diff --git a/ctaocrypt/src/asn.c b/ctaocrypt/src/asn.c index 23674205f..935723bcd 100644 --- a/ctaocrypt/src/asn.c +++ b/ctaocrypt/src/asn.c @@ -1285,6 +1285,7 @@ void InitDecodedCert(DecodedCert* cert, byte* source, word32 inSz, void* heap) cert->signature = 0; cert->subjectCN = 0; cert->subjectCNLen = 0; + cert->subjectCNEnc = CTC_UTF8; cert->subjectCNStored = 0; cert->altNames = NULL; #ifndef IGNORE_NAME_CONSTRAINTS @@ -1323,16 +1324,22 @@ void InitDecodedCert(DecodedCert* cert, byte* source, word32 inSz, void* heap) #ifdef CYASSL_CERT_GEN cert->subjectSN = 0; cert->subjectSNLen = 0; + cert->subjectSNEnc = CTC_UTF8; cert->subjectC = 0; cert->subjectCLen = 0; + cert->subjectCEnc = CTC_PRINTABLE; cert->subjectL = 0; cert->subjectLLen = 0; + cert->subjectLEnc = CTC_UTF8; cert->subjectST = 0; cert->subjectSTLen = 0; + cert->subjectSTEnc = CTC_UTF8; cert->subjectO = 0; cert->subjectOLen = 0; + cert->subjectOEnc = CTC_UTF8; cert->subjectOU = 0; cert->subjectOULen = 0; + cert->subjectOUEnc = CTC_UTF8; cert->subjectEmail = 0; cert->subjectEmailLen = 0; #endif /* CYASSL_CERT_GEN */ @@ -1722,8 +1729,7 @@ static int GetName(DecodedCert* cert, int nameType) cert->srcIdx += 2; id = cert->source[cert->srcIdx++]; - b = cert->source[cert->srcIdx++]; /* strType */ - (void)b; /* may want to validate? */ + b = cert->source[cert->srcIdx++]; /* encoding */ if (GetLength(cert->source, &cert->srcIdx, &strLen, cert->maxIdx) < 0) @@ -1739,6 +1745,7 @@ static int GetName(DecodedCert* cert, int nameType) if (nameType == SUBJECT) { cert->subjectCN = (char *)&cert->source[cert->srcIdx]; cert->subjectCNLen = strLen; + cert->subjectCNEnc = b; } if (!tooBig) { @@ -1761,6 +1768,7 @@ static int GetName(DecodedCert* cert, int nameType) if (nameType == SUBJECT) { cert->subjectSN = (char*)&cert->source[cert->srcIdx]; cert->subjectSNLen = strLen; + cert->subjectSNEnc = b; } #endif /* CYASSL_CERT_GEN */ #ifdef OPENSSL_EXTRA @@ -1778,6 +1786,7 @@ static int GetName(DecodedCert* cert, int nameType) if (nameType == SUBJECT) { cert->subjectC = (char*)&cert->source[cert->srcIdx]; cert->subjectCLen = strLen; + cert->subjectCEnc = b; } #endif /* CYASSL_CERT_GEN */ #ifdef OPENSSL_EXTRA @@ -1795,6 +1804,7 @@ static int GetName(DecodedCert* cert, int nameType) if (nameType == SUBJECT) { cert->subjectL = (char*)&cert->source[cert->srcIdx]; cert->subjectLLen = strLen; + cert->subjectLEnc = b; } #endif /* CYASSL_CERT_GEN */ #ifdef OPENSSL_EXTRA @@ -1812,6 +1822,7 @@ static int GetName(DecodedCert* cert, int nameType) if (nameType == SUBJECT) { cert->subjectST = (char*)&cert->source[cert->srcIdx]; cert->subjectSTLen = strLen; + cert->subjectSTEnc = b; } #endif /* CYASSL_CERT_GEN */ #ifdef OPENSSL_EXTRA @@ -1829,6 +1840,7 @@ static int GetName(DecodedCert* cert, int nameType) if (nameType == SUBJECT) { cert->subjectO = (char*)&cert->source[cert->srcIdx]; cert->subjectOLen = strLen; + cert->subjectOEnc = b; } #endif /* CYASSL_CERT_GEN */ #ifdef OPENSSL_EXTRA @@ -1846,6 +1858,7 @@ static int GetName(DecodedCert* cert, int nameType) if (nameType == SUBJECT) { cert->subjectOU = (char*)&cert->source[cert->srcIdx]; cert->subjectOULen = strLen; + cert->subjectOUEnc = b; } #endif /* CYASSL_CERT_GEN */ #ifdef OPENSSL_EXTRA @@ -4465,21 +4478,35 @@ void InitCert(Cert* cert) XMEMSET(cert->serial, 0, CTC_SERIAL_SIZE); cert->issuer.country[0] = '\0'; + cert->issuer.countryEnc = CTC_PRINTABLE; cert->issuer.state[0] = '\0'; + cert->issuer.stateEnc = CTC_UTF8; cert->issuer.locality[0] = '\0'; + cert->issuer.localityEnc = CTC_UTF8; cert->issuer.sur[0] = '\0'; + cert->issuer.surEnc = CTC_UTF8; cert->issuer.org[0] = '\0'; + cert->issuer.orgEnc = CTC_UTF8; cert->issuer.unit[0] = '\0'; + cert->issuer.unitEnc = CTC_UTF8; cert->issuer.commonName[0] = '\0'; + cert->issuer.commonNameEnc = CTC_UTF8; cert->issuer.email[0] = '\0'; cert->subject.country[0] = '\0'; + cert->subject.countryEnc = CTC_PRINTABLE; cert->subject.state[0] = '\0'; + cert->subject.stateEnc = CTC_UTF8; cert->subject.locality[0] = '\0'; + cert->subject.localityEnc = CTC_UTF8; cert->subject.sur[0] = '\0'; + cert->subject.surEnc = CTC_UTF8; cert->subject.org[0] = '\0'; + cert->subject.orgEnc = CTC_UTF8; cert->subject.unit[0] = '\0'; + cert->subject.unitEnc = CTC_UTF8; cert->subject.commonName[0] = '\0'; + cert->subject.commonNameEnc = CTC_UTF8; cert->subject.email[0] = '\0'; #ifdef CYASSL_CERT_REQ @@ -4838,6 +4865,37 @@ static const char* GetOneName(CertName* name, int idx) } +/* Get Which Name Encoding from index */ +static char GetNameType(CertName* name, int idx) +{ + switch (idx) { + case 0: + return name->countryEnc; + + case 1: + return name->stateEnc; + + case 2: + return name->localityEnc; + + case 3: + return name->surEnc; + + case 4: + return name->orgEnc; + + case 5: + return name->unitEnc; + + case 6: + return name->commonNameEnc; + + default: + return 0; + } +} + + /* Get ASN Name from index */ static byte GetNameId(int idx) { @@ -4987,10 +5045,7 @@ static int SetName(byte* output, CertName* name) /* id type */ names[i].encoded[idx++] = bType; /* str type */ - if (bType == ASN_COUNTRY_NAME) - names[i].encoded[idx++] = 0x13; /* printable */ - else - names[i].encoded[idx++] = 0x0c; /* utf8 */ + names[i].encoded[idx++] = GetNameType(name, i); } /* second length */ XMEMCPY(names[i].encoded + idx, secondLen, secondSz); @@ -5714,42 +5769,49 @@ static int SetNameFromCert(CertName* cn, const byte* der, int derSz) CTC_NAME_SIZE - 1; strncpy(cn->commonName, decoded.subjectCN, CTC_NAME_SIZE); cn->commonName[sz] = 0; + cn->commonNameEnc = decoded.subjectCNEnc; } if (decoded.subjectC) { sz = (decoded.subjectCLen < CTC_NAME_SIZE) ? decoded.subjectCLen : CTC_NAME_SIZE - 1; strncpy(cn->country, decoded.subjectC, CTC_NAME_SIZE); cn->country[sz] = 0; + cn->countryEnc = decoded.subjectCEnc; } if (decoded.subjectST) { sz = (decoded.subjectSTLen < CTC_NAME_SIZE) ? decoded.subjectSTLen : CTC_NAME_SIZE - 1; strncpy(cn->state, decoded.subjectST, CTC_NAME_SIZE); cn->state[sz] = 0; + cn->stateEnc = decoded.subjectSTEnc; } if (decoded.subjectL) { sz = (decoded.subjectLLen < CTC_NAME_SIZE) ? decoded.subjectLLen : CTC_NAME_SIZE - 1; strncpy(cn->locality, decoded.subjectL, CTC_NAME_SIZE); cn->locality[sz] = 0; + cn->localityEnc = decoded.subjectLEnc; } if (decoded.subjectO) { sz = (decoded.subjectOLen < CTC_NAME_SIZE) ? decoded.subjectOLen : CTC_NAME_SIZE - 1; strncpy(cn->org, decoded.subjectO, CTC_NAME_SIZE); cn->org[sz] = 0; + cn->orgEnc = decoded.subjectOEnc; } if (decoded.subjectOU) { sz = (decoded.subjectOULen < CTC_NAME_SIZE) ? decoded.subjectOULen : CTC_NAME_SIZE - 1; strncpy(cn->unit, decoded.subjectOU, CTC_NAME_SIZE); cn->unit[sz] = 0; + cn->unitEnc = decoded.subjectOUEnc; } if (decoded.subjectSN) { sz = (decoded.subjectSNLen < CTC_NAME_SIZE) ? decoded.subjectSNLen : CTC_NAME_SIZE - 1; strncpy(cn->sur, decoded.subjectSN, CTC_NAME_SIZE); cn->sur[sz] = 0; + cn->surEnc = decoded.subjectSNEnc; } if (decoded.subjectEmail) { sz = (decoded.subjectEmailLen < CTC_NAME_SIZE) ? diff --git a/cyassl/ctaocrypt/asn.h b/cyassl/ctaocrypt/asn.h index 411bd13d9..f9a14617e 100644 --- a/cyassl/ctaocrypt/asn.h +++ b/cyassl/ctaocrypt/asn.h @@ -340,7 +340,8 @@ struct DecodedCert { #endif /* HAVE_OCSP */ byte* signature; /* not owned, points into raw cert */ char* subjectCN; /* CommonName */ - int subjectCNLen; + int subjectCNLen; /* CommonName Length */ + char subjectCNEnc; /* CommonName Encoding */ int subjectCNStored; /* have we saved a copy we own */ char issuer[ASN_NAME_MAX]; /* full name including common name */ char subject[ASN_NAME_MAX]; /* full name including common name */ @@ -411,16 +412,22 @@ struct DecodedCert { /* easy access to subject info for other sign */ char* subjectSN; int subjectSNLen; + char subjectSNEnc; char* subjectC; int subjectCLen; + char subjectCEnc; char* subjectL; int subjectLLen; + char subjectLEnc; char* subjectST; int subjectSTLen; + char subjectSTEnc; char* subjectO; int subjectOLen; + char subjectOEnc; char* subjectOU; int subjectOULen; + char subjectOUEnc; char* subjectEmail; int subjectEmailLen; #endif /* CYASSL_CERT_GEN */ diff --git a/cyassl/ctaocrypt/asn_public.h b/cyassl/ctaocrypt/asn_public.h index 3ad601709..8873fcaf2 100644 --- a/cyassl/ctaocrypt/asn_public.h +++ b/cyassl/ctaocrypt/asn_public.h @@ -62,6 +62,11 @@ enum Ctc_SigType { CTC_SHA512wECDSA = 526 }; +enum Ctc_Encoding { + CTC_UTF8 = 0x0c, /* utf8 */ + CTC_PRINTABLE = 0x13 /* printable */ +}; + #ifdef CYASSL_CERT_GEN @@ -78,12 +83,19 @@ enum Ctc_Misc { typedef struct CertName { char country[CTC_NAME_SIZE]; + char countryEnc; char state[CTC_NAME_SIZE]; + char stateEnc; char locality[CTC_NAME_SIZE]; + char localityEnc; char sur[CTC_NAME_SIZE]; + char surEnc; char org[CTC_NAME_SIZE]; + char orgEnc; char unit[CTC_NAME_SIZE]; + char unitEnc; char commonName[CTC_NAME_SIZE]; + char commonNameEnc; char email[CTC_NAME_SIZE]; /* !!!! email has to be last !!!! */ } CertName;