forked from wolfSSL/wolfssl
flattens the serial number
This commit is contained in:
@ -4113,48 +4113,57 @@ int OcspResponseDecode(OcspResponse* resp)
|
||||
}
|
||||
|
||||
|
||||
static int SetInt(const byte* input, word32 inputSz, byte* output)
|
||||
static int SetSerialNumber(const byte* sn, word32 snSz, byte* output)
|
||||
{
|
||||
return 0;
|
||||
int result = 0;
|
||||
|
||||
if (snSz <= EXTERNAL_SERIAL_SIZE) {
|
||||
output[0] = ASN_INTEGER;
|
||||
output[1] = snSz;
|
||||
output[2] = 0;
|
||||
XMEMCPY(&output[3], sn, snSz);
|
||||
result = snSz + 3;
|
||||
}
|
||||
return result;
|
||||
}
|
||||
#define MAX_INT_SZ 32
|
||||
|
||||
|
||||
int EncodeOcspRequest(DecodedCert* cert, byte* output, word32 outputSz)
|
||||
{
|
||||
byte seqArray[5][MAX_SEQ_SZ];
|
||||
/* The ASN.1 of the OCSP Request is an onion of sequences */
|
||||
byte algoArray[MAX_ALGO_SZ];
|
||||
byte issuerArray[MAX_ENCODED_DIG_SZ];
|
||||
byte issuerKeyArray[MAX_ENCODED_DIG_SZ];
|
||||
byte snArray[MAX_INT_SZ];
|
||||
byte seqArray[5][MAX_SEQ_SZ];
|
||||
/* The ASN.1 of the OCSP Request is an onion of sequences */
|
||||
byte algoArray[MAX_ALGO_SZ];
|
||||
byte issuerArray[MAX_ENCODED_DIG_SZ];
|
||||
byte issuerKeyArray[MAX_ENCODED_DIG_SZ];
|
||||
byte snArray[MAX_SN_SZ];
|
||||
|
||||
word32 seqSz[5], algoSz, issuerSz, issuerKeySz, snSz, totalSz;
|
||||
int i;
|
||||
word32 seqSz[5], algoSz, issuerSz, issuerKeySz, snSz, totalSz;
|
||||
int i;
|
||||
|
||||
algoSz = SetAlgoID(SHAh, algoArray, hashType);
|
||||
issuerSz = SetDigest(cert->issuerHash, SHA_SIZE, issuerArray);
|
||||
issuerKeySz = SetDigest(cert->issuerKeyHash, SHA_SIZE, issuerKeyArray);
|
||||
snSz = SetInt(cert->serial, cert->serialSz, snArray);
|
||||
algoSz = SetAlgoID(SHAh, algoArray, hashType);
|
||||
issuerSz = SetDigest(cert->issuerHash, SHA_SIZE, issuerArray);
|
||||
issuerKeySz = SetDigest(cert->issuerKeyHash, SHA_SIZE, issuerKeyArray);
|
||||
snSz = SetSerialNumber(cert->serial, cert->serialSz, snArray);
|
||||
|
||||
totalSz = algoSz + issuerSz + issuerKeySz + snSz;
|
||||
totalSz = algoSz + issuerSz + issuerKeySz + snSz;
|
||||
|
||||
for (i = 4; i >= 0; i--) {
|
||||
seqSz[i] = SetSequence(totalSz, seqArray[i]);
|
||||
totalSz += seqSz[i];
|
||||
}
|
||||
totalSz = 0;
|
||||
for (i = 0; i < 5; i++) {
|
||||
XMEMCPY(output + totalSz, seqArray[i], seqSz[i]);
|
||||
totalSz += seqSz[i];
|
||||
}
|
||||
XMEMCPY(output + totalSz, algoArray, algoSz);
|
||||
totalSz += algoSz;
|
||||
XMEMCPY(output + totalSz, issuerArray, issuerSz);
|
||||
totalSz += issuerSz;
|
||||
XMEMCPY(output + totalSz, issuerKeyArray, issuerKeySz);
|
||||
totalSz += issuerKeySz;
|
||||
XMEMCPY(output + totalSz, snArray, snSz);
|
||||
totalSz += snSz;
|
||||
for (i = 4; i >= 0; i--) {
|
||||
seqSz[i] = SetSequence(totalSz, seqArray[i]);
|
||||
totalSz += seqSz[i];
|
||||
}
|
||||
totalSz = 0;
|
||||
for (i = 0; i < 5; i++) {
|
||||
XMEMCPY(output + totalSz, seqArray[i], seqSz[i]);
|
||||
totalSz += seqSz[i];
|
||||
}
|
||||
XMEMCPY(output + totalSz, algoArray, algoSz);
|
||||
totalSz += algoSz;
|
||||
XMEMCPY(output + totalSz, issuerArray, issuerSz);
|
||||
totalSz += issuerSz;
|
||||
XMEMCPY(output + totalSz, issuerKeyArray, issuerKeySz);
|
||||
totalSz += issuerKeySz;
|
||||
XMEMCPY(output + totalSz, snArray, snSz);
|
||||
totalSz += snSz;
|
||||
|
||||
return totalSz;
|
||||
}
|
||||
|
@ -127,6 +127,7 @@ enum Misc_ASN {
|
||||
MAX_LENGTH_SZ = 4, /* Max length size for DER encoding */
|
||||
MAX_RSA_E_SZ = 16, /* Max RSA public e size */
|
||||
MAX_CA_SZ = 32, /* Max encoded CA basic constraint length */
|
||||
MAX_SN_SZ = 35, /* Max encoded serial number (INT) length */
|
||||
#ifdef CYASSL_CERT_GEN
|
||||
#ifdef CYASSL_ALT_NAMES
|
||||
MAX_EXTENSIONS_SZ = 1 + MAX_LENGTH_SZ + CTC_MAX_ALT_SIZE,
|
||||
|
@ -202,7 +202,7 @@ static int build_http_request(CYASSL_OCSP* ocsp, int ocspReqSz,
|
||||
ocsp->overridePath, ocsp->overrideName, ocspReqSz);
|
||||
}
|
||||
|
||||
|
||||
#if 0
|
||||
static const char foo[] = \
|
||||
"\x30\x81\xB7\x30\x81\xB4\x30\x81\x8C\x30\x44\x30\x42\x30\x09\x06\x05\x2B\x0E\x03" \
|
||||
"\x02\x1A\x05\x00\x04\x14\x49\x2D\x52\x83\x4B\x40\x37\xF5\xA9\x9E\x26\xA2\x3E\x48" \
|
||||
@ -221,7 +221,7 @@ static int build_ocsp_request(CYASSL_OCSP* ocsp, byte* buf, int bufSz)
|
||||
memcpy(buf, foo, sizeof(foo));
|
||||
return sizeof(foo) - 1;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
static byte* decode_http_response(byte* httpBuf, int httpBufSz, int* ocspRespSz)
|
||||
{
|
||||
@ -311,6 +311,7 @@ int CyaSSL_OCSP_Lookup_Cert(CYASSL_OCSP* ocsp, DecodedCert* cert)
|
||||
ocsp->status[0].serialSz = cert->serialSz;
|
||||
ocsp->statusLen = 1;
|
||||
|
||||
/*ocspReqSz = build_ocsp_request(ocsp, ocspReqBuf, ocspReqSz);*/
|
||||
ocspReqSz = EncodeOcspRequest(cert, ocspReqBuf, ocspReqSz);
|
||||
httpBufSz = build_http_request(ocsp, ocspReqSz, httpBuf, httpBufSz);
|
||||
|
||||
|
Reference in New Issue
Block a user