added ASN template code and WOLFSSL_CERT_EXT, still missing testcase

2022-07-19 10:38:47 +02:00
parent 1b6ce6150e
commit 6ce5f645f3
1 changed files with 16 additions and 4 deletions
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -24344,8 +24344,17 @@ static int EncodeExtensions(Cert* cert, byte* output, word32 maxSz,
            /* Set Basic Constraints to be a Certificate Authority. */
            SetASN_Boolean(&dataASN[CERTEXTSASN_IDX_BC_CA], 1);
            SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_BC_OID], bcOID, sizeof(bcOID));
-            /* TODO: consider adding path length field in Cert. */
-            dataASN[CERTEXTSASN_IDX_BC_PATHLEN].noOut = 1;
+            if (cert->pathLen
+            #ifdef WOLFSSL_CERT_EXT
+                && ((cert->keyUsage & KEYUSE_KEY_CERT_SIGN) || (!cert->keyUsage))
+            #endif
+            ) {
+                SetASN_Int8Bit(&dataASN[CERTEXTSASN_IDX_BC_PATHLEN],
+                        cert->pathLen);
+            }
+            else {
+                dataASN[CERTEXTSASN_IDX_BC_PATHLEN].noOut = 1;
+            }
        }
        else if (cert->basicConstSet) {
            /* Set Basic Constraints to be a non Certificate Authority. */
@@ -24941,8 +24950,11 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
     * asserted and the key usage extension, if present, asserts the
     * keyCertSign bit */
    /* Set CA and path length */
-    if ((cert->isCA) && (cert->pathLen) &&
-        ((cert->keyUsage & KEYUSE_KEY_CERT_SIGN) || (!cert->keyUsage))) {
+    if ((cert->isCA) && (cert->pathLen)
+#ifdef WOLFSSL_CERT_EXT
+        && ((cert->keyUsage & KEYUSE_KEY_CERT_SIGN) || (!cert->keyUsage))
+#endif
+        ) {
        der->caSz = SetCaWithPathLen(der->ca, sizeof(der->ca), cert->pathLen);
        if (der->caSz <= 0)
            return CA_TRUE_E;