->value->value.asn1_string =
|
||||
wolfSSL_ASN1_STRING_new();
|
||||
if (wolfSSL_ASN1_STRING_set(
|
||||
x509->challengePwAttr->value->value.asn1_string,
|
||||
dCert->cPwd, dCert->cPwdLen) != WOLFSSL_SUCCESS) {
|
||||
ret = MEMORY_E;
|
||||
}
|
||||
x509->challengePwAttr->value->type = V_ASN1_PRINTABLESTRING;
|
||||
}
|
||||
else {
|
||||
ret = MEMORY_E;
|
||||
}
|
||||
#endif
|
||||
}
|
||||
else {
|
||||
WOLFSSL_MSG("Challenge password too long");
|
||||
ret = MEMORY_E;
|
||||
}
|
||||
}
|
||||
if (dCert->contentType) {
|
||||
if (dCert->contentTypeLen < CTC_NAME_SIZE) {
|
||||
XMEMCPY(x509->contentType, dCert->contentType, dCert->contentTypeLen);
|
||||
x509->contentType[dCert->contentTypeLen] = '\0';
|
||||
}
|
||||
if (x509->isCSR) {
|
||||
ret = CopyREQAttributes(x509, dCert);
|
||||
}
|
||||
#endif /* WOLFSSL_CERT_REQ */
|
||||
|
||||
|
||||
23
src/ssl.c
23
src/ssl.c
@ -18676,6 +18676,7 @@ int wolfSSL_sk_push(WOLFSSL_STACK* sk, const void *data)
|
||||
case STACK_TYPE_STRING:
|
||||
case STACK_TYPE_ACCESS_DESCRIPTION:
|
||||
case STACK_TYPE_X509_EXT:
|
||||
case STACK_TYPE_X509_REQ_ATTR:
|
||||
case STACK_TYPE_NULL:
|
||||
case STACK_TYPE_X509_NAME:
|
||||
case STACK_TYPE_X509_NAME_ENTRY:
|
||||
@ -18737,6 +18738,7 @@ int wolfSSL_sk_push(WOLFSSL_STACK* sk, const void *data)
|
||||
case STACK_TYPE_STRING:
|
||||
case STACK_TYPE_ACCESS_DESCRIPTION:
|
||||
case STACK_TYPE_X509_EXT:
|
||||
case STACK_TYPE_X509_REQ_ATTR:
|
||||
case STACK_TYPE_NULL:
|
||||
case STACK_TYPE_X509_NAME:
|
||||
case STACK_TYPE_X509_NAME_ENTRY:
|
||||
@ -18823,6 +18825,7 @@ void *wolfSSL_lh_retrieve(WOLFSSL_STACK *sk, void *data)
|
||||
case STACK_TYPE_STRING:
|
||||
case STACK_TYPE_ACCESS_DESCRIPTION:
|
||||
case STACK_TYPE_X509_EXT:
|
||||
case STACK_TYPE_X509_REQ_ATTR:
|
||||
case STACK_TYPE_NULL:
|
||||
case STACK_TYPE_X509_NAME:
|
||||
case STACK_TYPE_X509_NAME_ENTRY:
|
||||
@ -18849,6 +18852,7 @@ void *wolfSSL_lh_retrieve(WOLFSSL_STACK *sk, void *data)
|
||||
case STACK_TYPE_STRING:
|
||||
case STACK_TYPE_ACCESS_DESCRIPTION:
|
||||
case STACK_TYPE_X509_EXT:
|
||||
case STACK_TYPE_X509_REQ_ATTR:
|
||||
case STACK_TYPE_NULL:
|
||||
case STACK_TYPE_X509_NAME:
|
||||
case STACK_TYPE_X509_NAME_ENTRY:
|
||||
@ -24371,6 +24375,8 @@ void* wolfSSL_sk_value(const WOLFSSL_STACK* sk, int i)
|
||||
return (void*)sk->data.access;
|
||||
case STACK_TYPE_X509_EXT:
|
||||
return (void*)sk->data.ext;
|
||||
case STACK_TYPE_X509_REQ_ATTR:
|
||||
return (void*)sk->data.generic;
|
||||
case STACK_TYPE_NULL:
|
||||
return (void*)sk->data.generic;
|
||||
case STACK_TYPE_X509_NAME:
|
||||
@ -24471,6 +24477,7 @@ WOLFSSL_STACK* wolfSSL_sk_dup(WOLFSSL_STACK* sk)
|
||||
case STACK_TYPE_STRING:
|
||||
case STACK_TYPE_ACCESS_DESCRIPTION:
|
||||
case STACK_TYPE_X509_EXT:
|
||||
case STACK_TYPE_X509_REQ_ATTR:
|
||||
case STACK_TYPE_NULL:
|
||||
case STACK_TYPE_X509_NAME:
|
||||
case STACK_TYPE_X509_NAME_ENTRY:
|
||||
@ -24601,6 +24608,12 @@ void wolfSSL_sk_pop_free(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk,
|
||||
func = (wolfSSL_sk_freefunc)wolfSSL_X509_EXTENSION_free;
|
||||
#endif
|
||||
break;
|
||||
case STACK_TYPE_X509_REQ_ATTR:
|
||||
#if defined(OPENSSL_ALL) && \
|
||||
(defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_REQ))
|
||||
func = (wolfSSL_sk_freefunc)wolfSSL_X509_ATTRIBUTE_free;
|
||||
#endif
|
||||
break;
|
||||
case STACK_TYPE_CONF_VALUE:
|
||||
#ifdef OPENSSL_ALL
|
||||
func = (wolfSSL_sk_freefunc)wolfSSL_X509V3_conf_free;
|
||||
@ -25361,6 +25374,16 @@ const WOLFSSL_ObjectInfo wolfssl_object_info[] = {
|
||||
oidCsrAttrType, "challengePassword", "challengePassword"},
|
||||
{ NID_pkcs9_contentType, PKCS9_CONTENT_TYPE_OID,
|
||||
oidCsrAttrType, "contentType", "contentType" },
|
||||
{ NID_pkcs9_unstructuredName, UNSTRUCTURED_NAME_OID,
|
||||
oidCsrAttrType, "unstructuredName", "unstructuredName" },
|
||||
{ NID_surname, SURNAME_OID,
|
||||
oidCsrAttrType, "surname", "surname" },
|
||||
{ NID_givenName, GIVEN_NAME_OID,
|
||||
oidCsrAttrType, "givenName", "givenName" },
|
||||
{ NID_initials, INITIALS_OID,
|
||||
oidCsrAttrType, "initials", "initials" },
|
||||
{ NID_dnQualifier, DNQUALIFIER_OID,
|
||||
oidCsrAttrType, "dnQualifer", "dnQualifier" },
|
||||
#endif
|
||||
#endif
|
||||
#ifdef OPENSSL_EXTRA /* OPENSSL_EXTRA_X509_SMALL only needs the above */
|
||||
|
||||
129
src/x509.c
129
src/x509.c
@ -12255,11 +12255,38 @@ int wolfSSL_X509_REQ_add1_attr_by_txt(WOLFSSL_X509 *req,
|
||||
#endif
|
||||
}
|
||||
|
||||
|
||||
static int wolfSSL_X509_ATTRIBUTE_set(WOLFSSL_X509_ATTRIBUTE* attr,
|
||||
const char* data, int dataSz, int type, int nid)
|
||||
{
|
||||
if (attr) {
|
||||
attr->value->value.asn1_string = wolfSSL_ASN1_STRING_new();
|
||||
if (wolfSSL_ASN1_STRING_set(attr->value->value.asn1_string,
|
||||
data, dataSz) != WOLFSSL_SUCCESS) {
|
||||
wolfSSL_ASN1_STRING_free(attr->value->value.asn1_string);
|
||||
WOLFSSL_MSG("wolfSSL_ASN1_STRING_set error");
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
attr->value->type = type;
|
||||
attr->object->nid = nid;
|
||||
}
|
||||
else {
|
||||
WOLFSSL_MSG("wolfSSL_X509_ATTRIBUTE_new error");
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
return WOLFSSL_SUCCESS;
|
||||
}
|
||||
|
||||
|
||||
int wolfSSL_X509_REQ_add1_attr_by_NID(WOLFSSL_X509 *req,
|
||||
int nid, int type,
|
||||
const unsigned char *bytes,
|
||||
int len)
|
||||
{
|
||||
int ret;
|
||||
WOLFSSL_X509_ATTRIBUTE* attr;
|
||||
|
||||
WOLFSSL_ENTER("wolfSSL_X509_REQ_add1_attr_by_NID");
|
||||
|
||||
if (!req || !bytes || type != MBSTRING_ASC) {
|
||||
@ -12279,25 +12306,6 @@ int wolfSSL_X509_REQ_add1_attr_by_NID(WOLFSSL_X509 *req,
|
||||
WOLFSSL_MSG("Challenge password too long");
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
if (req->challengePwAttr) {
|
||||
wolfSSL_X509_ATTRIBUTE_free(req->challengePwAttr);
|
||||
}
|
||||
req->challengePwAttr = wolfSSL_X509_ATTRIBUTE_new();
|
||||
if (req->challengePwAttr) {
|
||||
req->challengePwAttr->value->value.asn1_string =
|
||||
wolfSSL_ASN1_STRING_new();
|
||||
if (wolfSSL_ASN1_STRING_set(
|
||||
req->challengePwAttr->value->value.asn1_string,
|
||||
bytes, len) != WOLFSSL_SUCCESS) {
|
||||
WOLFSSL_MSG("wolfSSL_ASN1_STRING_set error");
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
req->challengePwAttr->value->type = V_ASN1_PRINTABLESTRING;
|
||||
}
|
||||
else {
|
||||
WOLFSSL_MSG("wolfSSL_X509_ATTRIBUTE_new error");
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
break;
|
||||
case NID_serialNumber:
|
||||
if (len < 0)
|
||||
@ -12309,11 +12317,35 @@ int wolfSSL_X509_REQ_add1_attr_by_NID(WOLFSSL_X509 *req,
|
||||
XMEMCPY(req->serial, bytes, len);
|
||||
req->serialSz = len;
|
||||
break;
|
||||
|
||||
case NID_pkcs9_unstructuredName:
|
||||
case NID_pkcs9_contentType:
|
||||
case NID_surname:
|
||||
case NID_initials:
|
||||
case NID_givenName:
|
||||
case NID_dnQualifier:
|
||||
break;
|
||||
|
||||
default:
|
||||
WOLFSSL_MSG("Unsupported attribute");
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
return WOLFSSL_SUCCESS;
|
||||
|
||||
attr = wolfSSL_X509_ATTRIBUTE_new();
|
||||
ret = wolfSSL_X509_ATTRIBUTE_set(attr, (const char*)bytes, len,
|
||||
V_ASN1_PRINTABLESTRING, nid);
|
||||
if (ret != WOLFSSL_SUCCESS) {
|
||||
wolfSSL_X509_ATTRIBUTE_free(attr);
|
||||
}
|
||||
else {
|
||||
if (req->reqAttributes == NULL) {
|
||||
req->reqAttributes = wolfSSL_sk_new_node(req->heap);
|
||||
req->reqAttributes->type = STACK_TYPE_X509_REQ_ATTR;
|
||||
}
|
||||
ret = wolfSSL_sk_push(req->reqAttributes, attr);
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
WOLFSSL_X509 *wolfSSL_X509_to_X509_REQ(WOLFSSL_X509 *x,
|
||||
@ -12353,6 +12385,20 @@ WOLFSSL_ASN1_TYPE *wolfSSL_X509_ATTRIBUTE_get0_type(
|
||||
return attr->value;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* @param req X509_REQ containing attribute
|
||||
* @return the number of attributes
|
||||
*/
|
||||
int wolfSSL_X509_REQ_get_attr_count(const WOLFSSL_X509 *req)
|
||||
{
|
||||
if (req == NULL || req->reqAttributes == NULL)
|
||||
return 0;
|
||||
|
||||
return wolfSSL_sk_num(req->reqAttributes);
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* @param req X509_REQ containing attribute
|
||||
* @param loc NID of the attribute to return
|
||||
@ -12362,40 +12408,49 @@ WOLFSSL_X509_ATTRIBUTE *wolfSSL_X509_REQ_get_attr(
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_X509_REQ_get_attr");
|
||||
|
||||
if (!req) {
|
||||
if (!req || req->reqAttributes == NULL) {
|
||||
WOLFSSL_MSG("Bad parameter");
|
||||
return NULL;
|
||||
}
|
||||
|
||||
switch (loc) {
|
||||
case NID_pkcs9_challengePassword:
|
||||
return req->challengePwAttr;
|
||||
default:
|
||||
WOLFSSL_MSG("Unsupported attribute");
|
||||
return NULL;
|
||||
}
|
||||
return (WOLFSSL_X509_ATTRIBUTE*)wolfSSL_sk_value(req->reqAttributes, loc);
|
||||
}
|
||||
|
||||
/* Return NID as the attr index */
|
||||
int wolfSSL_X509_REQ_get_attr_by_NID(const WOLFSSL_X509 *req,
|
||||
int nid, int lastpos)
|
||||
{
|
||||
WOLFSSL_STACK* sk;
|
||||
int idx;
|
||||
|
||||
WOLFSSL_ENTER("wolfSSL_X509_REQ_get_attr_by_NID");
|
||||
|
||||
/* Since we only support 1 attr per attr type then a lastpos of >= 0
|
||||
* indicates that one was already returned */
|
||||
if (!req || lastpos >= 0) {
|
||||
if (!req) {
|
||||
WOLFSSL_MSG("Bad parameter");
|
||||
return WOLFSSL_FATAL_ERROR;
|
||||
}
|
||||
|
||||
switch (nid) {
|
||||
case NID_pkcs9_challengePassword:
|
||||
return req->challengePwAttr ? nid : WOLFSSL_FATAL_ERROR;
|
||||
default:
|
||||
WOLFSSL_MSG("Unsupported attribute");
|
||||
return WOLFSSL_FATAL_ERROR;
|
||||
/* search through stack for first matching nid */
|
||||
idx = lastpos + 1;
|
||||
do {
|
||||
sk = wolfSSL_sk_get_node(req->reqAttributes, idx);
|
||||
if (sk != NULL) {
|
||||
WOLFSSL_X509_ATTRIBUTE* attr;
|
||||
attr = (WOLFSSL_X509_ATTRIBUTE*)sk->data.generic;
|
||||
if (nid == attr->object->nid) {
|
||||
/* found a match */
|
||||
break;
|
||||
}
|
||||
}
|
||||
idx++;
|
||||
} while (sk != NULL);
|
||||
|
||||
/* no matches found */
|
||||
if (sk == NULL) {
|
||||
idx = WOLFSSL_FATAL_ERROR;
|
||||
}
|
||||
|
||||
return idx;
|
||||
}
|
||||
|
||||
WOLFSSL_X509_ATTRIBUTE* wolfSSL_X509_ATTRIBUTE_new(void)
|
||||
|
||||
@ -49934,8 +49934,8 @@ static void test_wolfSSL_d2i_X509_REQ(void)
|
||||
* Obtain the challenge password from the CSR
|
||||
*/
|
||||
AssertIntEQ(X509_REQ_get_attr_by_NID(req, NID_pkcs9_challengePassword, -1),
|
||||
NID_pkcs9_challengePassword);
|
||||
AssertNotNull(attr = X509_REQ_get_attr(req, NID_pkcs9_challengePassword));
|
||||
1);
|
||||
AssertNotNull(attr = X509_REQ_get_attr(req, 1));
|
||||
AssertNotNull(at = X509_ATTRIBUTE_get0_type(attr, 0));
|
||||
AssertNotNull(at->value.asn1_string);
|
||||
AssertStrEQ((char*)ASN1_STRING_data(at->value.asn1_string), "2xIE+qqp/rhyTXP+");
|
||||
@ -49975,8 +49975,8 @@ static void test_wolfSSL_d2i_X509_REQ(void)
|
||||
* Obtain the challenge password from the CSR
|
||||
*/
|
||||
AssertIntEQ(X509_REQ_get_attr_by_NID(req, NID_pkcs9_challengePassword, -1),
|
||||
NID_pkcs9_challengePassword);
|
||||
AssertNotNull(attr = X509_REQ_get_attr(req, NID_pkcs9_challengePassword));
|
||||
0);
|
||||
AssertNotNull(attr = X509_REQ_get_attr(req, 0));
|
||||
AssertNotNull(at = X509_ATTRIBUTE_get0_type(attr, 0));
|
||||
AssertNotNull(at->value.asn1_string);
|
||||
AssertStrEQ((char*)ASN1_STRING_data(at->value.asn1_string), "IGCu/xNL4/0/wOgo");
|
||||
|
||||
@ -4088,6 +4088,10 @@ static const byte attrPkcs9ContentTypeOid[] = CSR_ATTR_TYPE_OID_BASE(3);
|
||||
static const byte attrChallengePasswordOid[] = CSR_ATTR_TYPE_OID_BASE(7);
|
||||
static const byte attrExtensionRequestOid[] = CSR_ATTR_TYPE_OID_BASE(14);
|
||||
static const byte attrSerialNumberOid[] = {85, 4, 5};
|
||||
static const byte attrDnQualifier[] = {85, 4, 46};
|
||||
static const byte attrInitals[] = {85, 4, 43};
|
||||
static const byte attrSurname[] = {85, 4, 4};
|
||||
static const byte attrGivenName[] = {85, 4, 42};
|
||||
#endif
|
||||
#endif
|
||||
|
||||
@ -4913,6 +4917,22 @@ const byte* OidFromId(word32 id, word32 type, word32* oidSz)
|
||||
#ifdef WOLFSSL_CERT_REQ
|
||||
case oidCsrAttrType:
|
||||
switch (id) {
|
||||
case GIVEN_NAME_OID:
|
||||
oid = attrGivenName;
|
||||
*oidSz = sizeof(attrGivenName);
|
||||
break;
|
||||
case SURNAME_OID:
|
||||
oid = attrSurname;
|
||||
*oidSz = sizeof(attrSurname);
|
||||
break;
|
||||
case INITIALS_OID:
|
||||
oid = attrInitals;
|
||||
*oidSz = sizeof(attrInitals);
|
||||
break;
|
||||
case DNQUALIFIER_OID:
|
||||
oid = attrDnQualifier;
|
||||
*oidSz = sizeof(attrDnQualifier);
|
||||
break;
|
||||
case UNSTRUCTURED_NAME_OID:
|
||||
oid = attrUnstructuredNameOid;
|
||||
*oidSz = sizeof(attrUnstructuredNameOid);
|
||||
@ -18721,6 +18741,57 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
|
||||
cert->serialSz = cert->sNumLen;
|
||||
}
|
||||
break;
|
||||
case DNQUALIFIER_OID:
|
||||
if (GetHeader(cert->source, &tag,
|
||||
&cert->srcIdx, &len, attrMaxIdx, 1) < 0) {
|
||||
WOLFSSL_MSG("attr GetHeader error");
|
||||
return ASN_PARSE_E;
|
||||
}
|
||||
cert->dnQualifier = (char*)cert->source + cert->srcIdx;
|
||||
cert->dnQualifierLen = len;
|
||||
cert->srcIdx += len;
|
||||
break;
|
||||
case INITIALS_OID:
|
||||
if (GetHeader(cert->source, &tag,
|
||||
&cert->srcIdx, &len, attrMaxIdx, 1) < 0) {
|
||||
WOLFSSL_MSG("attr GetHeader error");
|
||||
return ASN_PARSE_E;
|
||||
}
|
||||
cert->initials = (char*)cert->source + cert->srcIdx;
|
||||
cert->initialsLen = len;
|
||||
cert->srcIdx += len;
|
||||
break;
|
||||
case SURNAME_OID:
|
||||
if (GetHeader(cert->source, &tag,
|
||||
&cert->srcIdx, &len, attrMaxIdx, 1) < 0) {
|
||||
WOLFSSL_MSG("attr GetHeader error");
|
||||
return ASN_PARSE_E;
|
||||
}
|
||||
cert->surname = (char*)cert->source + cert->srcIdx;
|
||||
cert->surnameLen = len;
|
||||
cert->srcIdx += len;
|
||||
break;
|
||||
case GIVEN_NAME_OID:
|
||||
if (GetHeader(cert->source, &tag,
|
||||
&cert->srcIdx, &len, attrMaxIdx, 1) < 0) {
|
||||
WOLFSSL_MSG("attr GetHeader error");
|
||||
return ASN_PARSE_E;
|
||||
}
|
||||
cert->givenName = (char*)cert->source + cert->srcIdx;
|
||||
cert->givenNameLen = len;
|
||||
cert->srcIdx += len;
|
||||
break;
|
||||
case UNSTRUCTURED_NAME_OID:
|
||||
if (GetHeader(cert->source, &tag,
|
||||
&cert->srcIdx, &len, attrMaxIdx, 1) < 0) {
|
||||
WOLFSSL_MSG("attr GetHeader error");
|
||||
return ASN_PARSE_E;
|
||||
}
|
||||
cert->unstructuredName =
|
||||
(char*)cert->source + cert->srcIdx;
|
||||
cert->unstructuredNameLen = len;
|
||||
cert->srcIdx += len;
|
||||
break;
|
||||
case EXTENSION_REQUEST_OID:
|
||||
/* save extensions */
|
||||
cert->extensions = &cert->source[cert->srcIdx];
|
||||
|
||||
@ -3882,6 +3882,7 @@ typedef enum {
|
||||
STACK_TYPE_DIST_POINT = 15,
|
||||
STACK_TYPE_X509_CRL = 16,
|
||||
STACK_TYPE_X509_NAME_ENTRY = 17,
|
||||
STACK_TYPE_X509_REQ_ATTR = 18,
|
||||
} WOLF_STACK_TYPE;
|
||||
|
||||
struct WOLFSSL_STACK {
|
||||
@ -4063,7 +4064,8 @@ struct WOLFSSL_X509 {
|
||||
char subjectCN[ASN_NAME_MAX]; /* common name short cut */
|
||||
#if defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_GEN)
|
||||
#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)
|
||||
WOLFSSL_X509_ATTRIBUTE* challengePwAttr;
|
||||
/* stack of CSR attributes */
|
||||
WOLF_STACK_OF(WOLFSSL_X509_ATRIBUTE)* reqAttributes;
|
||||
#endif
|
||||
#if defined(WOLFSSL_CERT_REQ)
|
||||
char challengePw[CTC_NAME_SIZE]; /* for REQ certs */
|
||||
|
||||
@ -4370,6 +4370,7 @@ WOLFSSL_API WOLFSSL_X509 *wolfSSL_X509_to_X509_REQ(WOLFSSL_X509 *x,
|
||||
|
||||
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && defined(WOLFSSL_CERT_GEN) || \
|
||||
defined(WOLFSSL_CERT_REQ)
|
||||
WOLFSSL_API int wolfSSL_X509_REQ_get_attr_count(const WOLFSSL_X509 *req);
|
||||
WOLFSSL_API WOLFSSL_X509_ATTRIBUTE *wolfSSL_X509_REQ_get_attr(
|
||||
const WOLFSSL_X509 *req, int loc);
|
||||
WOLFSSL_API int wolfSSL_X509_REQ_get_attr_by_NID(const WOLFSSL_X509 *req,
|
||||
|
||||
@ -788,6 +788,7 @@ enum
|
||||
NID_buildingName = 1494,
|
||||
|
||||
|
||||
NID_dnQualifier = 174,
|
||||
NID_commonName = 14, /* CN Changed to not conflict
|
||||
* with PBE_SHA1_DES3 */
|
||||
NID_surname = 0x04, /* SN */
|
||||
@ -1195,6 +1196,10 @@ enum CsrAttrType {
|
||||
SERIAL_NUMBER_OID = 94,
|
||||
EXTENSION_REQUEST_OID = 666,
|
||||
USER_ID_OID = 865,
|
||||
DNQUALIFIER_OID = 135,
|
||||
INITIALS_OID = 132,
|
||||
SURNAME_OID = 93,
|
||||
GIVEN_NAME_OID = 131,
|
||||
};
|
||||
#endif
|
||||
|
||||
@ -1665,6 +1670,16 @@ struct DecodedCert {
|
||||
int cPwdLen;
|
||||
char* sNum; /* Serial Number */
|
||||
int sNumLen;
|
||||
char* dnQualifier;
|
||||
int dnQualifierLen;
|
||||
char* initials;
|
||||
int initialsLen;
|
||||
char* surname;
|
||||
int surnameLen;
|
||||
char* givenName;
|
||||
int givenNameLen;
|
||||
char* unstructuredName;
|
||||
int unstructuredNameLen;
|
||||
#endif /* WOLFSSL_CERT_REQ */
|
||||
|
||||
Signer* ca;
|
||||
|
||||
Reference in New Issue
Block a user