feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

CSR: confirm the signature when verify == VERIFY

Browse Source
This commit is contained in:
Juliusz Sosinowicz
2022-06-14 17:12:14 +02:00
parent afaf41823c
commit 8e84560f71
2 changed files with 36 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
tests/api.c
View File

@@ -30576,7 +30576,7 @@ static void test_wc_GetPubKeyDerFromCert(void)
XFCLOSE(fp); XFCLOSE(fp);
wc_InitDecodedCert(&decoded, certBuf, certBufSz, NULL); wc_InitDecodedCert(&decoded, certBuf, certBufSz, NULL);
ret = wc_ParseCert(&decoded, CERTREQ_TYPE, NO_VERIFY, NULL); ret = wc_ParseCert(&decoded, CERTREQ_TYPE, VERIFY, NULL);
AssertIntEQ(ret, 0); AssertIntEQ(ret, 0);
/* good test case - RSA DER certificate request */ /* good test case - RSA DER certificate request */

40
wolfcrypt/src/asn.c
View File

@@ -13090,9 +13090,16 @@ int DecodeToKey(DecodedCert* cert, int verify)
return ret; return ret;
/* Determine if self signed */ /* Determine if self signed */
cert->selfSigned = XMEMCMP(cert->issuerHash, #ifdef WOLFSSL_CERT_REQ
cert->subjectHash, if (cert->isCSR)
KEYID_SIZE) == 0 ? 1 : 0; cert->selfSigned = 1;
else
#endif
{
cert->selfSigned = XMEMCMP(cert->issuerHash,
cert->subjectHash,
KEYID_SIZE) == 0 ? 1 : 0;
}
ret = GetCertKey(cert, cert->source, &cert->srcIdx, cert->maxIdx); ret = GetCertKey(cert, cert->source, &cert->srcIdx, cert->maxIdx);
if (ret != 0) if (ret != 0)
@@ -18092,8 +18099,15 @@ static int DecodeCertInternal(DecodedCert* cert, int verify, int* criticalExt,
} }
if (ret == 0) { if (ret == 0) {
/* Determine if self signed by comparing issuer and subject hashes. */ /* Determine if self signed by comparing issuer and subject hashes. */
cert->selfSigned = XMEMCMP(cert->issuerHash, cert->subjectHash, #ifdef WOLFSSL_CERT_REQ
KEYID_SIZE) == 0 ? 1 : 0; if (cert->isCSR)
cert->selfSigned = 1;
else
#endif
{
cert->selfSigned = XMEMCMP(cert->issuerHash, cert->subjectHash,
KEYID_SIZE) == 0 ? 1 : 0;
}
if (stopAtPubKey) { if (stopAtPubKey) {
/* Return any bad date error through badDateRet and return offset of /* Return any bad date error through badDateRet and return offset of
@@ -19755,6 +19769,22 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
} }
#endif /* IGNORE_NAME_CONSTRAINTS */ #endif /* IGNORE_NAME_CONSTRAINTS */
} }
#ifdef WOLFSSL_CERT_REQ
else if (type == CERTREQ_TYPE) {
if ((ret = ConfirmSignature(&cert->sigCtx,
cert->source + cert->certBegin,
cert->sigIndex - cert->certBegin,
cert->publicKey, cert->pubKeySize,
cert->keyOID, cert->signature,
cert->sigLength, cert->signatureOID,
sce_tsip_encRsaKeyIdx)) != 0) {
if (ret != WC_PENDING_E) {
WOLFSSL_MSG("Confirm signature failed");
}
return ret;
}
}
#endif
else { else {
/* no signer */ /* no signer */
WOLFSSL_MSG("No CA signer to verify with"); WOLFSSL_MSG("No CA signer to verify with");