feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

For OCSP, when decoding X.509 Auth Info Access record, find the first

Browse Source 
OCSP responder, rather than only looking at the first item.
This commit is contained in:
John Safranek
2014-02-03 14:39:41 -08:00
parent 909b9258d6
commit 2758f40a09
2 changed files with 20 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
ctaocrypt/src/asn.c
View File

@@ -3081,6 +3081,7 @@ static void DecodeAuthInfo(byte* input, int sz, DecodedCert* cert)
{ {
word32 idx = 0; word32 idx = 0;
int length = 0; int length = 0;
byte b;
word32 oid; word32 oid;
CYASSL_ENTER("DecodeAuthInfo"); CYASSL_ENTER("DecodeAuthInfo");
@@ -3088,35 +3089,26 @@ static void DecodeAuthInfo(byte* input, int sz, DecodedCert* cert)
/* Unwrap the list of AIAs */ /* Unwrap the list of AIAs */
if (GetSequence(input, &idx, &length, sz) < 0) return; if (GetSequence(input, &idx, &length, sz) < 0) return;
/* Unwrap a single AIA */ while (idx < (word32)sz) {
if (GetSequence(input, &idx, &length, sz) < 0) return; /* Unwrap a single AIA */
if (GetSequence(input, &idx, &length, sz) < 0) return;
oid = 0; oid = 0;
if (GetObjectId(input, &idx, &oid, sz) < 0) return; if (GetObjectId(input, &idx, &oid, sz) < 0) return;
/* Only supporting URIs right now. */ /* Only supporting URIs right now. */
if (input[idx] == (ASN_CONTEXT_SPECIFIC | GENERALNAME_URI)) b = input[idx++];
{
idx++;
if (GetLength(input, &idx, &length, sz) < 0) return; if (GetLength(input, &idx, &length, sz) < 0) return;
cert->extAuthInfoSz = length; if (b == (ASN_CONTEXT_SPECIFIC | GENERALNAME_URI) &&
cert->extAuthInfo = input + idx; oid == AIA_OCSP_OID)
{
cert->extAuthInfoSz = length;
cert->extAuthInfo = input + idx;
break;
}
idx += length; idx += length;
} }
else
{
/* Skip anything else. */
idx++;
if (GetLength(input, &idx, &length, sz) < 0) return;
idx += length;
}
if (idx < (word32)sz)
{
CYASSL_MSG("\tThere are more Authority Information Access records, "
"but we only use first one.");
}
return; return;
} }

5
cyassl/ctaocrypt/asn.h
View File

@@ -227,6 +227,11 @@ enum SepHardwareName_Sum {
HW_NAME_OID = 79 /* 1.3.6.1.5.5.7.8.4 from RFC 4108*/ HW_NAME_OID = 79 /* 1.3.6.1.5.5.7.8.4 from RFC 4108*/
}; };
enum AuthInfo_Sum {
AIA_OCSP_OID = 116, /* 1.3.6.1.5.5.7.48.1 */
AIA_CA_ISSUER_OID = 117 /* 1.3.6.1.5.5.7.48.2 */
};
enum VerifyType { enum VerifyType {
NO_VERIFY = 0, NO_VERIFY = 0,