feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

x509 AIA: store the first OCSP and CA Issuer URI's

Browse Source 
Solves ZD17033
This commit is contained in:
Juliusz Sosinowicz
2023-11-27 14:47:16 +01:00
parent 008d4958bf
commit 8ac891d902
2 changed files with 12 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
wolfcrypt/src/asn.c
View File

@ -18961,7 +18961,6 @@ static int DecodeAuthInfo(const byte* input, word32 sz, DecodedCert* cert)
#ifndef WOLFSSL_ASN_TEMPLATE #ifndef WOLFSSL_ASN_TEMPLATE
word32 idx = 0; word32 idx = 0;
int length = 0; int length = 0;
int count = 0;
byte b = 0; byte b = 0;
word32 oid; word32 oid;
@ -18971,7 +18970,7 @@ static int DecodeAuthInfo(const byte* input, word32 sz, DecodedCert* cert)
if (GetSequence(input, &idx, &length, sz) < 0) if (GetSequence(input, &idx, &length, sz) < 0)
return ASN_PARSE_E; return ASN_PARSE_E;
while ((idx < (word32)sz) && (count < MAX_AIA_SZ)) { while ((idx < (word32)sz)) {
/* Unwrap a single AIA */ /* Unwrap a single AIA */
if (GetSequence(input, &idx, &length, sz) < 0) if (GetSequence(input, &idx, &length, sz) < 0)
return ASN_PARSE_E; return ASN_PARSE_E;
@ -18989,23 +18988,22 @@ static int DecodeAuthInfo(const byte* input, word32 sz, DecodedCert* cert)
return ASN_PARSE_E; return ASN_PARSE_E;
/* Set ocsp entry */ /* Set ocsp entry */
if (b == GENERALNAME_URI && oid == AIA_OCSP_OID) if (b == GENERALNAME_URI && oid == AIA_OCSP_OID &&
cert->extAuthInfo == NULL)
{ {
cert->extAuthInfoSz = length; cert->extAuthInfoSz = length;
cert->extAuthInfo = input + idx; cert->extAuthInfo = input + idx;
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) #if !defined(OPENSSL_ALL) && !defined(WOLFSSL_QT)
count++;
#else
break; break;
#endif #endif
} }
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
/* Set CaIssuers entry */ /* Set CaIssuers entry */
else if ((b == GENERALNAME_URI) && oid == AIA_CA_ISSUER_OID) else if ((b == GENERALNAME_URI) && oid == AIA_CA_ISSUER_OID &&
cert->extAuthInfoCaIssuer == NULL)
{ {
cert->extAuthInfoCaIssuerSz = length; cert->extAuthInfoCaIssuerSz = length;
cert->extAuthInfoCaIssuer = input + idx; cert->extAuthInfoCaIssuer = input + idx;
count++;
} }
#endif #endif
idx += (word32)length; idx += (word32)length;
@ -19015,7 +19013,6 @@ static int DecodeAuthInfo(const byte* input, word32 sz, DecodedCert* cert)
#else #else
word32 idx = 0; word32 idx = 0;
int length = 0; int length = 0;
int count = 0;
int ret = 0; int ret = 0;
WOLFSSL_ENTER("DecodeAuthInfo"); WOLFSSL_ENTER("DecodeAuthInfo");
@ -19025,7 +19022,7 @@ static int DecodeAuthInfo(const byte* input, word32 sz, DecodedCert* cert)
ret = ASN_PARSE_E; ret = ASN_PARSE_E;
} }
while ((ret == 0) && (idx < (word32)sz) && (count < MAX_AIA_SZ)) { while ((ret == 0) && (idx < (word32)sz)) {
ASNGetData dataASN[accessDescASN_Length]; ASNGetData dataASN[accessDescASN_Length];
/* Clear dynamic data and retrieve OID and name. */ /* Clear dynamic data and retrieve OID and name. */
@ -19040,14 +19037,13 @@ static int DecodeAuthInfo(const byte* input, word32 sz, DecodedCert* cert)
/* Check we have OCSP and URI. */ /* Check we have OCSP and URI. */
if ((dataASN[ACCESSDESCASN_IDX_METH].data.oid.sum == AIA_OCSP_OID) && if ((dataASN[ACCESSDESCASN_IDX_METH].data.oid.sum == AIA_OCSP_OID) &&
(dataASN[ACCESSDESCASN_IDX_LOC].tag == GENERALNAME_URI)) { (dataASN[ACCESSDESCASN_IDX_LOC].tag == GENERALNAME_URI) &&
(cert->extAuthInfo == NULL)) {
/* Store URI for OCSP lookup. */ /* Store URI for OCSP lookup. */
GetASN_GetConstRef(&dataASN[ACCESSDESCASN_IDX_LOC], GetASN_GetConstRef(&dataASN[ACCESSDESCASN_IDX_LOC],
&cert->extAuthInfo, &sz32); &cert->extAuthInfo, &sz32);
cert->extAuthInfoSz = (int)sz32; cert->extAuthInfoSz = (int)sz32;
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) #if !defined(OPENSSL_ALL) && !defined(WOLFSSL_QT)
count++;
#else
break; break;
#endif #endif
} }
@ -19055,12 +19051,12 @@ static int DecodeAuthInfo(const byte* input, word32 sz, DecodedCert* cert)
/* Check we have CA Issuer and URI. */ /* Check we have CA Issuer and URI. */
else if ((dataASN[ACCESSDESCASN_IDX_METH].data.oid.sum == else if ((dataASN[ACCESSDESCASN_IDX_METH].data.oid.sum ==
AIA_CA_ISSUER_OID) && AIA_CA_ISSUER_OID) &&
(dataASN[ACCESSDESCASN_IDX_LOC].tag == GENERALNAME_URI)) { (dataASN[ACCESSDESCASN_IDX_LOC].tag == GENERALNAME_URI) &&
(cert->extAuthInfoCaIssuer == NULL)) {
/* Set CaIssuers entry */ /* Set CaIssuers entry */
GetASN_GetConstRef(&dataASN[ACCESSDESCASN_IDX_LOC], GetASN_GetConstRef(&dataASN[ACCESSDESCASN_IDX_LOC],
&cert->extAuthInfoCaIssuer, &sz32); &cert->extAuthInfoCaIssuer, &sz32);
cert->extAuthInfoCaIssuerSz = (int)sz32; cert->extAuthInfoCaIssuerSz = (int)sz32;
count++;
} }
#endif #endif
/* Otherwise skip. */ /* Otherwise skip. */

1
wolfssl/wolfcrypt/asn.h
View File

@ -1004,7 +1004,6 @@ enum Misc_ASN {
MAX_CERTPOL_NB = CTC_MAX_CERTPOL_NB,/* Max number of Cert Policy */ MAX_CERTPOL_NB = CTC_MAX_CERTPOL_NB,/* Max number of Cert Policy */
MAX_CERTPOL_SZ = CTC_MAX_CERTPOL_SZ, MAX_CERTPOL_SZ = CTC_MAX_CERTPOL_SZ,
#endif #endif
MAX_AIA_SZ = 2, /* Max Authority Info Access extension size*/
OCSP_NONCE_EXT_SZ = 35, /* OCSP Nonce Extension size */ OCSP_NONCE_EXT_SZ = 35, /* OCSP Nonce Extension size */
MAX_OCSP_EXT_SZ = 58, /* Max OCSP Extension length */ MAX_OCSP_EXT_SZ = 58, /* Max OCSP Extension length */
MAX_OCSP_NONCE_SZ = 16, /* OCSP Nonce size */ MAX_OCSP_NONCE_SZ = 16, /* OCSP Nonce size */