feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Add support for uknown certificate extensions in PKCS7

Browse Source
This commit is contained in:
Anthony Hu
2024-07-10 16:08:55 -04:00
parent e581930cb7
commit 6456281b41
2 changed files with 29 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
wolfcrypt/src/pkcs7.c
View File

@ -830,6 +830,15 @@ int wc_PKCS7_Init(PKCS7* pkcs7, void* heap, int devId)
return 0;
}
#if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \
&& defined(HAVE_OID_DECODING)
void wc_PKCS7_SetUnknownExtCallback(PKCS7* pkcs7, wc_UnknownExtCallback cb)
{
if (pkcs7 != NULL) {
pkcs7->unknownExtCallback = cb;
}
}
#endif
/* Certificate structure holding der pointer, size, and pointer to next
* Pkcs7Cert struct. Used when creating SignedData types with multiple
@ -1074,6 +1083,7 @@ int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* derCert, word32 derCertSz)
int devId;
Pkcs7Cert* cert;
Pkcs7Cert* lastCert;
wc_UnknownExtCallback cb;
if (pkcs7 == NULL || (derCert == NULL && derCertSz != 0)) {
return BAD_FUNC_ARG;
@ -1082,9 +1092,13 @@ int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* derCert, word32 derCertSz)
heap = pkcs7->heap;
devId = pkcs7->devId;
cert = pkcs7->certList;
cb = pkcs7->unknownExtCallback;
ret = wc_PKCS7_Init(pkcs7, heap, devId);
if (ret != 0)
return ret;
pkcs7->unknownExtCallback = cb;
pkcs7->certList = cert;
if (derCert != NULL && derCertSz > 0) {
@ -1133,6 +1147,11 @@ int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* derCert, word32 derCertSz)
}
InitDecodedCert(dCert, derCert, derCertSz, pkcs7->heap);
#if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \
&& defined(HAVE_OID_DECODING)
if (pkcs7->unknownExtCallback != NULL)
wc_SetUnknownExtCallback(dCert, pkcs7->unknownExtCallback);
#endif
ret = ParseCert(dCert, CA_TYPE, NO_VERIFY, 0);
if (ret < 0) {
FreeDecodedCert(dCert);

10
wolfssl/wolfcrypt/pkcs7.h
View File

@ -345,6 +345,11 @@ struct PKCS7 {
word32 plainDigestSz;
word32 pkcs7DigestSz;
#if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \
&& defined(HAVE_OID_DECODING)
wc_UnknownExtCallback unknownExtCallback;
#endif
#if defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && !defined(NO_RSA)
CallbackRsaSignRawDigest rsaSignRawDigestCb;
#endif
@ -358,6 +363,11 @@ struct PKCS7 {
};
WOLFSSL_API PKCS7* wc_PKCS7_New(void* heap, int devId);
#if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \
&& defined(HAVE_OID_DECODING)
WOLFSSL_API void wc_PKCS7_SetUnknownExtCallback(PKCS7* pkcs7,
wc_UnknownExtCallback cb);
#endif
WOLFSSL_API int wc_PKCS7_Init(PKCS7* pkcs7, void* heap, int devId);
WOLFSSL_API int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* der, word32 derSz);
WOLFSSL_API int wc_PKCS7_AddCertificate(PKCS7* pkcs7, byte* der, word32 derSz);