diff --git a/src/ssl.c b/src/ssl.c index eae102b9e..51dc8dee2 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -41858,16 +41858,13 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) } if (x509->authKeyIdSz < sizeof(cert->akid)) { - #ifndef WOLFSSL_ASN_TEMPLATE /* Not supported with WOLFSSL_ASN_TEMPLATE at the moment. */ if (x509->authKeyIdSrc) { XMEMCPY(cert->akid, x509->authKeyIdSrc, x509->authKeyIdSrcSz); cert->akidSz = (int)x509->authKeyIdSrcSz; cert->rawAkid = 1; } - else - #endif - if (x509->authKeyId) { + else if (x509->authKeyId) { XMEMCPY(cert->akid, x509->authKeyId, x509->authKeyIdSz); cert->akidSz = (int)x509->authKeyIdSz; cert->rawAkid = 0; diff --git a/tests/api.c b/tests/api.c index 3d0eec56e..2b9cbab56 100644 --- a/tests/api.c +++ b/tests/api.c @@ -35680,7 +35680,6 @@ static void test_wolfSSL_X509_sign2(void) time_t t; const unsigned char expected[] = { -#ifndef WOLFSSL_ASN_TEMPLATE 0x30, 0x82, 0x04, 0xfd, 0x30, 0x82, 0x03, 0xe5, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xf1, 0x5c, 0x99, 0x43, 0x66, 0x3d, 0x96, 0x04, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, @@ -35788,100 +35787,6 @@ static void test_wolfSSL_X509_sign2(void) 0xec, 0xba, 0x3b, 0xa4, 0xfe, 0xa1, 0xfd, 0x26, 0x19, 0x7c, 0x2d, 0x14, 0x91, 0x91, 0x61, 0x30, 0x3e, 0xf4, 0x5c, 0x97, 0x4c, 0x06, 0x84, 0xab, 0x94, 0xa8, 0x17, 0x6c, 0xec, 0x19, 0xc0, 0x87, 0xd0 -#else - 0x30, 0x82, 0x04, 0x46, 0x30, 0x82, 0x03, 0x2e, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x09, 0x00, 0xf1, 0x5c, 0x99, 0x43, 0x66, 0x3d, 0x96, 0x04, - 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, - 0x0b, 0x05, 0x00, 0x30, 0x81, 0x94, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, - 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, - 0x03, 0x55, 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, - 0x61, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, - 0x42, 0x6f, 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x11, 0x30, 0x0f, 0x06, - 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6f, 0x6f, - 0x74, 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, - 0x0a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x74, 0x69, 0x6e, 0x67, 0x31, - 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x77, - 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, - 0x6d, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, - 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, - 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e, - 0x17, 0x0d, 0x30, 0x30, 0x30, 0x32, 0x31, 0x35, 0x32, 0x30, 0x33, 0x30, - 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x30, 0x31, 0x30, 0x32, 0x31, 0x34, 0x32, - 0x30, 0x33, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x81, 0x9e, 0x31, 0x0b, 0x30, - 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, - 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e, - 0x74, 0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, - 0x07, 0x0c, 0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x15, - 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0c, 0x77, 0x6f, 0x6c, - 0x66, 0x53, 0x53, 0x4c, 0x5f, 0x32, 0x30, 0x34, 0x38, 0x31, 0x19, 0x30, - 0x17, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x10, 0x50, 0x72, 0x6f, 0x67, - 0x72, 0x61, 0x6d, 0x6d, 0x69, 0x6e, 0x67, 0x2d, 0x32, 0x30, 0x34, 0x38, - 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, - 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, - 0x6f, 0x6d, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, - 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, - 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, - 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, - 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, - 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc3, 0x03, 0xd1, 0x2b, - 0xfe, 0x39, 0xa4, 0x32, 0x45, 0x3b, 0x53, 0xc8, 0x84, 0x2b, 0x2a, 0x7c, - 0x74, 0x9a, 0xbd, 0xaa, 0x2a, 0x52, 0x07, 0x47, 0xd6, 0xa6, 0x36, 0xb2, - 0x07, 0x32, 0x8e, 0xd0, 0xba, 0x69, 0x7b, 0xc6, 0xc3, 0x44, 0x9e, 0xd4, - 0x81, 0x48, 0xfd, 0x2d, 0x68, 0xa2, 0x8b, 0x67, 0xbb, 0xa1, 0x75, 0xc8, - 0x36, 0x2c, 0x4a, 0xd2, 0x1b, 0xf7, 0x8b, 0xba, 0xcf, 0x0d, 0xf9, 0xef, - 0xec, 0xf1, 0x81, 0x1e, 0x7b, 0x9b, 0x03, 0x47, 0x9a, 0xbf, 0x65, 0xcc, - 0x7f, 0x65, 0x24, 0x69, 0xa6, 0xe8, 0x14, 0x89, 0x5b, 0xe4, 0x34, 0xf7, - 0xc5, 0xb0, 0x14, 0x93, 0xf5, 0x67, 0x7b, 0x3a, 0x7a, 0x78, 0xe1, 0x01, - 0x56, 0x56, 0x91, 0xa6, 0x13, 0x42, 0x8d, 0xd2, 0x3c, 0x40, 0x9c, 0x4c, - 0xef, 0xd1, 0x86, 0xdf, 0x37, 0x51, 0x1b, 0x0c, 0xa1, 0x3b, 0xf5, 0xf1, - 0xa3, 0x4a, 0x35, 0xe4, 0xe1, 0xce, 0x96, 0xdf, 0x1b, 0x7e, 0xbf, 0x4e, - 0x97, 0xd0, 0x10, 0xe8, 0xa8, 0x08, 0x30, 0x81, 0xaf, 0x20, 0x0b, 0x43, - 0x14, 0xc5, 0x74, 0x67, 0xb4, 0x32, 0x82, 0x6f, 0x8d, 0x86, 0xc2, 0x88, - 0x40, 0x99, 0x36, 0x83, 0xba, 0x1e, 0x40, 0x72, 0x22, 0x17, 0xd7, 0x52, - 0x65, 0x24, 0x73, 0xb0, 0xce, 0xef, 0x19, 0xcd, 0xae, 0xff, 0x78, 0x6c, - 0x7b, 0xc0, 0x12, 0x03, 0xd4, 0x4e, 0x72, 0x0d, 0x50, 0x6d, 0x3b, 0xa3, - 0x3b, 0xa3, 0x99, 0x5e, 0x9d, 0xc8, 0xd9, 0x0c, 0x85, 0xb3, 0xd9, 0x8a, - 0xd9, 0x54, 0x26, 0xdb, 0x6d, 0xfa, 0xac, 0xbb, 0xff, 0x25, 0x4c, 0xc4, - 0xd1, 0x79, 0xf4, 0x71, 0xd3, 0x86, 0x40, 0x18, 0x13, 0xb0, 0x63, 0xb5, - 0x72, 0x4e, 0x30, 0xc4, 0x97, 0x84, 0x86, 0x2d, 0x56, 0x2f, 0xd7, 0x15, - 0xf7, 0x7f, 0xc0, 0xae, 0xf5, 0xfc, 0x5b, 0xe5, 0xfb, 0xa1, 0xba, 0xd3, - 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x81, 0x8e, 0x30, 0x81, 0x8b, 0x30, - 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, - 0xff, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x15, 0x30, 0x13, - 0x87, 0x04, 0x7f, 0x00, 0x00, 0x01, 0x82, 0x0b, 0x65, 0x78, 0x61, 0x6d, - 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1d, 0x06, 0x03, 0x55, - 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x33, 0xd8, 0x45, 0x66, 0xd7, 0x68, - 0x87, 0x18, 0x7e, 0x54, 0x0d, 0x70, 0x27, 0x91, 0xc7, 0x26, 0xd7, 0x85, - 0x65, 0xc0, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, - 0x16, 0x80, 0x14, 0x33, 0xd8, 0x45, 0x66, 0xd7, 0x68, 0x87, 0x18, 0x7e, - 0x54, 0x0d, 0x70, 0x27, 0x91, 0xc7, 0x26, 0xd7, 0x85, 0x65, 0xc0, 0x30, - 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, - 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, - 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, - 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, - 0x01, 0x00, 0x74, 0x83, 0x39, 0xc0, 0x03, 0x76, 0xfa, 0xdd, 0x8b, 0x00, - 0xfa, 0xaa, 0x5b, 0xdb, 0x56, 0xef, 0x2c, 0x26, 0x9a, 0xc2, 0x07, 0xdb, - 0xfd, 0x10, 0xd0, 0x55, 0xb9, 0xe2, 0x9e, 0xe7, 0x34, 0x26, 0x8b, 0xd2, - 0x62, 0x49, 0x86, 0x93, 0x8c, 0x6c, 0x41, 0x02, 0xdf, 0x7e, 0x99, 0xf7, - 0x7e, 0x1f, 0xda, 0x08, 0xad, 0x4d, 0x91, 0xdf, 0x11, 0x39, 0x6d, 0x90, - 0xf5, 0xfe, 0x91, 0xee, 0xc7, 0x44, 0xd2, 0x0f, 0xd1, 0x2d, 0xe2, 0xb8, - 0xf2, 0x89, 0x50, 0x9f, 0x55, 0xf3, 0x44, 0x44, 0x07, 0xd9, 0xd9, 0x71, - 0x68, 0xe6, 0xd6, 0xa8, 0x09, 0x01, 0xe6, 0x03, 0xd4, 0x5a, 0x57, 0xf3, - 0x8a, 0xab, 0x53, 0xe7, 0x71, 0x03, 0x65, 0xe3, 0x20, 0x57, 0xaf, 0x2a, - 0xbb, 0xc0, 0x1f, 0xe3, 0x2a, 0xcf, 0xbd, 0x39, 0x26, 0x4d, 0x58, 0x18, - 0x8c, 0x98, 0x22, 0x42, 0xf0, 0xaa, 0x20, 0x8f, 0xa2, 0x4c, 0x81, 0x8b, - 0xe1, 0x4a, 0xa4, 0xb1, 0x4e, 0x22, 0x8f, 0x09, 0xd9, 0x4c, 0x9d, 0x35, - 0xc7, 0x92, 0xc7, 0x77, 0xaf, 0x42, 0x0b, 0x38, 0x2c, 0xeb, 0xb8, 0xd4, - 0x67, 0xa6, 0xd4, 0x70, 0x79, 0x0f, 0x9a, 0xf9, 0xad, 0xd4, 0x7b, 0x21, - 0x25, 0xb5, 0xa6, 0xa1, 0x7b, 0xf5, 0xb4, 0x1d, 0x06, 0x9a, 0xad, 0xeb, - 0xc5, 0xe4, 0x39, 0xd6, 0xea, 0xd9, 0x15, 0xbf, 0x49, 0x32, 0x97, 0xe5, - 0x52, 0x52, 0x11, 0x7e, 0x2b, 0x32, 0x07, 0x44, 0x81, 0x37, 0x2e, 0xd4, - 0xa4, 0x1e, 0x32, 0xbf, 0x2f, 0xbd, 0xac, 0xcc, 0xb3, 0x77, 0x82, 0xae, - 0xbb, 0xf0, 0x37, 0xc0, 0x10, 0x4b, 0x64, 0xcf, 0x8e, 0xd7, 0x25, 0x59, - 0xf8, 0xaa, 0x83, 0xad, 0xeb, 0x7d, 0x00, 0x8b, 0x3e, 0xb8, 0x91, 0x3c, - 0x6c, 0x4c, 0x35, 0x53, 0x36, 0xa4, 0x02, 0xb8, 0xbe, 0x2d, 0x34, 0xb4, - 0x26, 0x03, 0x6b, 0x92, 0x2e, 0xd6 -#endif }; printf(testingFmt, "wolfSSL_X509_sign2"); @@ -37620,9 +37525,6 @@ static void test_wolfSSL_PEM_write_bio_X509(void) AssertIntEQ(PEM_write_bio_X509(output, x509), WOLFSSL_SUCCESS); -#ifndef WOLFSSL_ASN_TEMPLATE - /* WOLFSSL_ASN_TEMPLATE doesn't support writing the full AKID */ - /* Check that we generate the same output as was the input. */ AssertIntEQ(wolfSSL_BIO_get_len(output), #ifdef WOLFSSL_ALT_NAMES /* Here we copy the validity struct from the original */ @@ -37648,7 +37550,6 @@ static void test_wolfSSL_PEM_write_bio_X509(void) } AssertIntEQ(PEM_write_bio_X509(output, x509), WOLFSSL_SUCCESS); -#endif /* Check that we generate a smaller output since the AKID will * only contain the KeyIdentifier without any additional diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 850bbf83a..3e4c05312 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -612,8 +612,8 @@ static void SizeASN_CalcDataLength(const ASNItem* asn, ASNSetData *data, /* The length of a header only item doesn't include the data unless * a replacement buffer is supplied. */ - if (asn[j].headerOnly && data[j].dataType != - ASN_DATA_TYPE_REPLACE_BUFFER) { + if (asn[j].headerOnly && data[j].data.buffer.data == NULL && + data[j].dataType != ASN_DATA_TYPE_REPLACE_BUFFER) { data[idx].data.buffer.length += data[j].data.buffer.length; } } @@ -685,8 +685,16 @@ int SizeASN_Items(const ASNItem* asn, ASNSetData *data, int count, int* encSz) * Mostly used for constructed items. */ if (asn[i].headerOnly) { - /* Calculate data length from items below. */ - SizeASN_CalcDataLength(asn, data, i, count); + if (data[i].data.buffer.data != NULL) { + /* Force all child nodes to be ignored. Buffer + * overwrites children. */ + SetASNItem_NoOutBelow(data, asn, i, count); + } + else { + /* Calculate data length from items below if no buffer + * supplied. */ + SizeASN_CalcDataLength(asn, data, i, count); + } } if (asn[i].tag == ASN_BOOLEAN) { dataLen = 1; @@ -705,8 +713,9 @@ int SizeASN_Items(const ASNItem* asn, ASNSetData *data, int count, int* encSz) } /* Add in the size of tag and length. */ len += SizeASNHeader(dataLen); - /* Include data in length if not header only. */ - if (!asn[i].headerOnly) { + /* Include data in length if not header only or if + * buffer supplied. */ + if (!asn[i].headerOnly || data[i].data.buffer.data != NULL) { len += dataLen; } break; @@ -933,8 +942,10 @@ int SetASN_Items(const ASNItem* asn, ASNSetData *data, int count, byte* output) if (data[i].data.buffer.data == NULL) { data[i].data.buffer.data = out + idx; } - /* Copy supplied data if not putting out header only. */ - else if (!asn[i].headerOnly) { + /* Copy supplied data if not putting out header only or + * if buffer supplied. */ + else if (!asn[i].headerOnly || + data[i].data.buffer.data != NULL) { /* Allow data to come from output buffer. */ XMEMMOVE(out + idx, data[i].data.buffer.data, data[i].data.buffer.length); @@ -22378,7 +22389,15 @@ static int EncodeExtensions(Cert* cert, byte* output, word32 maxSz, if (cert->akidSz > 0) { /* Set Authority Key Identifier OID and data. */ SetASN_Buffer(&dataASN[15], akidOID, sizeof(akidOID)); - SetASN_Buffer(&dataASN[18], cert->akid, cert->akidSz); + if (cert->rawAkid) { + SetASN_Buffer(&dataASN[16], cert->akid, cert->akidSz); + /* cert->akid contains the internal ext structure */ + SetASNItem_NoOutBelow(dataASN, certExtsASN, 16, + certExtsASN_Length); + } + else { + SetASN_Buffer(&dataASN[18], cert->akid, cert->akidSz); + } } else { /* Don't write out Authority Key Identifier extension items. */ diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 840fa7b0c..a4c1829cc 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -166,7 +166,9 @@ typedef struct ASNItem { byte tag; /* Whether the ASN.1 item is constructed. */ byte constructed:1; - /* Whether to parse the header only or skip data. */ + /* Whether to parse the header only or skip data. If + * ASNSetData.data.buffer.data is supplied then this option gets + * overwritten and the child nodes get ignored. */ byte headerOnly:1; /* Whether ASN.1 item is optional. * - 0 means not optional @@ -587,6 +589,23 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType); } \ while (0) +/* Set the data items below node to not be encoded. + * + * @param [in] dataASN Dynamic ASN data item. + * @param [in] node Node who's children should not be encoded. + * @param [in] dataASNLen Number of items in dataASN. + */ +#define SetASNItem_NoOutBelow(dataASN, asn, node, dataASNLen) \ + do { \ + int ii; \ + for (ii = node + 1; ii < (int)(dataASNLen); ii++) { \ + if (asn[ii].depth <= asn[node].depth) \ + break; \ + dataASN[ii].noOut = 1; \ + } \ + } \ + while (0) + #endif /* WOLFSSL_ASN_TEMPLATE */