diff --git a/src/internal.c b/src/internal.c index 1c43733f5..8e559a728 100644 --- a/src/internal.c +++ b/src/internal.c @@ -4018,8 +4018,8 @@ void FreeX509(WOLFSSL_X509* x509) } #endif /* OPENSSL_ALL */ #if defined(WOLFSSL_CERT_REQ) && defined(OPENSSL_ALL) - if (x509->challengePwAttr) { - wolfSSL_X509_ATTRIBUTE_free(x509->challengePwAttr); + if (x509->reqAttributes) { + wolfSSL_sk_pop_free(x509->reqAttributes, NULL); } #endif /* WOLFSSL_CERT_REQ */ if (x509->altNames) { @@ -10559,6 +10559,108 @@ static int CopyAdditionalAltNames(DNS_entry** to, DNS_entry* from, int type, } #endif /* OPENSSL_EXTRA */ +#ifdef WOLFSSL_CERT_REQ +static int CopyREQAttributes(WOLFSSL_X509* x509, DecodedCert* dCert) +{ + int ret = 0; + + if (dCert->cPwd) { + if (dCert->cPwdLen < CTC_NAME_SIZE) { + XMEMCPY(x509->challengePw, dCert->cPwd, dCert->cPwdLen); + x509->challengePw[dCert->cPwdLen] = '\0'; + #ifdef OPENSSL_ALL + if (wolfSSL_X509_REQ_add1_attr_by_NID(x509, + NID_pkcs9_challengePassword, + MBSTRING_ASC, + (const byte*)dCert->cPwd, + dCert->cPwdLen) != WOLFSSL_SUCCESS) { + ret = REQ_ATTRIBUTE_E; + } + #endif + } + else { + WOLFSSL_MSG("Challenge password too long"); + ret = MEMORY_E; + } + } + + if (dCert->contentType) { + if (dCert->contentTypeLen < CTC_NAME_SIZE) { + XMEMCPY(x509->contentType, dCert->contentType, dCert->contentTypeLen); + x509->contentType[dCert->contentTypeLen] = '\0'; + } + #ifdef OPENSSL_ALL + if (wolfSSL_X509_REQ_add1_attr_by_NID(x509, + NID_pkcs9_contentType, + MBSTRING_ASC, + (const byte*)dCert->contentType, + dCert->contentTypeLen) != + WOLFSSL_SUCCESS) { + ret = REQ_ATTRIBUTE_E; + } + #endif + } + + #ifdef OPENSSL_ALL + if (dCert->sNum) { + if (wolfSSL_X509_REQ_add1_attr_by_NID(x509, + NID_serialNumber, + MBSTRING_ASC, + (const byte*)dCert->sNum, + dCert->sNumLen) != WOLFSSL_SUCCESS) { + ret = REQ_ATTRIBUTE_E; + } + } + if (dCert->unstructuredName) { + if (wolfSSL_X509_REQ_add1_attr_by_NID(x509, + NID_pkcs9_unstructuredName, + MBSTRING_ASC, + (const byte*)dCert->unstructuredName, + dCert->unstructuredNameLen) + != WOLFSSL_SUCCESS) { + ret = REQ_ATTRIBUTE_E; + } + } + if (dCert->surname) { + if (wolfSSL_X509_REQ_add1_attr_by_NID(x509, + NID_surname, + MBSTRING_ASC, + (const byte*)dCert->surname, + dCert->surnameLen) != WOLFSSL_SUCCESS) { + ret = REQ_ATTRIBUTE_E; + } + } + if (dCert->givenName) { + if (wolfSSL_X509_REQ_add1_attr_by_NID(x509, + NID_givenName, + MBSTRING_ASC, + (const byte*)dCert->givenName, + dCert->givenNameLen) != WOLFSSL_SUCCESS) { + ret = REQ_ATTRIBUTE_E; + } + } + if (dCert->dnQualifier) { + if (wolfSSL_X509_REQ_add1_attr_by_NID(x509, + NID_dnQualifier, + MBSTRING_ASC, + (const byte*)dCert->dnQualifier, + dCert->dnQualifierLen) != WOLFSSL_SUCCESS) { + ret = REQ_ATTRIBUTE_E; + } + } + if (dCert->initials) { + if (wolfSSL_X509_REQ_add1_attr_by_NID(x509, + NID_initials, + MBSTRING_ASC, + (const byte*)dCert->initials, + dCert->initialsLen) != WOLFSSL_SUCCESS) { + ret = REQ_ATTRIBUTE_E; + } + } + #endif /* OPENSSL_ALL */ + return ret; +} +#endif /* WOLFSSL_CERT_REQ */ /* Copy parts X509 needs from Decoded cert, 0 on success */ /* The same DecodedCert cannot be copied to WOLFSSL_X509 twice otherwise the @@ -10606,41 +10708,10 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) #ifdef WOLFSSL_CERT_REQ x509->isCSR = dCert->isCSR; + /* CSR attributes */ - if (dCert->cPwd) { - if (dCert->cPwdLen < CTC_NAME_SIZE) { - XMEMCPY(x509->challengePw, dCert->cPwd, dCert->cPwdLen); - x509->challengePw[dCert->cPwdLen] = '\0'; -#ifdef OPENSSL_ALL - if (x509->challengePwAttr) { - wolfSSL_X509_ATTRIBUTE_free(x509->challengePwAttr); - } - x509->challengePwAttr = wolfSSL_X509_ATTRIBUTE_new(); - if (x509->challengePwAttr) { - x509->challengePwAttr->value->value.asn1_string = - wolfSSL_ASN1_STRING_new(); - if (wolfSSL_ASN1_STRING_set( - x509->challengePwAttr->value->value.asn1_string, - dCert->cPwd, dCert->cPwdLen) != WOLFSSL_SUCCESS) { - ret = MEMORY_E; - } - x509->challengePwAttr->value->type = V_ASN1_PRINTABLESTRING; - } - else { - ret = MEMORY_E; - } -#endif - } - else { - WOLFSSL_MSG("Challenge password too long"); - ret = MEMORY_E; - } - } - if (dCert->contentType) { - if (dCert->contentTypeLen < CTC_NAME_SIZE) { - XMEMCPY(x509->contentType, dCert->contentType, dCert->contentTypeLen); - x509->contentType[dCert->contentTypeLen] = '\0'; - } + if (x509->isCSR) { + ret = CopyREQAttributes(x509, dCert); } #endif /* WOLFSSL_CERT_REQ */ diff --git a/src/ssl.c b/src/ssl.c index 4678fec9c..ed31a013e 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -18676,6 +18676,7 @@ int wolfSSL_sk_push(WOLFSSL_STACK* sk, const void *data) case STACK_TYPE_STRING: case STACK_TYPE_ACCESS_DESCRIPTION: case STACK_TYPE_X509_EXT: + case STACK_TYPE_X509_REQ_ATTR: case STACK_TYPE_NULL: case STACK_TYPE_X509_NAME: case STACK_TYPE_X509_NAME_ENTRY: @@ -18737,6 +18738,7 @@ int wolfSSL_sk_push(WOLFSSL_STACK* sk, const void *data) case STACK_TYPE_STRING: case STACK_TYPE_ACCESS_DESCRIPTION: case STACK_TYPE_X509_EXT: + case STACK_TYPE_X509_REQ_ATTR: case STACK_TYPE_NULL: case STACK_TYPE_X509_NAME: case STACK_TYPE_X509_NAME_ENTRY: @@ -18823,6 +18825,7 @@ void *wolfSSL_lh_retrieve(WOLFSSL_STACK *sk, void *data) case STACK_TYPE_STRING: case STACK_TYPE_ACCESS_DESCRIPTION: case STACK_TYPE_X509_EXT: + case STACK_TYPE_X509_REQ_ATTR: case STACK_TYPE_NULL: case STACK_TYPE_X509_NAME: case STACK_TYPE_X509_NAME_ENTRY: @@ -18849,6 +18852,7 @@ void *wolfSSL_lh_retrieve(WOLFSSL_STACK *sk, void *data) case STACK_TYPE_STRING: case STACK_TYPE_ACCESS_DESCRIPTION: case STACK_TYPE_X509_EXT: + case STACK_TYPE_X509_REQ_ATTR: case STACK_TYPE_NULL: case STACK_TYPE_X509_NAME: case STACK_TYPE_X509_NAME_ENTRY: @@ -24371,6 +24375,8 @@ void* wolfSSL_sk_value(const WOLFSSL_STACK* sk, int i) return (void*)sk->data.access; case STACK_TYPE_X509_EXT: return (void*)sk->data.ext; + case STACK_TYPE_X509_REQ_ATTR: + return (void*)sk->data.generic; case STACK_TYPE_NULL: return (void*)sk->data.generic; case STACK_TYPE_X509_NAME: @@ -24471,6 +24477,7 @@ WOLFSSL_STACK* wolfSSL_sk_dup(WOLFSSL_STACK* sk) case STACK_TYPE_STRING: case STACK_TYPE_ACCESS_DESCRIPTION: case STACK_TYPE_X509_EXT: + case STACK_TYPE_X509_REQ_ATTR: case STACK_TYPE_NULL: case STACK_TYPE_X509_NAME: case STACK_TYPE_X509_NAME_ENTRY: @@ -24601,6 +24608,12 @@ void wolfSSL_sk_pop_free(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk, func = (wolfSSL_sk_freefunc)wolfSSL_X509_EXTENSION_free; #endif break; + case STACK_TYPE_X509_REQ_ATTR: + #if defined(OPENSSL_ALL) && \ + (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_REQ)) + func = (wolfSSL_sk_freefunc)wolfSSL_X509_ATTRIBUTE_free; + #endif + break; case STACK_TYPE_CONF_VALUE: #ifdef OPENSSL_ALL func = (wolfSSL_sk_freefunc)wolfSSL_X509V3_conf_free; @@ -25361,6 +25374,16 @@ const WOLFSSL_ObjectInfo wolfssl_object_info[] = { oidCsrAttrType, "challengePassword", "challengePassword"}, { NID_pkcs9_contentType, PKCS9_CONTENT_TYPE_OID, oidCsrAttrType, "contentType", "contentType" }, + { NID_pkcs9_unstructuredName, UNSTRUCTURED_NAME_OID, + oidCsrAttrType, "unstructuredName", "unstructuredName" }, + { NID_surname, SURNAME_OID, + oidCsrAttrType, "surname", "surname" }, + { NID_givenName, GIVEN_NAME_OID, + oidCsrAttrType, "givenName", "givenName" }, + { NID_initials, INITIALS_OID, + oidCsrAttrType, "initials", "initials" }, + { NID_dnQualifier, DNQUALIFIER_OID, + oidCsrAttrType, "dnQualifer", "dnQualifier" }, #endif #endif #ifdef OPENSSL_EXTRA /* OPENSSL_EXTRA_X509_SMALL only needs the above */ diff --git a/src/x509.c b/src/x509.c index 64e218b3f..de8033db7 100644 --- a/src/x509.c +++ b/src/x509.c @@ -12255,11 +12255,38 @@ int wolfSSL_X509_REQ_add1_attr_by_txt(WOLFSSL_X509 *req, #endif } + +static int wolfSSL_X509_ATTRIBUTE_set(WOLFSSL_X509_ATTRIBUTE* attr, + const char* data, int dataSz, int type, int nid) +{ + if (attr) { + attr->value->value.asn1_string = wolfSSL_ASN1_STRING_new(); + if (wolfSSL_ASN1_STRING_set(attr->value->value.asn1_string, + data, dataSz) != WOLFSSL_SUCCESS) { + wolfSSL_ASN1_STRING_free(attr->value->value.asn1_string); + WOLFSSL_MSG("wolfSSL_ASN1_STRING_set error"); + return WOLFSSL_FAILURE; + } + attr->value->type = type; + attr->object->nid = nid; + } + else { + WOLFSSL_MSG("wolfSSL_X509_ATTRIBUTE_new error"); + return WOLFSSL_FAILURE; + } + + return WOLFSSL_SUCCESS; +} + + int wolfSSL_X509_REQ_add1_attr_by_NID(WOLFSSL_X509 *req, int nid, int type, const unsigned char *bytes, int len) { + int ret; + WOLFSSL_X509_ATTRIBUTE* attr; + WOLFSSL_ENTER("wolfSSL_X509_REQ_add1_attr_by_NID"); if (!req || !bytes || type != MBSTRING_ASC) { @@ -12279,25 +12306,6 @@ int wolfSSL_X509_REQ_add1_attr_by_NID(WOLFSSL_X509 *req, WOLFSSL_MSG("Challenge password too long"); return WOLFSSL_FAILURE; } - if (req->challengePwAttr) { - wolfSSL_X509_ATTRIBUTE_free(req->challengePwAttr); - } - req->challengePwAttr = wolfSSL_X509_ATTRIBUTE_new(); - if (req->challengePwAttr) { - req->challengePwAttr->value->value.asn1_string = - wolfSSL_ASN1_STRING_new(); - if (wolfSSL_ASN1_STRING_set( - req->challengePwAttr->value->value.asn1_string, - bytes, len) != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("wolfSSL_ASN1_STRING_set error"); - return WOLFSSL_FAILURE; - } - req->challengePwAttr->value->type = V_ASN1_PRINTABLESTRING; - } - else { - WOLFSSL_MSG("wolfSSL_X509_ATTRIBUTE_new error"); - return WOLFSSL_FAILURE; - } break; case NID_serialNumber: if (len < 0) @@ -12309,11 +12317,35 @@ int wolfSSL_X509_REQ_add1_attr_by_NID(WOLFSSL_X509 *req, XMEMCPY(req->serial, bytes, len); req->serialSz = len; break; + + case NID_pkcs9_unstructuredName: + case NID_pkcs9_contentType: + case NID_surname: + case NID_initials: + case NID_givenName: + case NID_dnQualifier: + break; + default: WOLFSSL_MSG("Unsupported attribute"); return WOLFSSL_FAILURE; } - return WOLFSSL_SUCCESS; + + attr = wolfSSL_X509_ATTRIBUTE_new(); + ret = wolfSSL_X509_ATTRIBUTE_set(attr, (const char*)bytes, len, + V_ASN1_PRINTABLESTRING, nid); + if (ret != WOLFSSL_SUCCESS) { + wolfSSL_X509_ATTRIBUTE_free(attr); + } + else { + if (req->reqAttributes == NULL) { + req->reqAttributes = wolfSSL_sk_new_node(req->heap); + req->reqAttributes->type = STACK_TYPE_X509_REQ_ATTR; + } + ret = wolfSSL_sk_push(req->reqAttributes, attr); + } + + return ret; } WOLFSSL_X509 *wolfSSL_X509_to_X509_REQ(WOLFSSL_X509 *x, @@ -12353,6 +12385,20 @@ WOLFSSL_ASN1_TYPE *wolfSSL_X509_ATTRIBUTE_get0_type( return attr->value; } + +/** + * @param req X509_REQ containing attribute + * @return the number of attributes + */ +int wolfSSL_X509_REQ_get_attr_count(const WOLFSSL_X509 *req) +{ + if (req == NULL || req->reqAttributes == NULL) + return 0; + + return wolfSSL_sk_num(req->reqAttributes); +} + + /** * @param req X509_REQ containing attribute * @param loc NID of the attribute to return @@ -12362,40 +12408,49 @@ WOLFSSL_X509_ATTRIBUTE *wolfSSL_X509_REQ_get_attr( { WOLFSSL_ENTER("wolfSSL_X509_REQ_get_attr"); - if (!req) { + if (!req || req->reqAttributes == NULL) { WOLFSSL_MSG("Bad parameter"); return NULL; } - switch (loc) { - case NID_pkcs9_challengePassword: - return req->challengePwAttr; - default: - WOLFSSL_MSG("Unsupported attribute"); - return NULL; - } + return (WOLFSSL_X509_ATTRIBUTE*)wolfSSL_sk_value(req->reqAttributes, loc); } /* Return NID as the attr index */ int wolfSSL_X509_REQ_get_attr_by_NID(const WOLFSSL_X509 *req, int nid, int lastpos) { + WOLFSSL_STACK* sk; + int idx; + WOLFSSL_ENTER("wolfSSL_X509_REQ_get_attr_by_NID"); - /* Since we only support 1 attr per attr type then a lastpos of >= 0 - * indicates that one was already returned */ - if (!req || lastpos >= 0) { + if (!req) { WOLFSSL_MSG("Bad parameter"); return WOLFSSL_FATAL_ERROR; } - switch (nid) { - case NID_pkcs9_challengePassword: - return req->challengePwAttr ? nid : WOLFSSL_FATAL_ERROR; - default: - WOLFSSL_MSG("Unsupported attribute"); - return WOLFSSL_FATAL_ERROR; + /* search through stack for first matching nid */ + idx = lastpos + 1; + do { + sk = wolfSSL_sk_get_node(req->reqAttributes, idx); + if (sk != NULL) { + WOLFSSL_X509_ATTRIBUTE* attr; + attr = (WOLFSSL_X509_ATTRIBUTE*)sk->data.generic; + if (nid == attr->object->nid) { + /* found a match */ + break; + } + } + idx++; + } while (sk != NULL); + + /* no matches found */ + if (sk == NULL) { + idx = WOLFSSL_FATAL_ERROR; } + + return idx; } WOLFSSL_X509_ATTRIBUTE* wolfSSL_X509_ATTRIBUTE_new(void) diff --git a/tests/api.c b/tests/api.c index 9dc341305..1021cfe03 100644 --- a/tests/api.c +++ b/tests/api.c @@ -49934,8 +49934,8 @@ static void test_wolfSSL_d2i_X509_REQ(void) * Obtain the challenge password from the CSR */ AssertIntEQ(X509_REQ_get_attr_by_NID(req, NID_pkcs9_challengePassword, -1), - NID_pkcs9_challengePassword); - AssertNotNull(attr = X509_REQ_get_attr(req, NID_pkcs9_challengePassword)); + 1); + AssertNotNull(attr = X509_REQ_get_attr(req, 1)); AssertNotNull(at = X509_ATTRIBUTE_get0_type(attr, 0)); AssertNotNull(at->value.asn1_string); AssertStrEQ((char*)ASN1_STRING_data(at->value.asn1_string), "2xIE+qqp/rhyTXP+"); @@ -49975,8 +49975,8 @@ static void test_wolfSSL_d2i_X509_REQ(void) * Obtain the challenge password from the CSR */ AssertIntEQ(X509_REQ_get_attr_by_NID(req, NID_pkcs9_challengePassword, -1), - NID_pkcs9_challengePassword); - AssertNotNull(attr = X509_REQ_get_attr(req, NID_pkcs9_challengePassword)); + 0); + AssertNotNull(attr = X509_REQ_get_attr(req, 0)); AssertNotNull(at = X509_ATTRIBUTE_get0_type(attr, 0)); AssertNotNull(at->value.asn1_string); AssertStrEQ((char*)ASN1_STRING_data(at->value.asn1_string), "IGCu/xNL4/0/wOgo"); diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 16f0cef48..3963db19e 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -4088,6 +4088,10 @@ static const byte attrPkcs9ContentTypeOid[] = CSR_ATTR_TYPE_OID_BASE(3); static const byte attrChallengePasswordOid[] = CSR_ATTR_TYPE_OID_BASE(7); static const byte attrExtensionRequestOid[] = CSR_ATTR_TYPE_OID_BASE(14); static const byte attrSerialNumberOid[] = {85, 4, 5}; +static const byte attrDnQualifier[] = {85, 4, 46}; +static const byte attrInitals[] = {85, 4, 43}; +static const byte attrSurname[] = {85, 4, 4}; +static const byte attrGivenName[] = {85, 4, 42}; #endif #endif @@ -4913,6 +4917,22 @@ const byte* OidFromId(word32 id, word32 type, word32* oidSz) #ifdef WOLFSSL_CERT_REQ case oidCsrAttrType: switch (id) { + case GIVEN_NAME_OID: + oid = attrGivenName; + *oidSz = sizeof(attrGivenName); + break; + case SURNAME_OID: + oid = attrSurname; + *oidSz = sizeof(attrSurname); + break; + case INITIALS_OID: + oid = attrInitals; + *oidSz = sizeof(attrInitals); + break; + case DNQUALIFIER_OID: + oid = attrDnQualifier; + *oidSz = sizeof(attrDnQualifier); + break; case UNSTRUCTURED_NAME_OID: oid = attrUnstructuredNameOid; *oidSz = sizeof(attrUnstructuredNameOid); @@ -18721,6 +18741,57 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm) cert->serialSz = cert->sNumLen; } break; + case DNQUALIFIER_OID: + if (GetHeader(cert->source, &tag, + &cert->srcIdx, &len, attrMaxIdx, 1) < 0) { + WOLFSSL_MSG("attr GetHeader error"); + return ASN_PARSE_E; + } + cert->dnQualifier = (char*)cert->source + cert->srcIdx; + cert->dnQualifierLen = len; + cert->srcIdx += len; + break; + case INITIALS_OID: + if (GetHeader(cert->source, &tag, + &cert->srcIdx, &len, attrMaxIdx, 1) < 0) { + WOLFSSL_MSG("attr GetHeader error"); + return ASN_PARSE_E; + } + cert->initials = (char*)cert->source + cert->srcIdx; + cert->initialsLen = len; + cert->srcIdx += len; + break; + case SURNAME_OID: + if (GetHeader(cert->source, &tag, + &cert->srcIdx, &len, attrMaxIdx, 1) < 0) { + WOLFSSL_MSG("attr GetHeader error"); + return ASN_PARSE_E; + } + cert->surname = (char*)cert->source + cert->srcIdx; + cert->surnameLen = len; + cert->srcIdx += len; + break; + case GIVEN_NAME_OID: + if (GetHeader(cert->source, &tag, + &cert->srcIdx, &len, attrMaxIdx, 1) < 0) { + WOLFSSL_MSG("attr GetHeader error"); + return ASN_PARSE_E; + } + cert->givenName = (char*)cert->source + cert->srcIdx; + cert->givenNameLen = len; + cert->srcIdx += len; + break; + case UNSTRUCTURED_NAME_OID: + if (GetHeader(cert->source, &tag, + &cert->srcIdx, &len, attrMaxIdx, 1) < 0) { + WOLFSSL_MSG("attr GetHeader error"); + return ASN_PARSE_E; + } + cert->unstructuredName = + (char*)cert->source + cert->srcIdx; + cert->unstructuredNameLen = len; + cert->srcIdx += len; + break; case EXTENSION_REQUEST_OID: /* save extensions */ cert->extensions = &cert->source[cert->srcIdx]; diff --git a/wolfssl/internal.h b/wolfssl/internal.h index c665a33b8..2b8140993 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -3882,6 +3882,7 @@ typedef enum { STACK_TYPE_DIST_POINT = 15, STACK_TYPE_X509_CRL = 16, STACK_TYPE_X509_NAME_ENTRY = 17, + STACK_TYPE_X509_REQ_ATTR = 18, } WOLF_STACK_TYPE; struct WOLFSSL_STACK { @@ -4063,7 +4064,8 @@ struct WOLFSSL_X509 { char subjectCN[ASN_NAME_MAX]; /* common name short cut */ #if defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_GEN) #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) - WOLFSSL_X509_ATTRIBUTE* challengePwAttr; + /* stack of CSR attributes */ + WOLF_STACK_OF(WOLFSSL_X509_ATRIBUTE)* reqAttributes; #endif #if defined(WOLFSSL_CERT_REQ) char challengePw[CTC_NAME_SIZE]; /* for REQ certs */ diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index df5b535a3..acaa49c66 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -4370,6 +4370,7 @@ WOLFSSL_API WOLFSSL_X509 *wolfSSL_X509_to_X509_REQ(WOLFSSL_X509 *x, #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && defined(WOLFSSL_CERT_GEN) || \ defined(WOLFSSL_CERT_REQ) +WOLFSSL_API int wolfSSL_X509_REQ_get_attr_count(const WOLFSSL_X509 *req); WOLFSSL_API WOLFSSL_X509_ATTRIBUTE *wolfSSL_X509_REQ_get_attr( const WOLFSSL_X509 *req, int loc); WOLFSSL_API int wolfSSL_X509_REQ_get_attr_by_NID(const WOLFSSL_X509 *req, diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 97d154a0f..895b58094 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -788,6 +788,7 @@ enum NID_buildingName = 1494, + NID_dnQualifier = 174, NID_commonName = 14, /* CN Changed to not conflict * with PBE_SHA1_DES3 */ NID_surname = 0x04, /* SN */ @@ -1195,6 +1196,10 @@ enum CsrAttrType { SERIAL_NUMBER_OID = 94, EXTENSION_REQUEST_OID = 666, USER_ID_OID = 865, + DNQUALIFIER_OID = 135, + INITIALS_OID = 132, + SURNAME_OID = 93, + GIVEN_NAME_OID = 131, }; #endif @@ -1665,6 +1670,16 @@ struct DecodedCert { int cPwdLen; char* sNum; /* Serial Number */ int sNumLen; + char* dnQualifier; + int dnQualifierLen; + char* initials; + int initialsLen; + char* surname; + int surnameLen; + char* givenName; + int givenNameLen; + char* unstructuredName; + int unstructuredNameLen; #endif /* WOLFSSL_CERT_REQ */ Signer* ca;