feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Add support for uknown certificate extensions in PKCS7

Browse Source
This commit is contained in:
Anthony Hu
2024-07-10 16:08:55 -04:00
parent e581930cb7
commit 6456281b41
2 changed files with 29 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
wolfcrypt/src/pkcs7.c
View File

@@ -830,6 +830,15 @@ int wc_PKCS7_Init(PKCS7* pkcs7, void* heap, int devId)
return 0; return 0;
} }
#if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \
&& defined(HAVE_OID_DECODING)
void wc_PKCS7_SetUnknownExtCallback(PKCS7* pkcs7, wc_UnknownExtCallback cb)
{
if (pkcs7 != NULL) {
pkcs7->unknownExtCallback = cb;
}
}
#endif
/* Certificate structure holding der pointer, size, and pointer to next /* Certificate structure holding der pointer, size, and pointer to next
* Pkcs7Cert struct. Used when creating SignedData types with multiple * Pkcs7Cert struct. Used when creating SignedData types with multiple
@@ -1074,6 +1083,7 @@ int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* derCert, word32 derCertSz)
int devId; int devId;
Pkcs7Cert* cert; Pkcs7Cert* cert;
Pkcs7Cert* lastCert; Pkcs7Cert* lastCert;
wc_UnknownExtCallback cb;
if (pkcs7 == NULL || (derCert == NULL && derCertSz != 0)) { if (pkcs7 == NULL || (derCert == NULL && derCertSz != 0)) {
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
@@ -1082,9 +1092,13 @@ int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* derCert, word32 derCertSz)
heap = pkcs7->heap; heap = pkcs7->heap;
devId = pkcs7->devId; devId = pkcs7->devId;
cert = pkcs7->certList; cert = pkcs7->certList;
cb = pkcs7->unknownExtCallback;
ret = wc_PKCS7_Init(pkcs7, heap, devId); ret = wc_PKCS7_Init(pkcs7, heap, devId);
if (ret != 0) if (ret != 0)
return ret; return ret;
pkcs7->unknownExtCallback = cb;
pkcs7->certList = cert; pkcs7->certList = cert;
if (derCert != NULL && derCertSz > 0) { if (derCert != NULL && derCertSz > 0) {
@@ -1133,6 +1147,11 @@ int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* derCert, word32 derCertSz)
} }
InitDecodedCert(dCert, derCert, derCertSz, pkcs7->heap); InitDecodedCert(dCert, derCert, derCertSz, pkcs7->heap);
#if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \
&& defined(HAVE_OID_DECODING)
if (pkcs7->unknownExtCallback != NULL)
wc_SetUnknownExtCallback(dCert, pkcs7->unknownExtCallback);
#endif
ret = ParseCert(dCert, CA_TYPE, NO_VERIFY, 0); ret = ParseCert(dCert, CA_TYPE, NO_VERIFY, 0);
if (ret < 0) { if (ret < 0) {
FreeDecodedCert(dCert); FreeDecodedCert(dCert);

10
wolfssl/wolfcrypt/pkcs7.h
View File

@@ -345,6 +345,11 @@ struct PKCS7 {
word32 plainDigestSz; word32 plainDigestSz;
word32 pkcs7DigestSz; word32 pkcs7DigestSz;
#if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \
&& defined(HAVE_OID_DECODING)
wc_UnknownExtCallback unknownExtCallback;
#endif
#if defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && !defined(NO_RSA) #if defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && !defined(NO_RSA)
CallbackRsaSignRawDigest rsaSignRawDigestCb; CallbackRsaSignRawDigest rsaSignRawDigestCb;
#endif #endif
@@ -358,6 +363,11 @@ struct PKCS7 {
}; };
WOLFSSL_API PKCS7* wc_PKCS7_New(void* heap, int devId); WOLFSSL_API PKCS7* wc_PKCS7_New(void* heap, int devId);
#if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \
&& defined(HAVE_OID_DECODING)
WOLFSSL_API void wc_PKCS7_SetUnknownExtCallback(PKCS7* pkcs7,
wc_UnknownExtCallback cb);
#endif
WOLFSSL_API int wc_PKCS7_Init(PKCS7* pkcs7, void* heap, int devId); WOLFSSL_API int wc_PKCS7_Init(PKCS7* pkcs7, void* heap, int devId);
WOLFSSL_API int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* der, word32 derSz); WOLFSSL_API int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* der, word32 derSz);
WOLFSSL_API int wc_PKCS7_AddCertificate(PKCS7* pkcs7, byte* der, word32 derSz); WOLFSSL_API int wc_PKCS7_AddCertificate(PKCS7* pkcs7, byte* der, word32 derSz);