feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

ASN template: properly handle WOLFSSL_CERT_EXT

Browse Source 
Encoding extensions didn't properly handle WOLFSSL_CERT_EXT not being
defined.
This commit is contained in:
Sean Parkinson
2022-05-26 10:01:59 +10:00
parent fa80aa6505
commit cacf5aeb7e
1 changed files with 26 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
wolfcrypt/src/asn.c
View File

@@ -23601,11 +23601,14 @@ static int EncodeExtensions(Cert* cert, byte* output, word32 maxSz,
SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_SKID_KEYID], SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_SKID_KEYID],
cert->skid, cert->skidSz); cert->skid, cert->skidSz);
} }
else { else
#endif
{
/* Don't write out Subject Key Identifier extension items. */ /* Don't write out Subject Key Identifier extension items. */
SetASNItem_NoOut(dataASN, CERTEXTSASN_IDX_SKID_SEQ, SetASNItem_NoOut(dataASN, CERTEXTSASN_IDX_SKID_SEQ,
CERTEXTSASN_IDX_SKID_KEYID); CERTEXTSASN_IDX_SKID_KEYID);
} }
#ifdef WOLFSSL_CERT_EXT
if (cert->akidSz > 0) { if (cert->akidSz > 0) {
/* Set Authority Key Identifier OID and data. */ /* Set Authority Key Identifier OID and data. */
SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_AKID_OID], SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_AKID_OID],
@@ -23625,11 +23628,14 @@ static int EncodeExtensions(Cert* cert, byte* output, word32 maxSz,
cert->akid, cert->akidSz); cert->akid, cert->akidSz);
} }
} }
else { else
#endif
{
/* Don't write out Authority Key Identifier extension items. */ /* Don't write out Authority Key Identifier extension items. */
SetASNItem_NoOut(dataASN, CERTEXTSASN_IDX_AKID_SEQ, SetASNItem_NoOut(dataASN, CERTEXTSASN_IDX_AKID_SEQ,
CERTEXTSASN_IDX_AKID_KEYID); CERTEXTSASN_IDX_AKID_KEYID);
} }
#ifdef WOLFSSL_CERT_EXT
if (cert->keyUsage != 0) { if (cert->keyUsage != 0) {
/* Set Key Usage OID, critical and value. */ /* Set Key Usage OID, critical and value. */
SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_KU_OID], SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_KU_OID],
@@ -23638,11 +23644,14 @@ static int EncodeExtensions(Cert* cert, byte* output, word32 maxSz,
SetASN_Int16Bit(&dataASN[CERTEXTSASN_IDX_KU_USAGE], SetASN_Int16Bit(&dataASN[CERTEXTSASN_IDX_KU_USAGE],
cert->keyUsage); cert->keyUsage);
} }
else { else
#endif
{
/* Don't write out Key Usage extension items. */ /* Don't write out Key Usage extension items. */
SetASNItem_NoOut(dataASN, CERTEXTSASN_IDX_KU_SEQ, SetASNItem_NoOut(dataASN, CERTEXTSASN_IDX_KU_SEQ,
CERTEXTSASN_IDX_KU_USAGE); CERTEXTSASN_IDX_KU_USAGE);
} }
#ifdef WOLFSSL_CERT_EXT
if (cert->extKeyUsage != 0) { if (cert->extKeyUsage != 0) {
/* Calculate size of Extended Key Usage data. */ /* Calculate size of Extended Key Usage data. */
sz = SetExtKeyUsage(cert, NULL, 0, cert->extKeyUsage); sz = SetExtKeyUsage(cert, NULL, 0, cert->extKeyUsage);
@@ -23655,12 +23664,15 @@ static int EncodeExtensions(Cert* cert, byte* output, word32 maxSz,
SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_EKU_STR], SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_EKU_STR],
NULL, sz); NULL, sz);
} }
else { else
#endif
{
/* Don't write out Extended Key Usage extension items. */ /* Don't write out Extended Key Usage extension items. */
SetASNItem_NoOut(dataASN, CERTEXTSASN_IDX_EKU_SEQ, SetASNItem_NoOut(dataASN, CERTEXTSASN_IDX_EKU_SEQ,
CERTEXTSASN_IDX_EKU_STR); CERTEXTSASN_IDX_EKU_STR);
} }
#ifdef WOLFSSL_CERT_EXT
if ((!forRequest) && (cert->certPoliciesNb > 0)) { if ((!forRequest) && (cert->certPoliciesNb > 0)) {
/* Calculate size of certificate policies. */ /* Calculate size of certificate policies. */
sz = SetCertificatePolicies(NULL, 0, cert->certPolicies, sz = SetCertificatePolicies(NULL, 0, cert->certPolicies,
@@ -23677,12 +23689,14 @@ static int EncodeExtensions(Cert* cert, byte* output, word32 maxSz,
ret = CERTPOLICIES_E; ret = CERTPOLICIES_E;
} }
} }
else { else
#endif
{
/* Don't write out Certificate Policies extension items. */ /* Don't write out Certificate Policies extension items. */
SetASNItem_NoOut(dataASN, CERTEXTSASN_IDX_POLICIES_SEQ, SetASNItem_NoOut(dataASN, CERTEXTSASN_IDX_POLICIES_SEQ,
CERTEXTSASN_IDX_POLICIES_INFO); CERTEXTSASN_IDX_POLICIES_INFO);
} }
#ifndef IGNORE_NETSCAPE_CERT_TYPE #if defined(WOLFSSL_CERT_EXT) && !defined(IGNORE_NETSCAPE_CERT_TYPE)
/* Netscape Certificate Type */ /* Netscape Certificate Type */
if (cert->nsCertType != 0) { if (cert->nsCertType != 0) {
/* Set Netscape Certificate Type OID and data. */ /* Set Netscape Certificate Type OID and data. */
@@ -23698,6 +23712,7 @@ static int EncodeExtensions(Cert* cert, byte* output, word32 maxSz,
SetASNItem_NoOut(dataASN, CERTEXTSASN_IDX_NSTYPE_SEQ, SetASNItem_NoOut(dataASN, CERTEXTSASN_IDX_NSTYPE_SEQ,
CERTEXTSASN_IDX_NSTYPE_USAGE); CERTEXTSASN_IDX_NSTYPE_USAGE);
} }
#ifdef WOLFSSL_CERT_EXT
if (cert->crlInfoSz > 0) { if (cert->crlInfoSz > 0) {
/* Set CRL Distribution Points OID and data. */ /* Set CRL Distribution Points OID and data. */
SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_CRLINFO_OID], SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_CRLINFO_OID],
@@ -23705,13 +23720,15 @@ static int EncodeExtensions(Cert* cert, byte* output, word32 maxSz,
SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_CRLINFO_STR], SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_CRLINFO_STR],
cert->crlInfo, cert->crlInfoSz); cert->crlInfo, cert->crlInfoSz);
} }
else { else
#endif
{
/* Don't write out CRL Distribution Points. */ /* Don't write out CRL Distribution Points. */
SetASNItem_NoOut(dataASN, CERTEXTSASN_IDX_CRLINFO_SEQ, SetASNItem_NoOut(dataASN, CERTEXTSASN_IDX_CRLINFO_SEQ,
CERTEXTSASN_IDX_CRLINFO_STR); CERTEXTSASN_IDX_CRLINFO_STR);
} }
#ifdef WOLFSSL_CUSTOM_OID #if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CUSTOM_OID)
/* encode a custom oid and value */ /* encode a custom oid and value */
if (cert->extCustom.oidSz > 0) { if (cert->extCustom.oidSz > 0) {
/* Set CRL Distribution Points OID and data. */ /* Set CRL Distribution Points OID and data. */
@@ -23729,7 +23746,7 @@ static int EncodeExtensions(Cert* cert, byte* output, word32 maxSz,
} }
i = 0; i = 0;
#ifdef WOLFSSL_CUSTOM_OID #if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CUSTOM_OID)
for (; i < cert->customCertExtCount; i++) { for (; i < cert->customCertExtCount; i++) {
int idx = CERTEXTSASN_IDX_START_CUSTOM + (i * 4); int idx = CERTEXTSASN_IDX_START_CUSTOM + (i * 4);
word32 encodedOidSz = MAX_OID_SZ; word32 encodedOidSz = MAX_OID_SZ;
@@ -23757,7 +23774,6 @@ static int EncodeExtensions(Cert* cert, byte* output, word32 maxSz,
CERTEXTSASN_IDX_START_CUSTOM + (i * 4) + 3); CERTEXTSASN_IDX_START_CUSTOM + (i * 4) + 3);
i++; i++;
} }
#endif /* WOLFSSL_CERT_EXT */
} }
if (ret == 0) { if (ret == 0) {