Merge pull request #6561 from lealem47/zd16348

JacobBarthelmeh · web-flow · commit 2acc4a6dd5fa · 2023-07-21T17:04:47.000-06:00
Fix for adding pkcs9 contentType entry name
diff --git a/src/x509.c b/src/x509.c
@@ -10500,6 +10500,7 @@ static int ConvertNIDToWolfSSL(int nid)
         case NID_organizationName: return ASN_ORG_NAME;
         case NID_organizationalUnitName: return ASN_ORGUNIT_NAME;
         case NID_emailAddress: return ASN_EMAIL_NAME;
+        case NID_pkcs9_contentType: return ASN_CONTENT_TYPE;
         case NID_serialNumber: return ASN_SERIAL_NUMBER;
         case NID_userId: return ASN_USER_ID;
         case NID_businessCategory: return ASN_BUS_CAT;
@@ -12631,6 +12632,10 @@ static int get_dn_attr_by_nid(int n, const char** buf)
             str = "DC";
             len = 2;
             break;
+        case NID_pkcs9_contentType:
+            str = "contentType";
+            len = 11;
+            break;
         default:
             WOLFSSL_MSG("Attribute type not found");
             str = NULL;
diff --git a/tests/api.c b/tests/api.c
@@ -39717,6 +39717,7 @@ static int test_wolfSSL_X509_NAME_ENTRY(void)
 
         ExpectNotNull(subject = X509_NAME_oneline(nm, 0, 0));
         ExpectNotNull(XSTRSTR(subject, "favouriteDrink=tequila"));
+        ExpectNotNull(XSTRSTR(subject, "contentType=Server"));
     #ifdef DEBUG_WOLFSSL
         if (subject != NULL) {
             fprintf(stderr, "\n\t%s\n", subject);
@@ -57149,7 +57150,8 @@ static int test_ECDH_compute_key(void)
 #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
     defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && \
     !defined(NO_ASN_TIME)
-static int test_openssl_make_self_signed_certificate(EVP_PKEY* pkey)
+static int test_openssl_make_self_signed_certificate(EVP_PKEY* pkey,
+        int expectedDerSz)
 {
     EXPECT_DECLS;
     X509* x509 = NULL;
@@ -57158,6 +57160,7 @@ static int test_openssl_make_self_signed_certificate(EVP_PKEY* pkey)
     time_t epoch_off = 0;
     ASN1_INTEGER* asn1_serial_number;
     long not_before, not_after;
+    int derSz;
 
     ExpectNotNull(x509 = X509_new());
 
@@ -57175,6 +57178,8 @@ static int test_openssl_make_self_signed_certificate(EVP_PKEY* pkey)
 
     ExpectIntNE(X509_NAME_add_entry_by_NID(name, NID_commonName, MBSTRING_UTF8,
         (unsigned char*)"www.wolfssl.com", -1, -1, 0), 0);
+    ExpectIntNE(X509_NAME_add_entry_by_NID(name, NID_pkcs9_contentType,
+                MBSTRING_UTF8,(unsigned char*)"Server", -1, -1, 0), 0);
 
     ExpectIntNE(X509_set_subject_name(x509, name), 0);
     ExpectIntNE(X509_set_issuer_name(x509, name), 0);
@@ -57188,6 +57193,9 @@ static int test_openssl_make_self_signed_certificate(EVP_PKEY* pkey)
 
     ExpectIntNE(X509_sign(x509, pkey, EVP_sha256()), 0);
 
+    ExpectNotNull(wolfSSL_X509_get_der(x509, &derSz));
+    ExpectIntGE(derSz, expectedDerSz);
+
     BN_free(serial_number);
     X509_NAME_free(name);
     X509_free(x509);
@@ -57205,6 +57213,7 @@ static int test_openssl_generate_key_and_cert(void)
     EC_KEY* ec_key = NULL;
 #endif
 #if !defined(NO_RSA)
+    int expectedDerSz;
     int key_length = 2048;
     BIGNUM* exponent = NULL;
     RSA* rsa = NULL;
@@ -57243,11 +57252,13 @@ static int test_openssl_generate_key_and_cert(void)
 
     #if !defined(NO_CERTS) && defined(WOLFSSL_CERT_GEN) && \
             defined(WOLFSSL_CERT_REQ) && !defined(NO_ASN_TIME)
-        ExpectIntEQ(test_openssl_make_self_signed_certificate(pkey),
-            TEST_SUCCESS);
+        expectedDerSz = 743;
+        ExpectIntEQ(test_openssl_make_self_signed_certificate(pkey,
+                    expectedDerSz), TEST_SUCCESS);
     #endif
     }
 
+    (void)expectedDerSz;
     EVP_PKEY_free(pkey);
     pkey = NULL;
     BN_free(exponent);
@@ -57269,7 +57280,9 @@ static int test_openssl_generate_key_and_cert(void)
 
 #if !defined(NO_CERTS) && defined(WOLFSSL_CERT_GEN) && \
         defined(WOLFSSL_CERT_REQ) && !defined(NO_ASN_TIME)
-    ExpectIntEQ(test_openssl_make_self_signed_certificate(pkey), TEST_SUCCESS);
+    expectedDerSz = 345;
+    ExpectIntEQ(test_openssl_make_self_signed_certificate(pkey, expectedDerSz),
+                TEST_SUCCESS);
 #endif
 
     EVP_PKEY_free(pkey);
diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
@@ -13194,6 +13194,18 @@ static int GetRDN(DecodedCert* cert, char* full, word32* idx, int* nid,
         *nid = NID_favouriteDrink;
     #endif
     }
+#ifdef WOLFSSL_CERT_REQ
+    else if (oidSz == sizeof(attrPkcs9ContentTypeOid) &&
+             XMEMCMP(oid, attrPkcs9ContentTypeOid, oidSz) == 0) {
+        /* Set the pkcs9_contentType, type string, length and NID. */
+        id = ASN_CONTENT_TYPE;
+        typeStr = WOLFSSL_CONTENT_TYPE;
+        typeStrLen = sizeof(WOLFSSL_CONTENT_TYPE) - 1;
+    #ifdef WOLFSSL_X509_NAME_AVAILABLE
+        *nid = NID_pkcs9_contentType;
+    #endif
+    }
+#endif
     /* Other OIDs that start with the same values. */
     else if (oidSz == sizeof(dcOid) && XMEMCMP(oid, dcOid, oidSz-1) == 0) {
         WOLFSSL_MSG("Unknown pilot attribute type");
@@ -13845,7 +13857,6 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                         nid = NID_userId;
                     #endif /* OPENSSL_EXTRA */
                         break;
-
                     case ASN_DOMAIN_COMPONENT:
                         copy = WOLFSSL_DOMAIN_COMPONENT;
                         copyLen = sizeof(WOLFSSL_DOMAIN_COMPONENT) - 1;
@@ -13864,7 +13875,15 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
                         nid = NID_favouriteDrink;
                     #endif /* OPENSSL_EXTRA */
                         break;
-
+                    case ASN_CONTENT_TYPE:
+                        copy = WOLFSSL_CONTENT_TYPE;
+                        copyLen = sizeof(WOLFSSL_CONTENT_TYPE) - 1;
+                    #if (defined(OPENSSL_EXTRA) || \
+                        defined(OPENSSL_EXTRA_X509_SMALL)) \
+                        && !defined(WOLFCRYPT_ONLY)
+                        nid = NID_pkcs9_contentType;
+                    #endif /* OPENSSL_EXTRA */
+                        break;
                     default:
                         WOLFSSL_MSG("Unknown pilot attribute type");
                     #if (defined(OPENSSL_EXTRA) || \
@@ -26457,6 +26476,12 @@ static int EncodeName(EncodedName* name, const char* nameStr,
             thisLen += cname->custom.oidSz;
             firstSz = cname->custom.oidSz;
             break;
+    #endif
+    #ifdef WOLFSSL_CERT_REQ
+        case ASN_CONTENT_TYPE:
+            thisLen += (int)sizeof(attrPkcs9ContentTypeOid);
+            firstSz  = (int)sizeof(attrPkcs9ContentTypeOid);
+            break;
     #endif
         default:
             thisLen += DN_OID_SZ;
@@ -26521,6 +26546,15 @@ static int EncodeName(EncodedName* name, const char* nameStr,
             /* str type */
             name->encoded[idx++] = nameTag;
             break;
+    #endif
+    #ifdef WOLFSSL_CERT_REQ
+        case ASN_CONTENT_TYPE:
+            XMEMCPY(name->encoded + idx, attrPkcs9ContentTypeOid,
+                    sizeof(attrPkcs9ContentTypeOid));
+            idx += (int)sizeof(attrPkcs9ContentTypeOid);
+            /* str type */
+            name->encoded[idx++] = nameTag;
+            break;
     #endif
         default:
             name->encoded[idx++] = 0x55;
@@ -26593,6 +26627,12 @@ static int EncodeName(EncodedName* name, const char* nameStr,
                 oid = cname->custom.oid;
                 oidSz = cname->custom.oidSz;
                 break;
+        #endif
+        #ifdef WOLFSSL_CERT_REQ
+            case ASN_CONTENT_TYPE:
+                oid = attrPkcs9ContentTypeOid;
+                oidSz = sizeof(attrPkcs9ContentTypeOid);
+                break;
         #endif
             default:
                 /* Construct OID using type. */
diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h
@@ -710,8 +710,10 @@ enum DN_Tags {
     ASN_DNQUALIFIER   = 0x2e,   /* dnQualifier */
 #endif /* WOLFSSL_CERT_NAME_ALL */
 
-    ASN_EMAIL_NAME    = 0x98,   /* not actual OID (see attrEmailOid) */
-    ASN_CUSTOM_NAME   = 0x99,   /* not actual OID (see CertOidField) */
+
+    ASN_CONTENT_TYPE  = 0x97, /* not actual OID (see attrPkcs9ContentTypeOid) */
+    ASN_EMAIL_NAME    = 0x98, /* not actual OID (see attrEmailOid) */
+    ASN_CUSTOM_NAME   = 0x99, /* not actual OID (see CertOidField) */
 
     /* pilot attribute types
      * OID values of 0.9.2342.19200300.100.1.* */
@@ -768,6 +770,7 @@ extern const WOLFSSL_ObjectInfo wolfssl_object_info[];
 #define WOLFSSL_USER_ID          "/UID="
 #define WOLFSSL_DOMAIN_COMPONENT "/DC="
 #define WOLFSSL_FAVOURITE_DRINK  "/favouriteDrink="
+#define WOLFSSL_CONTENT_TYPE     "/contentType="
 
 #if defined(WOLFSSL_APACHE_HTTPD)
     /* otherName strings */
