feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Make the critical extension flags in DecodedCert always available.

Browse Source 
Prior to this commit, these were guarded by OPENSSL_EXTRA ||
OPENSSL_EXTRA_X509_SMALL. Adding them into the struct for non-compatibility
layer builds only increases memory usage slightly and is useful for the user.
This commit is contained in:
Hayden Roche
2022-04-28 15:46:16 -07:00
parent ea8e9ee699
commit 895522aa18
2 changed files with 13 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
wolfcrypt/src/asn.c
View File

@ -16650,9 +16650,7 @@ static int DecodeExtensionType(const byte* input, int length, word32 oid,
/* Basic Constraints. */ /* Basic Constraints. */
case BASIC_CA_OID: case BASIC_CA_OID:
VERIFY_AND_SET_OID(cert->extBasicConstSet); VERIFY_AND_SET_OID(cert->extBasicConstSet);
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) cert->extBasicConstCrit = critical;
cert->extBasicConstCrit = critical;
#endif
if (DecodeBasicCaConstraint(input, length, cert) < 0) { if (DecodeBasicCaConstraint(input, length, cert) < 0) {
ret = ASN_PARSE_E; ret = ASN_PARSE_E;
} }
@ -16661,9 +16659,7 @@ static int DecodeExtensionType(const byte* input, int length, word32 oid,
/* CRL Distribution point. */ /* CRL Distribution point. */
case CRL_DIST_OID: case CRL_DIST_OID:
VERIFY_AND_SET_OID(cert->extCRLdistSet); VERIFY_AND_SET_OID(cert->extCRLdistSet);
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) cert->extCRLdistCrit = critical;
cert->extCRLdistCrit = critical;
#endif
if (DecodeCrlDist(input, length, cert) < 0) { if (DecodeCrlDist(input, length, cert) < 0) {
ret = ASN_PARSE_E; ret = ASN_PARSE_E;
} }
@ -16672,9 +16668,7 @@ static int DecodeExtensionType(const byte* input, int length, word32 oid,
/* Authority information access. */ /* Authority information access. */
case AUTH_INFO_OID: case AUTH_INFO_OID:
VERIFY_AND_SET_OID(cert->extAuthInfoSet); VERIFY_AND_SET_OID(cert->extAuthInfoSet);
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) cert->extAuthInfoCrit = critical;
cert->extAuthInfoCrit = critical;
#endif
if (DecodeAuthInfo(input, length, cert) < 0) { if (DecodeAuthInfo(input, length, cert) < 0) {
ret = ASN_PARSE_E; ret = ASN_PARSE_E;
} }
@ -16683,18 +16677,14 @@ static int DecodeExtensionType(const byte* input, int length, word32 oid,
/* Subject alternative name. */ /* Subject alternative name. */
case ALT_NAMES_OID: case ALT_NAMES_OID:
VERIFY_AND_SET_OID(cert->extSubjAltNameSet); VERIFY_AND_SET_OID(cert->extSubjAltNameSet);
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) cert->extSubjAltNameCrit = critical;
cert->extSubjAltNameCrit = critical;
#endif
ret = DecodeAltNames(input, length, cert); ret = DecodeAltNames(input, length, cert);
break; break;
/* Authority Key Identifier. */ /* Authority Key Identifier. */
case AUTH_KEY_OID: case AUTH_KEY_OID:
VERIFY_AND_SET_OID(cert->extAuthKeyIdSet); VERIFY_AND_SET_OID(cert->extAuthKeyIdSet);
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) cert->extAuthKeyIdCrit = critical;
cert->extAuthKeyIdCrit = critical;
#endif
#ifndef WOLFSSL_ALLOW_CRIT_SKID #ifndef WOLFSSL_ALLOW_CRIT_SKID
/* This check is added due to RFC 5280 section 4.2.1.1 /* This check is added due to RFC 5280 section 4.2.1.1
* stating that conforming CA's must mark this extension * stating that conforming CA's must mark this extension
@ -16714,9 +16704,7 @@ static int DecodeExtensionType(const byte* input, int length, word32 oid,
/* Subject Key Identifier. */ /* Subject Key Identifier. */
case SUBJ_KEY_OID: case SUBJ_KEY_OID:
VERIFY_AND_SET_OID(cert->extSubjKeyIdSet); VERIFY_AND_SET_OID(cert->extSubjKeyIdSet);
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) cert->extSubjKeyIdCrit = critical;
cert->extSubjKeyIdCrit = critical;
#endif
#ifndef WOLFSSL_ALLOW_CRIT_SKID #ifndef WOLFSSL_ALLOW_CRIT_SKID
/* This check is added due to RFC 5280 section 4.2.1.2 /* This check is added due to RFC 5280 section 4.2.1.2
* stating that conforming CA's must mark this extension * stating that conforming CA's must mark this extension
@ -16756,9 +16744,7 @@ static int DecodeExtensionType(const byte* input, int length, word32 oid,
/* Key usage. */ /* Key usage. */
case KEY_USAGE_OID: case KEY_USAGE_OID:
VERIFY_AND_SET_OID(cert->extKeyUsageSet); VERIFY_AND_SET_OID(cert->extKeyUsageSet);
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) cert->extKeyUsageCrit = critical;
cert->extKeyUsageCrit = critical;
#endif
if (DecodeKeyUsage(input, length, cert) < 0) { if (DecodeKeyUsage(input, length, cert) < 0) {
ret = ASN_PARSE_E; ret = ASN_PARSE_E;
} }
@ -16767,9 +16753,7 @@ static int DecodeExtensionType(const byte* input, int length, word32 oid,
/* Extended key usage. */ /* Extended key usage. */
case EXT_KEY_USAGE_OID: case EXT_KEY_USAGE_OID:
VERIFY_AND_SET_OID(cert->extExtKeyUsageSet); VERIFY_AND_SET_OID(cert->extExtKeyUsageSet);
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) cert->extExtKeyUsageCrit = critical;
cert->extExtKeyUsageCrit = critical;
#endif
if (DecodeExtKeyUsage(input, length, cert) < 0) { if (DecodeExtKeyUsage(input, length, cert) < 0) {
ret = ASN_PARSE_E; ret = ASN_PARSE_E;
} }
@ -16788,9 +16772,7 @@ static int DecodeExtensionType(const byte* input, int length, word32 oid,
} }
#endif #endif
VERIFY_AND_SET_OID(cert->extNameConstraintSet); VERIFY_AND_SET_OID(cert->extNameConstraintSet);
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) cert->extNameConstraintCrit = critical;
cert->extNameConstraintCrit = critical;
#endif
if (DecodeNameConstraints(input, length, cert) < 0) { if (DecodeNameConstraints(input, length, cert) < 0) {
ret = ASN_PARSE_E; ret = ASN_PARSE_E;
} }
@ -16822,9 +16804,7 @@ static int DecodeExtensionType(const byte* input, int length, word32 oid,
#endif #endif
case POLICY_CONST_OID: case POLICY_CONST_OID:
VERIFY_AND_SET_OID(cert->extPolicyConstSet); VERIFY_AND_SET_OID(cert->extPolicyConstSet);
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) cert->extPolicyConstCrit = critical;
cert->extPolicyConstCrit = critical;
#endif
if (DecodePolicyConstraints(&input[idx], length, cert) < 0) if (DecodePolicyConstraints(&input[idx], length, cert) < 0)
return ASN_PARSE_E; return ASN_PARSE_E;
break; break;

8
wolfssl/wolfcrypt/asn.h
View File

@ -1672,20 +1672,18 @@ struct DecodedCert {
#if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT) #if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT)
byte extCertPolicySet : 1; byte extCertPolicySet : 1;
#endif #endif
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
byte extCRLdistCrit : 1; byte extCRLdistCrit : 1;
byte extAuthInfoCrit : 1; byte extAuthInfoCrit : 1;
byte extBasicConstCrit : 1; byte extBasicConstCrit : 1;
byte extPolicyConstCrit : 1; byte extPolicyConstCrit : 1;
byte extSubjAltNameCrit : 1; byte extSubjAltNameCrit : 1;
byte extAuthKeyIdCrit : 1; byte extAuthKeyIdCrit : 1;
#ifndef IGNORE_NAME_CONSTRAINTS #ifndef IGNORE_NAME_CONSTRAINTS
byte extNameConstraintCrit : 1; byte extNameConstraintCrit : 1;
#endif #endif
byte extSubjKeyIdCrit : 1; byte extSubjKeyIdCrit : 1;
byte extKeyUsageCrit : 1; byte extKeyUsageCrit : 1;
byte extExtKeyUsageCrit : 1; byte extExtKeyUsageCrit : 1;
#endif /* OPENSSL_EXTRA */
#if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT) #if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT)
byte extCertPolicyCrit : 1; byte extCertPolicyCrit : 1;
#endif #endif