wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-31 11:17:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5132 from JacobBarthelmeh/req

Browse Source 
Add support for additional CSR attributes
This commit is contained in:
David Garske
2022-05-25 13:35:46 -07:00
committed by GitHub
parent e8d779ab78 fb9b96d498
commit fa80aa6505
8 changed files with 316 additions and 78 deletions
Download Patch File Download Diff File Expand all files Collapse all files

143
src/internal.c
View File

@ -4018,8 +4018,8 @@ void FreeX509(WOLFSSL_X509* x509)
} }
#endif /* OPENSSL_ALL */ #endif /* OPENSSL_ALL */
#if defined(WOLFSSL_CERT_REQ) && defined(OPENSSL_ALL) #if defined(WOLFSSL_CERT_REQ) && defined(OPENSSL_ALL)
if (x509->challengePwAttr) { if (x509->reqAttributes) {
wolfSSL_X509_ATTRIBUTE_free(x509->challengePwAttr); wolfSSL_sk_pop_free(x509->reqAttributes, NULL);
} }
#endif /* WOLFSSL_CERT_REQ */ #endif /* WOLFSSL_CERT_REQ */
if (x509->altNames) { if (x509->altNames) {
@ -10559,6 +10559,108 @@ static int CopyAdditionalAltNames(DNS_entry** to, DNS_entry* from, int type,
} }
#endif /* OPENSSL_EXTRA */ #endif /* OPENSSL_EXTRA */
#ifdef WOLFSSL_CERT_REQ
static int CopyREQAttributes(WOLFSSL_X509* x509, DecodedCert* dCert)
{
int ret = 0;
if (dCert->cPwd) {
if (dCert->cPwdLen < CTC_NAME_SIZE) {
XMEMCPY(x509->challengePw, dCert->cPwd, dCert->cPwdLen);
x509->challengePw[dCert->cPwdLen] = '\0';
#ifdef OPENSSL_ALL
if (wolfSSL_X509_REQ_add1_attr_by_NID(x509,
NID_pkcs9_challengePassword,
MBSTRING_ASC,
(const byte*)dCert->cPwd,
dCert->cPwdLen) != WOLFSSL_SUCCESS) {
ret = REQ_ATTRIBUTE_E;
}
#endif
}
else {
WOLFSSL_MSG("Challenge password too long");
ret = MEMORY_E;
}
}
if (dCert->contentType) {
if (dCert->contentTypeLen < CTC_NAME_SIZE) {
XMEMCPY(x509->contentType, dCert->contentType, dCert->contentTypeLen);
x509->contentType[dCert->contentTypeLen] = '\0';
}
#ifdef OPENSSL_ALL
if (wolfSSL_X509_REQ_add1_attr_by_NID(x509,
NID_pkcs9_contentType,
MBSTRING_ASC,
(const byte*)dCert->contentType,
dCert->contentTypeLen) !=
WOLFSSL_SUCCESS) {
ret = REQ_ATTRIBUTE_E;
}
#endif
}
#ifdef OPENSSL_ALL
if (dCert->sNum) {
if (wolfSSL_X509_REQ_add1_attr_by_NID(x509,
NID_serialNumber,
MBSTRING_ASC,
(const byte*)dCert->sNum,
dCert->sNumLen) != WOLFSSL_SUCCESS) {
ret = REQ_ATTRIBUTE_E;
}
}
if (dCert->unstructuredName) {
if (wolfSSL_X509_REQ_add1_attr_by_NID(x509,
NID_pkcs9_unstructuredName,
MBSTRING_ASC,
(const byte*)dCert->unstructuredName,
dCert->unstructuredNameLen)
!= WOLFSSL_SUCCESS) {
ret = REQ_ATTRIBUTE_E;
}
}
if (dCert->surname) {
if (wolfSSL_X509_REQ_add1_attr_by_NID(x509,
NID_surname,
MBSTRING_ASC,
(const byte*)dCert->surname,
dCert->surnameLen) != WOLFSSL_SUCCESS) {
ret = REQ_ATTRIBUTE_E;
}
}
if (dCert->givenName) {
if (wolfSSL_X509_REQ_add1_attr_by_NID(x509,
NID_givenName,
MBSTRING_ASC,
(const byte*)dCert->givenName,
dCert->givenNameLen) != WOLFSSL_SUCCESS) {
ret = REQ_ATTRIBUTE_E;
}
}
if (dCert->dnQualifier) {
if (wolfSSL_X509_REQ_add1_attr_by_NID(x509,
NID_dnQualifier,
MBSTRING_ASC,
(const byte*)dCert->dnQualifier,
dCert->dnQualifierLen) != WOLFSSL_SUCCESS) {
ret = REQ_ATTRIBUTE_E;
}
}
if (dCert->initials) {
if (wolfSSL_X509_REQ_add1_attr_by_NID(x509,
NID_initials,
MBSTRING_ASC,
(const byte*)dCert->initials,
dCert->initialsLen) != WOLFSSL_SUCCESS) {
ret = REQ_ATTRIBUTE_E;
}
}
#endif /* OPENSSL_ALL */
return ret;
}
#endif /* WOLFSSL_CERT_REQ */
/* Copy parts X509 needs from Decoded cert, 0 on success */ /* Copy parts X509 needs from Decoded cert, 0 on success */
/* The same DecodedCert cannot be copied to WOLFSSL_X509 twice otherwise the /* The same DecodedCert cannot be copied to WOLFSSL_X509 twice otherwise the
@ -10606,41 +10708,10 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
#ifdef WOLFSSL_CERT_REQ #ifdef WOLFSSL_CERT_REQ
x509->isCSR = dCert->isCSR; x509->isCSR = dCert->isCSR;
/* CSR attributes */ /* CSR attributes */
if (dCert->cPwd) { if (x509->isCSR) {
if (dCert->cPwdLen < CTC_NAME_SIZE) { ret = CopyREQAttributes(x509, dCert);
XMEMCPY(x509->challengePw, dCert->cPwd, dCert->cPwdLen);
x509->challengePw[dCert->cPwdLen] = '\0';
#ifdef OPENSSL_ALL
if (x509->challengePwAttr) {
wolfSSL_X509_ATTRIBUTE_free(x509->challengePwAttr);
}
x509->challengePwAttr = wolfSSL_X509_ATTRIBUTE_new();
if (x509->challengePwAttr) {
x509->challengePwAttr->value->value.asn1_string =
wolfSSL_ASN1_STRING_new();
if (wolfSSL_ASN1_STRING_set(
x509->challengePwAttr->value->value.asn1_string,
dCert->cPwd, dCert->cPwdLen) != WOLFSSL_SUCCESS) {
ret = MEMORY_E;
}
x509->challengePwAttr->value->type = V_ASN1_PRINTABLESTRING;
}
else {
ret = MEMORY_E;
}
#endif
}
else {
WOLFSSL_MSG("Challenge password too long");
ret = MEMORY_E;
}
}
if (dCert->contentType) {
if (dCert->contentTypeLen < CTC_NAME_SIZE) {
XMEMCPY(x509->contentType, dCert->contentType, dCert->contentTypeLen);
x509->contentType[dCert->contentTypeLen] = '\0';
}
} }
#endif /* WOLFSSL_CERT_REQ */ #endif /* WOLFSSL_CERT_REQ */

23
src/ssl.c
View File

@ -18676,6 +18676,7 @@ int wolfSSL_sk_push(WOLFSSL_STACK* sk, const void *data)
case STACK_TYPE_STRING: case STACK_TYPE_STRING:
case STACK_TYPE_ACCESS_DESCRIPTION: case STACK_TYPE_ACCESS_DESCRIPTION:
case STACK_TYPE_X509_EXT: case STACK_TYPE_X509_EXT:
case STACK_TYPE_X509_REQ_ATTR:
case STACK_TYPE_NULL: case STACK_TYPE_NULL:
case STACK_TYPE_X509_NAME: case STACK_TYPE_X509_NAME:
case STACK_TYPE_X509_NAME_ENTRY: case STACK_TYPE_X509_NAME_ENTRY:
@ -18737,6 +18738,7 @@ int wolfSSL_sk_push(WOLFSSL_STACK* sk, const void *data)
case STACK_TYPE_STRING: case STACK_TYPE_STRING:
case STACK_TYPE_ACCESS_DESCRIPTION: case STACK_TYPE_ACCESS_DESCRIPTION:
case STACK_TYPE_X509_EXT: case STACK_TYPE_X509_EXT:
case STACK_TYPE_X509_REQ_ATTR:
case STACK_TYPE_NULL: case STACK_TYPE_NULL:
case STACK_TYPE_X509_NAME: case STACK_TYPE_X509_NAME:
case STACK_TYPE_X509_NAME_ENTRY: case STACK_TYPE_X509_NAME_ENTRY:
@ -18823,6 +18825,7 @@ void *wolfSSL_lh_retrieve(WOLFSSL_STACK *sk, void *data)
case STACK_TYPE_STRING: case STACK_TYPE_STRING:
case STACK_TYPE_ACCESS_DESCRIPTION: case STACK_TYPE_ACCESS_DESCRIPTION:
case STACK_TYPE_X509_EXT: case STACK_TYPE_X509_EXT:
case STACK_TYPE_X509_REQ_ATTR:
case STACK_TYPE_NULL: case STACK_TYPE_NULL:
case STACK_TYPE_X509_NAME: case STACK_TYPE_X509_NAME:
case STACK_TYPE_X509_NAME_ENTRY: case STACK_TYPE_X509_NAME_ENTRY:
@ -18849,6 +18852,7 @@ void *wolfSSL_lh_retrieve(WOLFSSL_STACK *sk, void *data)
case STACK_TYPE_STRING: case STACK_TYPE_STRING:
case STACK_TYPE_ACCESS_DESCRIPTION: case STACK_TYPE_ACCESS_DESCRIPTION:
case STACK_TYPE_X509_EXT: case STACK_TYPE_X509_EXT:
case STACK_TYPE_X509_REQ_ATTR:
case STACK_TYPE_NULL: case STACK_TYPE_NULL:
case STACK_TYPE_X509_NAME: case STACK_TYPE_X509_NAME:
case STACK_TYPE_X509_NAME_ENTRY: case STACK_TYPE_X509_NAME_ENTRY:
@ -24371,6 +24375,8 @@ void* wolfSSL_sk_value(const WOLFSSL_STACK* sk, int i)
return (void*)sk->data.access; return (void*)sk->data.access;
case STACK_TYPE_X509_EXT: case STACK_TYPE_X509_EXT:
return (void*)sk->data.ext; return (void*)sk->data.ext;
case STACK_TYPE_X509_REQ_ATTR:
return (void*)sk->data.generic;
case STACK_TYPE_NULL: case STACK_TYPE_NULL:
return (void*)sk->data.generic; return (void*)sk->data.generic;
case STACK_TYPE_X509_NAME: case STACK_TYPE_X509_NAME:
@ -24471,6 +24477,7 @@ WOLFSSL_STACK* wolfSSL_sk_dup(WOLFSSL_STACK* sk)
case STACK_TYPE_STRING: case STACK_TYPE_STRING:
case STACK_TYPE_ACCESS_DESCRIPTION: case STACK_TYPE_ACCESS_DESCRIPTION:
case STACK_TYPE_X509_EXT: case STACK_TYPE_X509_EXT:
case STACK_TYPE_X509_REQ_ATTR:
case STACK_TYPE_NULL: case STACK_TYPE_NULL:
case STACK_TYPE_X509_NAME: case STACK_TYPE_X509_NAME:
case STACK_TYPE_X509_NAME_ENTRY: case STACK_TYPE_X509_NAME_ENTRY:
@ -24601,6 +24608,12 @@ void wolfSSL_sk_pop_free(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk,
func = (wolfSSL_sk_freefunc)wolfSSL_X509_EXTENSION_free; func = (wolfSSL_sk_freefunc)wolfSSL_X509_EXTENSION_free;
#endif #endif
break; break;
case STACK_TYPE_X509_REQ_ATTR:
#if defined(OPENSSL_ALL) && \
(defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_REQ))
func = (wolfSSL_sk_freefunc)wolfSSL_X509_ATTRIBUTE_free;
#endif
break;
case STACK_TYPE_CONF_VALUE: case STACK_TYPE_CONF_VALUE:
#ifdef OPENSSL_ALL #ifdef OPENSSL_ALL
func = (wolfSSL_sk_freefunc)wolfSSL_X509V3_conf_free; func = (wolfSSL_sk_freefunc)wolfSSL_X509V3_conf_free;
@ -25361,6 +25374,16 @@ const WOLFSSL_ObjectInfo wolfssl_object_info[] = {
oidCsrAttrType, "challengePassword", "challengePassword"}, oidCsrAttrType, "challengePassword", "challengePassword"},
{ NID_pkcs9_contentType, PKCS9_CONTENT_TYPE_OID, { NID_pkcs9_contentType, PKCS9_CONTENT_TYPE_OID,
oidCsrAttrType, "contentType", "contentType" }, oidCsrAttrType, "contentType", "contentType" },
{ NID_pkcs9_unstructuredName, UNSTRUCTURED_NAME_OID,
oidCsrAttrType, "unstructuredName", "unstructuredName" },
{ NID_surname, SURNAME_OID,
oidCsrAttrType, "surname", "surname" },
{ NID_givenName, GIVEN_NAME_OID,
oidCsrAttrType, "givenName", "givenName" },
{ NID_initials, INITIALS_OID,
oidCsrAttrType, "initials", "initials" },
{ NID_dnQualifier, DNQUALIFIER_OID,
oidCsrAttrType, "dnQualifer", "dnQualifier" },
#endif #endif
#endif #endif
#ifdef OPENSSL_EXTRA /* OPENSSL_EXTRA_X509_SMALL only needs the above */ #ifdef OPENSSL_EXTRA /* OPENSSL_EXTRA_X509_SMALL only needs the above */

129
src/x509.c
View File

@ -12255,11 +12255,38 @@ int wolfSSL_X509_REQ_add1_attr_by_txt(WOLFSSL_X509 *req,
#endif #endif
} }
static int wolfSSL_X509_ATTRIBUTE_set(WOLFSSL_X509_ATTRIBUTE* attr,
const char* data, int dataSz, int type, int nid)
{
if (attr) {
attr->value->value.asn1_string = wolfSSL_ASN1_STRING_new();
if (wolfSSL_ASN1_STRING_set(attr->value->value.asn1_string,
data, dataSz) != WOLFSSL_SUCCESS) {
wolfSSL_ASN1_STRING_free(attr->value->value.asn1_string);
WOLFSSL_MSG("wolfSSL_ASN1_STRING_set error");
return WOLFSSL_FAILURE;
}
attr->value->type = type;
attr->object->nid = nid;
}
else {
WOLFSSL_MSG("wolfSSL_X509_ATTRIBUTE_new error");
return WOLFSSL_FAILURE;
}
return WOLFSSL_SUCCESS;
}
int wolfSSL_X509_REQ_add1_attr_by_NID(WOLFSSL_X509 *req, int wolfSSL_X509_REQ_add1_attr_by_NID(WOLFSSL_X509 *req,
int nid, int type, int nid, int type,
const unsigned char *bytes, const unsigned char *bytes,
int len) int len)
{ {
int ret;
WOLFSSL_X509_ATTRIBUTE* attr;
WOLFSSL_ENTER("wolfSSL_X509_REQ_add1_attr_by_NID"); WOLFSSL_ENTER("wolfSSL_X509_REQ_add1_attr_by_NID");
if (!req || !bytes || type != MBSTRING_ASC) { if (!req || !bytes || type != MBSTRING_ASC) {
@ -12279,25 +12306,6 @@ int wolfSSL_X509_REQ_add1_attr_by_NID(WOLFSSL_X509 *req,
WOLFSSL_MSG("Challenge password too long"); WOLFSSL_MSG("Challenge password too long");
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
} }
if (req->challengePwAttr) {
wolfSSL_X509_ATTRIBUTE_free(req->challengePwAttr);
}
req->challengePwAttr = wolfSSL_X509_ATTRIBUTE_new();
if (req->challengePwAttr) {
req->challengePwAttr->value->value.asn1_string =
wolfSSL_ASN1_STRING_new();
if (wolfSSL_ASN1_STRING_set(
req->challengePwAttr->value->value.asn1_string,
bytes, len) != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("wolfSSL_ASN1_STRING_set error");
return WOLFSSL_FAILURE;
}
req->challengePwAttr->value->type = V_ASN1_PRINTABLESTRING;
}
else {
WOLFSSL_MSG("wolfSSL_X509_ATTRIBUTE_new error");
return WOLFSSL_FAILURE;
}
break; break;
case NID_serialNumber: case NID_serialNumber:
if (len < 0) if (len < 0)
@ -12309,11 +12317,35 @@ int wolfSSL_X509_REQ_add1_attr_by_NID(WOLFSSL_X509 *req,
XMEMCPY(req->serial, bytes, len); XMEMCPY(req->serial, bytes, len);
req->serialSz = len; req->serialSz = len;
break; break;
case NID_pkcs9_unstructuredName:
case NID_pkcs9_contentType:
case NID_surname:
case NID_initials:
case NID_givenName:
case NID_dnQualifier:
break;
default: default:
WOLFSSL_MSG("Unsupported attribute"); WOLFSSL_MSG("Unsupported attribute");
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
} }
return WOLFSSL_SUCCESS;
attr = wolfSSL_X509_ATTRIBUTE_new();
ret = wolfSSL_X509_ATTRIBUTE_set(attr, (const char*)bytes, len,
V_ASN1_PRINTABLESTRING, nid);
if (ret != WOLFSSL_SUCCESS) {
wolfSSL_X509_ATTRIBUTE_free(attr);
}
else {
if (req->reqAttributes == NULL) {
req->reqAttributes = wolfSSL_sk_new_node(req->heap);
req->reqAttributes->type = STACK_TYPE_X509_REQ_ATTR;
}
ret = wolfSSL_sk_push(req->reqAttributes, attr);
}
return ret;
} }
WOLFSSL_X509 *wolfSSL_X509_to_X509_REQ(WOLFSSL_X509 *x, WOLFSSL_X509 *wolfSSL_X509_to_X509_REQ(WOLFSSL_X509 *x,
@ -12353,6 +12385,20 @@ WOLFSSL_ASN1_TYPE *wolfSSL_X509_ATTRIBUTE_get0_type(
return attr->value; return attr->value;
} }
/**
* @param req X509_REQ containing attribute
* @return the number of attributes
*/
int wolfSSL_X509_REQ_get_attr_count(const WOLFSSL_X509 *req)
{
if (req == NULL || req->reqAttributes == NULL)
return 0;
return wolfSSL_sk_num(req->reqAttributes);
}
/** /**
* @param req X509_REQ containing attribute * @param req X509_REQ containing attribute
* @param loc NID of the attribute to return * @param loc NID of the attribute to return
@ -12362,40 +12408,49 @@ WOLFSSL_X509_ATTRIBUTE *wolfSSL_X509_REQ_get_attr(
{ {
WOLFSSL_ENTER("wolfSSL_X509_REQ_get_attr"); WOLFSSL_ENTER("wolfSSL_X509_REQ_get_attr");
if (!req) { if (!req || req->reqAttributes == NULL) {
WOLFSSL_MSG("Bad parameter"); WOLFSSL_MSG("Bad parameter");
return NULL; return NULL;
} }
switch (loc) { return (WOLFSSL_X509_ATTRIBUTE*)wolfSSL_sk_value(req->reqAttributes, loc);
case NID_pkcs9_challengePassword:
return req->challengePwAttr;
default:
WOLFSSL_MSG("Unsupported attribute");
return NULL;
}
} }
/* Return NID as the attr index */ /* Return NID as the attr index */
int wolfSSL_X509_REQ_get_attr_by_NID(const WOLFSSL_X509 *req, int wolfSSL_X509_REQ_get_attr_by_NID(const WOLFSSL_X509 *req,
int nid, int lastpos) int nid, int lastpos)
{ {
WOLFSSL_STACK* sk;
int idx;
WOLFSSL_ENTER("wolfSSL_X509_REQ_get_attr_by_NID"); WOLFSSL_ENTER("wolfSSL_X509_REQ_get_attr_by_NID");
/* Since we only support 1 attr per attr type then a lastpos of >= 0 if (!req) {
* indicates that one was already returned */
if (!req || lastpos >= 0) {
WOLFSSL_MSG("Bad parameter"); WOLFSSL_MSG("Bad parameter");
return WOLFSSL_FATAL_ERROR; return WOLFSSL_FATAL_ERROR;
} }
switch (nid) { /* search through stack for first matching nid */
case NID_pkcs9_challengePassword: idx = lastpos + 1;
return req->challengePwAttr ? nid : WOLFSSL_FATAL_ERROR; do {
default: sk = wolfSSL_sk_get_node(req->reqAttributes, idx);
WOLFSSL_MSG("Unsupported attribute"); if (sk != NULL) {
return WOLFSSL_FATAL_ERROR; WOLFSSL_X509_ATTRIBUTE* attr;
attr = (WOLFSSL_X509_ATTRIBUTE*)sk->data.generic;
if (nid == attr->object->nid) {
/* found a match */
break;
}
}
idx++;
} while (sk != NULL);
/* no matches found */
if (sk == NULL) {
idx = WOLFSSL_FATAL_ERROR;
} }
return idx;
} }
WOLFSSL_X509_ATTRIBUTE* wolfSSL_X509_ATTRIBUTE_new(void) WOLFSSL_X509_ATTRIBUTE* wolfSSL_X509_ATTRIBUTE_new(void)

8
tests/api.c
View File

@ -49934,8 +49934,8 @@ static void test_wolfSSL_d2i_X509_REQ(void)
* Obtain the challenge password from the CSR * Obtain the challenge password from the CSR
*/ */
AssertIntEQ(X509_REQ_get_attr_by_NID(req, NID_pkcs9_challengePassword, -1), AssertIntEQ(X509_REQ_get_attr_by_NID(req, NID_pkcs9_challengePassword, -1),
NID_pkcs9_challengePassword); 1);
AssertNotNull(attr = X509_REQ_get_attr(req, NID_pkcs9_challengePassword)); AssertNotNull(attr = X509_REQ_get_attr(req, 1));
AssertNotNull(at = X509_ATTRIBUTE_get0_type(attr, 0)); AssertNotNull(at = X509_ATTRIBUTE_get0_type(attr, 0));
AssertNotNull(at->value.asn1_string); AssertNotNull(at->value.asn1_string);
AssertStrEQ((char*)ASN1_STRING_data(at->value.asn1_string), "2xIE+qqp/rhyTXP+"); AssertStrEQ((char*)ASN1_STRING_data(at->value.asn1_string), "2xIE+qqp/rhyTXP+");
@ -49975,8 +49975,8 @@ static void test_wolfSSL_d2i_X509_REQ(void)
* Obtain the challenge password from the CSR * Obtain the challenge password from the CSR
*/ */
AssertIntEQ(X509_REQ_get_attr_by_NID(req, NID_pkcs9_challengePassword, -1), AssertIntEQ(X509_REQ_get_attr_by_NID(req, NID_pkcs9_challengePassword, -1),
NID_pkcs9_challengePassword); 0);
AssertNotNull(attr = X509_REQ_get_attr(req, NID_pkcs9_challengePassword)); AssertNotNull(attr = X509_REQ_get_attr(req, 0));
AssertNotNull(at = X509_ATTRIBUTE_get0_type(attr, 0)); AssertNotNull(at = X509_ATTRIBUTE_get0_type(attr, 0));
AssertNotNull(at->value.asn1_string); AssertNotNull(at->value.asn1_string);
AssertStrEQ((char*)ASN1_STRING_data(at->value.asn1_string), "IGCu/xNL4/0/wOgo"); AssertStrEQ((char*)ASN1_STRING_data(at->value.asn1_string), "IGCu/xNL4/0/wOgo");

71
wolfcrypt/src/asn.c
View File

@ -4088,6 +4088,10 @@ static const byte attrPkcs9ContentTypeOid[] = CSR_ATTR_TYPE_OID_BASE(3);
static const byte attrChallengePasswordOid[] = CSR_ATTR_TYPE_OID_BASE(7); static const byte attrChallengePasswordOid[] = CSR_ATTR_TYPE_OID_BASE(7);
static const byte attrExtensionRequestOid[] = CSR_ATTR_TYPE_OID_BASE(14); static const byte attrExtensionRequestOid[] = CSR_ATTR_TYPE_OID_BASE(14);
static const byte attrSerialNumberOid[] = {85, 4, 5}; static const byte attrSerialNumberOid[] = {85, 4, 5};
static const byte attrDnQualifier[] = {85, 4, 46};
static const byte attrInitals[] = {85, 4, 43};
static const byte attrSurname[] = {85, 4, 4};
static const byte attrGivenName[] = {85, 4, 42};
#endif #endif
#endif #endif
@ -4913,6 +4917,22 @@ const byte* OidFromId(word32 id, word32 type, word32* oidSz)
#ifdef WOLFSSL_CERT_REQ #ifdef WOLFSSL_CERT_REQ
case oidCsrAttrType: case oidCsrAttrType:
switch (id) { switch (id) {
case GIVEN_NAME_OID:
oid = attrGivenName;
*oidSz = sizeof(attrGivenName);
break;
case SURNAME_OID:
oid = attrSurname;
*oidSz = sizeof(attrSurname);
break;
case INITIALS_OID:
oid = attrInitals;
*oidSz = sizeof(attrInitals);
break;
case DNQUALIFIER_OID:
oid = attrDnQualifier;
*oidSz = sizeof(attrDnQualifier);
break;
case UNSTRUCTURED_NAME_OID: case UNSTRUCTURED_NAME_OID:
oid = attrUnstructuredNameOid; oid = attrUnstructuredNameOid;
*oidSz = sizeof(attrUnstructuredNameOid); *oidSz = sizeof(attrUnstructuredNameOid);
@ -18721,6 +18741,57 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
cert->serialSz = cert->sNumLen; cert->serialSz = cert->sNumLen;
} }
break; break;
case DNQUALIFIER_OID:
if (GetHeader(cert->source, &tag,
&cert->srcIdx, &len, attrMaxIdx, 1) < 0) {
WOLFSSL_MSG("attr GetHeader error");
return ASN_PARSE_E;
}
cert->dnQualifier = (char*)cert->source + cert->srcIdx;
cert->dnQualifierLen = len;
cert->srcIdx += len;
break;
case INITIALS_OID:
if (GetHeader(cert->source, &tag,
&cert->srcIdx, &len, attrMaxIdx, 1) < 0) {
WOLFSSL_MSG("attr GetHeader error");
return ASN_PARSE_E;
}
cert->initials = (char*)cert->source + cert->srcIdx;
cert->initialsLen = len;
cert->srcIdx += len;
break;
case SURNAME_OID:
if (GetHeader(cert->source, &tag,
&cert->srcIdx, &len, attrMaxIdx, 1) < 0) {
WOLFSSL_MSG("attr GetHeader error");
return ASN_PARSE_E;
}
cert->surname = (char*)cert->source + cert->srcIdx;
cert->surnameLen = len;
cert->srcIdx += len;
break;
case GIVEN_NAME_OID:
if (GetHeader(cert->source, &tag,
&cert->srcIdx, &len, attrMaxIdx, 1) < 0) {
WOLFSSL_MSG("attr GetHeader error");
return ASN_PARSE_E;
}
cert->givenName = (char*)cert->source + cert->srcIdx;
cert->givenNameLen = len;
cert->srcIdx += len;
break;
case UNSTRUCTURED_NAME_OID:
if (GetHeader(cert->source, &tag,
&cert->srcIdx, &len, attrMaxIdx, 1) < 0) {
WOLFSSL_MSG("attr GetHeader error");
return ASN_PARSE_E;
}
cert->unstructuredName =
(char*)cert->source + cert->srcIdx;
cert->unstructuredNameLen = len;
cert->srcIdx += len;
break;
case EXTENSION_REQUEST_OID: case EXTENSION_REQUEST_OID:
/* save extensions */ /* save extensions */
cert->extensions = &cert->source[cert->srcIdx]; cert->extensions = &cert->source[cert->srcIdx];

4
wolfssl/internal.h
View File

@ -3882,6 +3882,7 @@ typedef enum {
STACK_TYPE_DIST_POINT = 15, STACK_TYPE_DIST_POINT = 15,
STACK_TYPE_X509_CRL = 16, STACK_TYPE_X509_CRL = 16,
STACK_TYPE_X509_NAME_ENTRY = 17, STACK_TYPE_X509_NAME_ENTRY = 17,
STACK_TYPE_X509_REQ_ATTR = 18,
} WOLF_STACK_TYPE; } WOLF_STACK_TYPE;
struct WOLFSSL_STACK { struct WOLFSSL_STACK {
@ -4063,7 +4064,8 @@ struct WOLFSSL_X509 {
char subjectCN[ASN_NAME_MAX]; /* common name short cut */ char subjectCN[ASN_NAME_MAX]; /* common name short cut */
#if defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_GEN) #if defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_GEN)
#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)
WOLFSSL_X509_ATTRIBUTE* challengePwAttr; /* stack of CSR attributes */
WOLF_STACK_OF(WOLFSSL_X509_ATRIBUTE)* reqAttributes;
#endif #endif
#if defined(WOLFSSL_CERT_REQ) #if defined(WOLFSSL_CERT_REQ)
char challengePw[CTC_NAME_SIZE]; /* for REQ certs */ char challengePw[CTC_NAME_SIZE]; /* for REQ certs */

1
wolfssl/ssl.h
View File

@ -4370,6 +4370,7 @@ WOLFSSL_API WOLFSSL_X509 *wolfSSL_X509_to_X509_REQ(WOLFSSL_X509 *x,
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && defined(WOLFSSL_CERT_GEN) || \ #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && defined(WOLFSSL_CERT_GEN) || \
defined(WOLFSSL_CERT_REQ) defined(WOLFSSL_CERT_REQ)
WOLFSSL_API int wolfSSL_X509_REQ_get_attr_count(const WOLFSSL_X509 *req);
WOLFSSL_API WOLFSSL_X509_ATTRIBUTE *wolfSSL_X509_REQ_get_attr( WOLFSSL_API WOLFSSL_X509_ATTRIBUTE *wolfSSL_X509_REQ_get_attr(
const WOLFSSL_X509 *req, int loc); const WOLFSSL_X509 *req, int loc);
WOLFSSL_API int wolfSSL_X509_REQ_get_attr_by_NID(const WOLFSSL_X509 *req, WOLFSSL_API int wolfSSL_X509_REQ_get_attr_by_NID(const WOLFSSL_X509 *req,

15
wolfssl/wolfcrypt/asn.h
View File

@ -788,6 +788,7 @@ enum
NID_buildingName = 1494, NID_buildingName = 1494,
NID_dnQualifier = 174,
NID_commonName = 14, /* CN Changed to not conflict NID_commonName = 14, /* CN Changed to not conflict
* with PBE_SHA1_DES3 */ * with PBE_SHA1_DES3 */
NID_surname = 0x04, /* SN */ NID_surname = 0x04, /* SN */
@ -1195,6 +1196,10 @@ enum CsrAttrType {
SERIAL_NUMBER_OID = 94, SERIAL_NUMBER_OID = 94,
EXTENSION_REQUEST_OID = 666, EXTENSION_REQUEST_OID = 666,
USER_ID_OID = 865, USER_ID_OID = 865,
DNQUALIFIER_OID = 135,
INITIALS_OID = 132,
SURNAME_OID = 93,
GIVEN_NAME_OID = 131,
}; };
#endif #endif
@ -1665,6 +1670,16 @@ struct DecodedCert {
int cPwdLen; int cPwdLen;
char* sNum; /* Serial Number */ char* sNum; /* Serial Number */
int sNumLen; int sNumLen;
char* dnQualifier;
int dnQualifierLen;
char* initials;
int initialsLen;
char* surname;
int surnameLen;
char* givenName;
int givenNameLen;
char* unstructuredName;
int unstructuredNameLen;
#endif /* WOLFSSL_CERT_REQ */ #endif /* WOLFSSL_CERT_REQ */
Signer* ca; Signer* ca;