Merge pull request #6561 from lealem47/zd16348

Fix for adding pkcs9 contentType entry name

src/x509.c

@@ -10500,6 +10500,7 @@ static int ConvertNIDToWolfSSL(int nid)
  case NID_organizationName: return ASN_ORG_NAME;
  case NID_organizationalUnitName: return ASN_ORGUNIT_NAME;
  case NID_emailAddress: return ASN_EMAIL_NAME;
+ case NID_pkcs9_contentType: return ASN_CONTENT_TYPE;
  case NID_serialNumber: return ASN_SERIAL_NUMBER;
  case NID_userId: return ASN_USER_ID;
  case NID_businessCategory: return ASN_BUS_CAT;
@@ -12631,6 +12632,10 @@ static int get_dn_attr_by_nid(int n, const char** buf)
  str = "DC";
  len = 2;
  break;
+ case NID_pkcs9_contentType:
+ str = "contentType";
+ len = 11;
+ break;
  default:
  WOLFSSL_MSG("Attribute type not found");
  str = NULL;

tests/api.c

@@ -39717,6 +39717,7 @@ static int test_wolfSSL_X509_NAME_ENTRY(void)
 
  ExpectNotNull(subject = X509_NAME_oneline(nm, 0, 0));
  ExpectNotNull(XSTRSTR(subject, "favouriteDrink=tequila"));
+ ExpectNotNull(XSTRSTR(subject, "contentType=Server"));
  #ifdef DEBUG_WOLFSSL
  if (subject != NULL) {
  fprintf(stderr, "\n\t%s\n", subject);
@@ -57149,7 +57150,8 @@ static int test_ECDH_compute_key(void)
 #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
  defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && \
  !defined(NO_ASN_TIME)
-static int test_openssl_make_self_signed_certificate(EVP_PKEY* pkey)
+static int test_openssl_make_self_signed_certificate(EVP_PKEY* pkey,
+ int expectedDerSz)
 {
  EXPECT_DECLS;
  X509* x509 = NULL;
@@ -57158,6 +57160,7 @@ static int test_openssl_make_self_signed_certificate(EVP_PKEY* pkey)
  time_t epoch_off = 0;
  ASN1_INTEGER* asn1_serial_number;
  long not_before, not_after;
+ int derSz;
 
  ExpectNotNull(x509 = X509_new());
 
@@ -57175,6 +57178,8 @@ static int test_openssl_make_self_signed_certificate(EVP_PKEY* pkey)
 
  ExpectIntNE(X509_NAME_add_entry_by_NID(name, NID_commonName, MBSTRING_UTF8,
  (unsigned char*)"www.wolfssl.com", -1, -1, 0), 0);
+ ExpectIntNE(X509_NAME_add_entry_by_NID(name, NID_pkcs9_contentType,
+ MBSTRING_UTF8,(unsigned char*)"Server", -1, -1, 0), 0);
 
  ExpectIntNE(X509_set_subject_name(x509, name), 0);
  ExpectIntNE(X509_set_issuer_name(x509, name), 0);
@@ -57188,6 +57193,9 @@ static int test_openssl_make_self_signed_certificate(EVP_PKEY* pkey)
 
  ExpectIntNE(X509_sign(x509, pkey, EVP_sha256()), 0);
 
+ ExpectNotNull(wolfSSL_X509_get_der(x509, &derSz));
+ ExpectIntGE(derSz, expectedDerSz);
+
  BN_free(serial_number);
  X509_NAME_free(name);
  X509_free(x509);
@@ -57205,6 +57213,7 @@ static int test_openssl_generate_key_and_cert(void)
  EC_KEY* ec_key = NULL;
 #endif
 #if !defined(NO_RSA)
+ int expectedDerSz;
  int key_length = 2048;
  BIGNUM* exponent = NULL;
  RSA* rsa = NULL;
@@ -57243,11 +57252,13 @@ static int test_openssl_generate_key_and_cert(void)
 
  #if !defined(NO_CERTS) && defined(WOLFSSL_CERT_GEN) && \
  defined(WOLFSSL_CERT_REQ) && !defined(NO_ASN_TIME)
- ExpectIntEQ(test_openssl_make_self_signed_certificate(pkey),
- TEST_SUCCESS);
+ expectedDerSz = 743;
+ ExpectIntEQ(test_openssl_make_self_signed_certificate(pkey,
+ expectedDerSz), TEST_SUCCESS);
  #endif
  }
 
+ (void)expectedDerSz;
  EVP_PKEY_free(pkey);
  pkey = NULL;
  BN_free(exponent);
@@ -57269,7 +57280,9 @@ static int test_openssl_generate_key_and_cert(void)
 
 #if !defined(NO_CERTS) && defined(WOLFSSL_CERT_GEN) && \
  defined(WOLFSSL_CERT_REQ) && !defined(NO_ASN_TIME)
- ExpectIntEQ(test_openssl_make_self_signed_certificate(pkey), TEST_SUCCESS);
+ expectedDerSz = 345;
+ ExpectIntEQ(test_openssl_make_self_signed_certificate(pkey, expectedDerSz),
+ TEST_SUCCESS);
 #endif
 
  EVP_PKEY_free(pkey);

wolfcrypt/src/asn.c

@@ -13194,6 +13194,18 @@ static int GetRDN(DecodedCert* cert, char* full, word32* idx, int* nid,
  *nid = NID_favouriteDrink;
  #endif
  }
+#ifdef WOLFSSL_CERT_REQ
+ else if (oidSz == sizeof(attrPkcs9ContentTypeOid) &&
+ XMEMCMP(oid, attrPkcs9ContentTypeOid, oidSz) == 0) {
+ /* Set the pkcs9_contentType, type string, length and NID. */
+ id = ASN_CONTENT_TYPE;
+ typeStr = WOLFSSL_CONTENT_TYPE;
+ typeStrLen = sizeof(WOLFSSL_CONTENT_TYPE) - 1;
+ #ifdef WOLFSSL_X509_NAME_AVAILABLE
+ *nid = NID_pkcs9_contentType;
+ #endif
+ }
+#endif
  /* Other OIDs that start with the same values. */
  else if (oidSz == sizeof(dcOid) && XMEMCMP(oid, dcOid, oidSz-1) == 0) {
  WOLFSSL_MSG("Unknown pilot attribute type");
@@ -13845,7 +13857,6 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
  nid = NID_userId;
  #endif /* OPENSSL_EXTRA */
  break;
-
  case ASN_DOMAIN_COMPONENT:
  copy = WOLFSSL_DOMAIN_COMPONENT;
  copyLen = sizeof(WOLFSSL_DOMAIN_COMPONENT) - 1;
@@ -13864,7 +13875,15 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
  nid = NID_favouriteDrink;
  #endif /* OPENSSL_EXTRA */
  break;
-
+ case ASN_CONTENT_TYPE:
+ copy = WOLFSSL_CONTENT_TYPE;
+ copyLen = sizeof(WOLFSSL_CONTENT_TYPE) - 1;
+ #if (defined(OPENSSL_EXTRA) || \
+ defined(OPENSSL_EXTRA_X509_SMALL)) \
+ && !defined(WOLFCRYPT_ONLY)
+ nid = NID_pkcs9_contentType;
+ #endif /* OPENSSL_EXTRA */
+ break;
  default:
  WOLFSSL_MSG("Unknown pilot attribute type");
  #if (defined(OPENSSL_EXTRA) || \
@@ -26457,6 +26476,12 @@ static int EncodeName(EncodedName* name, const char* nameStr,
  thisLen += cname->custom.oidSz;
  firstSz = cname->custom.oidSz;
  break;
+ #endif
+ #ifdef WOLFSSL_CERT_REQ
+ case ASN_CONTENT_TYPE:
+ thisLen += (int)sizeof(attrPkcs9ContentTypeOid);
+ firstSz = (int)sizeof(attrPkcs9ContentTypeOid);
+ break;
  #endif
  default:
  thisLen += DN_OID_SZ;
@@ -26521,6 +26546,15 @@ static int EncodeName(EncodedName* name, const char* nameStr,
  /* str type */
  name->encoded[idx++] = nameTag;
  break;
+ #endif
+ #ifdef WOLFSSL_CERT_REQ
+ case ASN_CONTENT_TYPE:
+ XMEMCPY(name->encoded + idx, attrPkcs9ContentTypeOid,
+ sizeof(attrPkcs9ContentTypeOid));
+ idx += (int)sizeof(attrPkcs9ContentTypeOid);
+ /* str type */
+ name->encoded[idx++] = nameTag;
+ break;
  #endif
  default:
  name->encoded[idx++] = 0x55;
@@ -26593,6 +26627,12 @@ static int EncodeName(EncodedName* name, const char* nameStr,
  oid = cname->custom.oid;
  oidSz = cname->custom.oidSz;
  break;
+ #endif
+ #ifdef WOLFSSL_CERT_REQ
+ case ASN_CONTENT_TYPE:
+ oid = attrPkcs9ContentTypeOid;
+ oidSz = sizeof(attrPkcs9ContentTypeOid);
+ break;
  #endif
  default:
  /* Construct OID using type. */

wolfssl/wolfcrypt/asn.h

@@ -710,8 +710,10 @@ enum DN_Tags {
  ASN_DNQUALIFIER = 0x2e, /* dnQualifier */
 #endif /* WOLFSSL_CERT_NAME_ALL */
 
- ASN_EMAIL_NAME = 0x98, /* not actual OID (see attrEmailOid) */
- ASN_CUSTOM_NAME = 0x99, /* not actual OID (see CertOidField) */
+
+ ASN_CONTENT_TYPE = 0x97, /* not actual OID (see attrPkcs9ContentTypeOid) */
+ ASN_EMAIL_NAME = 0x98, /* not actual OID (see attrEmailOid) */
+ ASN_CUSTOM_NAME = 0x99, /* not actual OID (see CertOidField) */
 
  /* pilot attribute types
  * OID values of 0.9.2342.19200300.100.1.* */
@@ -768,6 +770,7 @@ extern const WOLFSSL_ObjectInfo wolfssl_object_info[];
 #define WOLFSSL_USER_ID "/UID="
 #define WOLFSSL_DOMAIN_COMPONENT "/DC="
 #define WOLFSSL_FAVOURITE_DRINK "/favouriteDrink="
+#define WOLFSSL_CONTENT_TYPE "/contentType="
 
 #if defined(WOLFSSL_APACHE_HTTPD)
  /* otherName strings */