Merge pull request #7926 from philljj/x509_acert_support

x509 attribute cert support

certs/acert/acert.pem

@@ -0,0 +1,23 @@
+-----BEGIN ATTRIBUTE CERTIFICATE-----
+MIID4zCCAssCAQEwOaA3MB+kHTAbMRkwFwYDVQQDDBBUUE0gTWFudWZhY3R1cmVy
+AhRADHoGLYO7i9GfV2Yz2rrlRFDPSqA6MDikNjA0MQswCQYDVQQGEwJVUzEUMBIG
+A1UECgwLZXhhbXBsZS5jb20xDzANBgNVBAsMBlBDVGVzdDANBgkqhkiG9w0BAQsF
+AAIBATAiGA8yMDE4MDEwMTA1MDAwMFoYDzIwMjgwMTAxMDUwMDAwWjCB7TALBgVn
+gQUCEzECMAAwHAYFZ4EFAhExEzARMAkCAQECAQMCARYEBAAAAAEwEgYFZ4EFAhkx
+CTAHBgVngQUIAjCBlQYHZ4EFBQEHAjGBiTCBhqBkMC8wDgYGZ4EFEgMBBAQAAgAB
+DBJYWVogQ29tcHV0aW5nIEluYy4MATGABkFCQzEyMzAxMA4GBmeBBRIDAQQEAAcA
+AgwNTm90IFNwZWNpZmllZAwDSEQxgAgxMjM0QUJDRIMB/6IeMBwMCHVuYW1lIC1y
+DBA2LjUuMC0xNS1nZW5lcmljMBQGBWeBBQIXMQswCQIBAQIBAQIBETCCAScwbwYD
+VR0jBGgwZoAUl46DRCrPD3GZndkBbbNDngf6ZHChOKQ2MDQxCzAJBgNVBAYTAlVT
+MRQwEgYDVQQKDAtleGFtcGxlLmNvbTEPMA0GA1UECwwGUENUZXN0ghRmuv6Ey2Ja
+dCAOFysMNOn9CiH45zBBBgNVHSAEOjA4MDYGAioDMDAwLgYIKwYBBQUHAgIwIgwg
+VENHIFRydXN0ZWQgUGxhdGZvcm0gRW5kb3JzZW1lbnQwcQYDVR0RBGowaKRmMGQx
+EzARBgZngQUFAQQMB01vZGVsIEExHjAcBgZngQUFAQEMElhZWiBDb21wdXRpbmcg
+SW5jLjEZMBcGBmeBBQUBBQwNTm90IFNwZWNpZmllZDESMBAGBmeBBQUBBgwGQUJD
+MTIzMA0GCSqGSIb3DQEBCwUAA4IBAQB2SdELM7Dqaq2mvT+IV3pCBN7qPzRL+sO4
+MZG6jpTbbblr124KM84g936zLVZxOJeAa+Ie7r0ET7GYI+zKtpLmIZrlqhZl4YkP
+3g65JsIVc5PvOogxv67IxVigHu/NFKHIbFPz85drTatEVCfA8ac8BwJXXwuESLNr
+cH+K/vdLWDgMhsijhco82RI8x11wBvzMXLPnM5OnkiG/0zaEW7mk1gH2tBS6oCc+
+0v8y9jQ5NqyPo0mNhLJhUMonmvaGdZ3iDEFyF+iNuDc3pP5PA1YDKk/BYGXt1NUE
+89mkuGoF8bwkU9uqLKQ3jpCKx/SZZ08IK5MPQyzsnwjyhrsrP3Qm
+-----END ATTRIBUTE CERTIFICATE-----

certs/acert/acert_ietf.pem

@@ -0,0 +1,15 @@
+-----BEGIN ATTRIBUTE CERTIFICATE-----
+MIICPTCCASUCAQEwN6AWMBGkDzANMQswCQYDVQQDDAJDQQIBAqEdpBswGTEXMBUG
+A1UEAwwOc2VydmVyLmV4YW1wbGWgLTArpCkwJzElMCMGA1UEAwwcQXR0cmlidXRl
+IENlcnRpZmljYXRlIElzc3VlcjANBgkqhkiG9w0BAQsFAAIUA7WQWQKiqrVAIUS4
+LE/ZgBtfV8IwIhgPMjAyMTA2MTUxMjM1MDBaGA8yMDMxMDYxMzEyMzUwMFowQTAj
+BggrBgEFBQcKBDEXMBWgCYYHVGVzdHZhbDAIDAZncm91cDEwGgYDVQRIMRMwEaEP
+gw1hZG1pbmlzdHJhdG9yMCwwHwYDVR0jBBgwFoAUYm7JaGdsZLtTgt0tqoCK2MrI
+i10wCQYDVR04BAIFADANBgkqhkiG9w0BAQsFAAOCAQEAlIOJ2Dj3TEUj6BIv6vUs
+GqFWms05i+d10XSzWrunlUTQPoJcUjYkifOWp/7RpZ2XnRl+6hH+nIbmwSmXWwBn
+ERw2bQMmw//nWuN4Qv9t7ltuovWC0pJX6VMT1IRTuTV4SxuZpFL37vkmnFlPBlb+
+mn3ESSxLTjThWFIq1tip4IaxE/i5Uh32GlJglatFHM1PCGoJtyLtYb6KHDlvknw6
+coDyjIcj0FZwtQw41jLwxI8jWNmrpt978wdpprB/URrRs+m02HmeQoiHFi/qvdv8
+d+5vHf3Pi/ulhz/+dvr0p1vEQSoFnYxLXuty2p5m3PJPZCFmT3gURgmgR3BN9d7A
+Bw==
+-----END ATTRIBUTE CERTIFICATE-----

certs/acert/acert_ietf_pubkey.pem

@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqvpigJZE2asRTFe63b3f
+xvh0swQuX+L4hW08E7mlm0NSQvBVs8yebELNnZLL738fvocvQMwAjf+8+Lyjb1fr
+FYMYvJpb6LmGA2Ysyt6Ny700dpiUValtd4mwtjSCH0/k4rCiaiCYWaN79Le9ZGwD
+pZ341kVX74JkNdaXs1EJ1tkUUoq6aIu5CWYncxjA4IufduHV1Eh/dpNq1tuLHjgY
+Y3NwYDJcotmN9mmIO+MAuZ1TzifhIy14tNGIspYpSZbn8j2RQpQOclhMVWeM5t0i
+TWgOO+jhJngptIJMXEaQQzKPiazv6pBhk8oamAZ0Nipr+DI8iDxvzHtyFDRVToOg
+1QIDAQAB
+-----END PUBLIC KEY-----

certs/acert/acert_pubkey.pem

@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArjl1VnpENuEfQCVm2E4q
+h28D62c0pX5IgN5F2RoS7siU2Oc9hsSz6Hj+9o0SRhUTEAxxrML2d7TM2SVoIJ/x
+CFrchA1fIZQm7FWJa7MDFpxkRc7cNUGrZ5oyVCHtK6IbKiU4y8B/vova6+dyy6bi
+j97ea0UDL8ztKNyDUH9ZntyFrHTltA/ZlEjmxGHQJQd4RBO6RdfM70R7l+YTGa2N
+PflyiRY2SKNXXx8cVUURJvkOXVfLCuRUzG+NnSS62WRuWOOD0ZjiJCnwkTJZQNw0
+qI+hLhWN+//05JeKOw6rNVVUHR/R0GgjPL6FIQ/+yF2Z8nCd8lVIIY+hQsM/1l/h
+2QIDAQAB
+-----END PUBLIC KEY-----

certs/acert/include.am

@@ -0,0 +1,13 @@
+# vim:ft=automake
+# All paths should be given relative to the root
+#
+
+EXTRA_DIST += \
+ certs/acert/acert.pem \
+ certs/acert/acert_ietf.pem \
+ certs/acert/acert_pubkey.pem \
+ certs/acert/acert_ietf_pubkey.pem \
+ certs/acert/rsa_pss/acert.pem \
+ certs/acert/rsa_pss/acert_ietf.pem \
+ certs/acert/rsa_pss/acert_pubkey.pem \
+ certs/acert/rsa_pss/acert_ietf_pubkey.pem

certs/acert/rsa_pss/acert.pem

@@ -0,0 +1,25 @@
+-----BEGIN ATTRIBUTE CERTIFICATE-----
+MIIESzCCAv8CAQEwOaA3MB+kHTAbMRkwFwYDVQQDDBBUUE0gTWFudWZhY3R1cmVy
+AhRADHoGLYO7i9GfV2Yz2rrlRFDPSqA6MDikNjA0MQswCQYDVQQGEwJVUzEUMBIG
+A1UECgwLZXhhbXBsZS5jb20xDzANBgNVBAsMBlBDVGVzdDBBBgkqhkiG9w0BAQow
+NKAPMA0GCWCGSAFlAwQCAQUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUA
+ogMCASACAQEwIhgPMjAxODAxMDEwNTAwMDBaGA8yMDI4MDEwMTA1MDAwMFowge0w
+CwYFZ4EFAhMxAjAAMBwGBWeBBQIRMRMwETAJAgEBAgEDAgEWBAQAAAABMBIGBWeB
+BQIZMQkwBwYFZ4EFCAIwgZUGB2eBBQUBBwIxgYkwgYagZDAvMA4GBmeBBRIDAQQE
+AAIAAQwSWFlaIENvbXB1dGluZyBJbmMuDAExgAZBQkMxMjMwMTAOBgZngQUSAwEE
+BAAHAAIMDU5vdCBTcGVjaWZpZWQMA0hEMYAIMTIzNEFCQ0SDAf+iHjAcDAh1bmFt
+ZSAtcgwQNi41LjAtMTUtZ2VuZXJpYzAUBgVngQUCFzELMAkCAQECAQECAREwggEn
+MG8GA1UdIwRoMGaAFJeOg0Qqzw9xmZ3ZAW2zQ54H+mRwoTikNjA0MQswCQYDVQQG
+EwJVUzEUMBIGA1UECgwLZXhhbXBsZS5jb20xDzANBgNVBAsMBlBDVGVzdIIUZrr+
+hMtiWnQgDhcrDDTp/Qoh+OcwQQYDVR0gBDowODA2BgIqAzAwMC4GCCsGAQUFBwIC
+MCIMIFRDRyBUcnVzdGVkIFBsYXRmb3JtIEVuZG9yc2VtZW50MHEGA1UdEQRqMGik
+ZjBkMRMwEQYGZ4EFBQEEDAdNb2RlbCBBMR4wHAYGZ4EFBQEBDBJYWVogQ29tcHV0
+aW5nIEluYy4xGTAXBgZngQUFAQUMDU5vdCBTcGVjaWZpZWQxEjAQBgZngQUFAQYM
+BkFCQzEyMzBBBgkqhkiG9w0BAQowNKAPMA0GCWCGSAFlAwQCAQUAoRwwGgYJKoZI
+hvcNAQEIMA0GCWCGSAFlAwQCAQUAogMCASADggEBAH4FGu9CJJ/NraWxXoB+EuHu
+Ec95MPJDHnsDLea45z5TXkdxCd8Tb5EBuWYFCI6nkpWtkiF5UaLncQD/1ag0ECjZ
+duhmoaM01t8TERP1x2xOotpiS0nDGiAqn3twBS3NZlxgEDRMvW92tM49Vvlk7JwD
+Kxv9+qXidCXt62dcDNJoe1Uj9HXxuOO2NaO9OQHlPkY5GctKbcDBwaDUlEz40J9k
+PoXDNurLmI/nNgMDgicKdzdmhMT/BSXSt7Z228p7QcgROgJ5xTEVIMm+lGcBg1Sc
+RnWTVNjrIG+/nzYZENr+F40nrIKbkIIZTLCqwAN6fFFt/jNc44SdoJMNsKe1bTM=
+-----END ATTRIBUTE CERTIFICATE-----

certs/acert/rsa_pss/acert_ietf.pem

@@ -0,0 +1,17 @@
+-----BEGIN ATTRIBUTE CERTIFICATE-----
+MIICpTCCAVkCAQEwN6AWMBGkDzANMQswCQYDVQQDDAJDQQIBAqEdpBswGTEXMBUG
+A1UEAwwOc2VydmVyLmV4YW1wbGWgLTArpCkwJzElMCMGA1UEAwwcQXR0cmlidXRl
+IENlcnRpZmljYXRlIElzc3VlcjBBBgkqhkiG9w0BAQowNKAPMA0GCWCGSAFlAwQC
+AQUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMCASACFAO1kFkCoqq1
+QCFEuCxP2YAbX1fCMCIYDzIwMjEwNjE1MTIzNTAwWhgPMjAzMTA2MTMxMjM1MDBa
+MEEwIwYIKwYBBQUHCgQxFzAVoAmGB1Rlc3R2YWwwCAwGZ3JvdXAxMBoGA1UESDET
+MBGhD4MNYWRtaW5pc3RyYXRvcjAsMB8GA1UdIwQYMBaAFGJuyWhnbGS7U4LdLaqA
+itjKyItdMAkGA1UdOAQCBQAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEF
+AKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IBAQCX18Lyj2CR
+AJL9JAwxYgWbk7fWif2mG5IiQ264Rd0W6ugqw1hYseKHnRI5LpxsRVF5kEaFs2ta
+FhwxxOtAo8YvbxMC4emuatbqwOlWQYwk9wPLbZb1nd1FItPtO98FK7/vF0263eJu
+A+UFxmDvLlao3SzP19mtCOcUjGsVxcJ2PN05wDUzITu2vGXuJAdjHcYX+s1UMLwk
+WMwHsz7EK2Al/FavI1MfZp0lVFi++CMOAdLIRbTjlACATDq6Q6kPc+bTqvMYoca2
+bGLw1jSig6T3DvGa3O/BwRMOhyqCtJNQYY7MYxcZhPR4Y0RLmyFnFiSzwypL6oMk
+QMaW0z/K5YO2
+-----END ATTRIBUTE CERTIFICATE-----

certs/acert/rsa_pss/acert_ietf_pubkey.pem

@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIDALBgkqhkiG9w0BAQoDggEPADCCAQoCggEBALg9nrRhxCl5zxFdE7Le9GXL
+9M8Rzx5xU3meu6yp9lFIc3+FxNoc5E8nk7HXUK82iuEChcSlqt0j0/y03YqM+O45
+N6A9OkEkjdyL8BaeQEgNxZY16/nvhhnH0Bzg4n7DMvy3sUPQvsAu9tpbfSd+WNDT
+vtO9Fe84HIBkYhRuaIv7ca1UYn7R2VQk1RXK0lfY4orCOrexmlfPciJaTJcR5Lyi
+pjUj7X5lruRHVibrMY+Z+8DtvPaDZ7HFiuXzpGPQ0W907Wt7zEJfmTMUyQoOMDMM
+4iSlq0ib3rdZt9y2obCggRTFAtMAFIJ29FOT9FYDagMYFSqhnrR3ohiTNzfpYNMC
+AwEAAQ==
+-----END PUBLIC KEY-----

certs/acert/rsa_pss/acert_pubkey.pem

@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIDALBgkqhkiG9w0BAQoDggEPADCCAQoCggEBAL0P9mcosJbMQavKMo6FvjK/
+vC5PZAFYxsbQnDiG3kb3gCsshI8HQzHNIuw4wN3waJrqnFmsmsUqMENtsC0J2Fty
+DOI5791Ma7JUKT31RW6f5eU2Gjx1+evNWtWs2WzupsZdPS3DlgEQJsTSw3Fs1q5w
+JVLVHhtOjCwdj2QO9Xr17Nt0ZOfKoJdqth3LAVujMnOw9gbyTbCrCB+z1Mkq+dK4
+K0v6IPZqY76LVhR42y/lyG+MZ8jswg4I4qAE+iIwPi/9Tz9UdNwMfSr3gdD13pa3
+VqnGZG83prqPLEHwsSNpWGdDx7pQxgBkAPztO+7LPrMd1ck8Uugsq36pusLjdQ0C
+AwEAAQ==
+-----END PUBLIC KEY-----

certs/include.am

@@ -148,4 +148,5 @@ include certs/rsapss/include.am
 include certs/dilithium/include.am
 include certs/sphincs/include.am
 include certs/rpk/include.am
+include certs/acert/include.am
 

configure.ac

@@ -3843,6 +3843,12 @@ then
  ENABLED_KEYGEN=yes
 fi
 
+# ATTRIBUTE CERTIFICATES
+AC_ARG_ENABLE([acert],
+ [AS_HELP_STRING([--enable-acert],[Enable attribute certificate support (default: disabled)])],
+ [ ENABLED_ACERT=$enableval ],
+ [ ENABLED_ACERT=no ]
+ )
 
 # CERT GENERATION
 AC_ARG_ENABLE([certgen],
@@ -9240,6 +9246,9 @@ AS_IF([test "x$ENABLED_ALTNAMES" = "xyes"],
 AS_IF([test "x$ENABLED_KEYGEN" = "xyes"],
  [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"])
 
+AS_IF([test "x$ENABLED_ACERT" = "xyes"],
+ [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ACERT"])
+
 AS_IF([test "x$ENABLED_CERTREQ" = "xyes"],
  [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_REQ"])
 
@@ -10230,6 +10239,7 @@ echo " * BLAKE2S: $ENABLED_BLAKE2S"
 echo " * SipHash: $ENABLED_SIPHASH"
 echo " * CMAC: $ENABLED_CMAC"
 echo " * keygen: $ENABLED_KEYGEN"
+echo " * acert: $ENABLED_ACERT"
 echo " * certgen: $ENABLED_CERTGEN"
 echo " * certreq: $ENABLED_CERTREQ"
 echo " * certext: $ENABLED_CERTEXT"

src/internal.c

@@ -12640,6 +12640,45 @@ static void AddSessionCertToChain(WOLFSSL_X509_CHAIN* chain,
 }
 #endif
 
+#if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) || \
+ defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
+ defined(WOLFSSL_ACERT)
+ static int CopyAltNames(DNS_entry** to, DNS_entry* from, int type, void* heap)
+{
+ /* Copy from to the beginning of to */
+ DNS_entry** prev_next = to;
+ DNS_entry* next;
+
+ if (to == NULL) {
+ return BAD_FUNC_ARG;
+ }
+
+ next = *to;
+
+ for (; from != NULL; from = from->next) {
+ DNS_entry* dnsEntry;
+
+ if (type != -1 && from->type != type)
+ continue;
+
+ dnsEntry = AltNameDup(from, heap);
+ if (dnsEntry == NULL) {
+ WOLFSSL_MSG("\tOut of Memory");
+ return MEMORY_E;
+ }
+
+ dnsEntry->next = next;
+ *prev_next = dnsEntry;
+ prev_next = &dnsEntry->next;
+ }
+
+ return 0;
+}
+#endif /* KEEP_PEER_CERT || SESSION_CERTS ||
+ * OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL ||
+ * WOLFSSL_ACERT */
+
+
 #if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) || \
  defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 void CopyDecodedName(WOLFSSL_X509_NAME* name, DecodedCert* dCert, int nameType)
@@ -12674,38 +12713,6 @@ void CopyDecodedName(WOLFSSL_X509_NAME* name, DecodedCert* dCert, int nameType)
  }
 }
 
-static int CopyAltNames(DNS_entry** to, DNS_entry* from, int type, void* heap)
-{
- /* Copy from to the beginning of to */
- DNS_entry** prev_next = to;
- DNS_entry* next;
-
- if (to == NULL) {
- return BAD_FUNC_ARG;
- }
-
- next = *to;
-
- for (; from != NULL; from = from->next) {
- DNS_entry* dnsEntry;
-
- if (type != -1 && from->type != type)
- continue;
-
- dnsEntry = AltNameDup(from, heap);
- if (dnsEntry == NULL) {
- WOLFSSL_MSG("\tOut of Memory");
- return MEMORY_E;
- }
-
- dnsEntry->next = next;
- *prev_next = dnsEntry;
- prev_next = &dnsEntry->next;
- }
-
- return 0;
-}
-
 #ifdef WOLFSSL_CERT_REQ
 static int CopyREQAttributes(WOLFSSL_X509* x509, DecodedCert* dCert)
 {
@@ -13212,6 +13219,122 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
 
 #endif /* KEEP_PEER_CERT || SESSION_CERTS */
 
+#if defined(WOLFSSL_ACERT)
+/* Copy a DecodedAcert structure to an X509_ACERT.
+ *
+ * @param [out] x509 the dst X509 acert structure
+ * @param [in] dAcert the src decoded acert structure
+ *
+ * @return 0 on success
+ * @return < 0 on error
+ * */
+int CopyDecodedAcertToX509(WOLFSSL_X509_ACERT* x509, DecodedAcert* dAcert)
+{
+ int ret = 0;
+
+ if (x509 == NULL || dAcert == NULL) {
+ return BAD_FUNC_ARG;
+ }
+
+ /* Copy version and serial number. */
+ x509->version = dAcert->version + 1;
+
+ XMEMCPY(x509->serial, dAcert->serial, EXTERNAL_SERIAL_SIZE);
+ x509->serialSz = dAcert->serialSz;
+
+ if (dAcert->holderSerialSz > 0) {
+ /* This ACERT Holder field had a serial number. Copy it. */
+ XMEMCPY(x509->holderSerial, dAcert->holderSerial,
+ dAcert->holderSerialSz);
+ x509->holderSerialSz = dAcert->holderSerialSz;
+ }
+
+ /* Copy before and after dates. */
+ {
+ int minSz = 0;
+
+ if (dAcert->beforeDateLen > 0) {
+ minSz = (int)min(dAcert->beforeDate[1], MAX_DATE_SZ);
+ x509->notBefore.type = dAcert->beforeDate[0];
+ x509->notBefore.length = minSz;
+ XMEMCPY(x509->notBefore.data, &dAcert->beforeDate[2], minSz);
+ }
+ else {
+ x509->notBefore.length = 0;
+ }
+
+ if (dAcert->afterDateLen > 0) {
+ minSz = (int)min(dAcert->afterDate[1], MAX_DATE_SZ);
+ x509->notAfter.type = dAcert->afterDate[0];
+ x509->notAfter.length = minSz;
+ XMEMCPY(x509->notAfter.data, &dAcert->afterDate[2], minSz);
+ }
+ else {
+ x509->notAfter.length = 0;
+ }
+ }
+
+ /* Copy the signature. */
+ if (dAcert->signature != NULL && dAcert->sigLength != 0 &&
+ dAcert->sigLength <= MAX_ENCODED_SIG_SZ) {
+ x509->sig.buffer = (byte*)XMALLOC(
+ dAcert->sigLength, x509->heap, DYNAMIC_TYPE_SIGNATURE);
+ if (x509->sig.buffer == NULL) {
+ ret = MEMORY_E;
+ }
+ else {
+ XMEMCPY(x509->sig.buffer, dAcert->signature, dAcert->sigLength);
+ x509->sig.length = dAcert->sigLength;
+ x509->sigOID = (int)dAcert->signatureOID;
+ }
+ }
+
+ /* if der contains original source buffer then store for potential
+ * retrieval */
+ if (dAcert->source != NULL && dAcert->maxIdx > 0) {
+ if (AllocDer(&x509->derCert, dAcert->maxIdx, CERT_TYPE, x509->heap)
+ == 0) {
+ XMEMCPY(x509->derCert->buffer, dAcert->source, dAcert->maxIdx);
+ }
+ else {
+ ret = MEMORY_E;
+ }
+ }
+
+ /* Copy holder and att cert issuer names if present. */
+ if (CopyAltNames(&x509->holderIssuerName, dAcert->holderIssuerName,
+ ASN_DIR_TYPE, x509->heap) != 0) {
+ return MEMORY_E;
+ }
+
+ if (CopyAltNames(&x509->holderEntityName, dAcert->holderEntityName,
+ ASN_DIR_TYPE, x509->heap) != 0) {
+ return MEMORY_E;
+ }
+
+ if (CopyAltNames(&x509->AttCertIssuerName, dAcert->AttCertIssuerName,
+ ASN_DIR_TYPE, x509->heap) != 0) {
+ return MEMORY_E;
+ }
+
+ if (dAcert->rawAttr && dAcert->rawAttrLen > 0) {
+ /* Allocate space for the raw Attributes field, then copy it in. */
+ x509->rawAttr = (byte*)XMALLOC(dAcert->rawAttrLen, x509->heap,
+ DYNAMIC_TYPE_X509_EXT);
+ if (x509->rawAttr != NULL) {
+ XMEMCPY(x509->rawAttr, dAcert->rawAttr, dAcert->rawAttrLen);
+ x509->rawAttrLen = dAcert->rawAttrLen;
+ }
+ else {
+ ret = MEMORY_E;
+ }
+ }
+
+ return ret;
+}
+#endif /* WOLFSSL_ACERT */
+
+
 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \
  (defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) && !defined(WOLFSSL_NO_TLS12))
 static int ProcessCSR(WOLFSSL* ssl, byte* input, word32* inOutIdx,