forked from wolfSSL/wolfssl
flattens the serial number
This commit is contained in:
John Safranek
@ -4113,48 +4113,57 @@ int OcspResponseDecode(OcspResponse* resp)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
static int SetInt(const byte* input, word32 inputSz, byte* output)
|
static int SetSerialNumber(const byte* sn, word32 snSz, byte* output)
|
||||||
{
|
{
|
||||||
return 0;
|
int result = 0;
|
||||||
|
|
||||||
|
if (snSz <= EXTERNAL_SERIAL_SIZE) {
|
||||||
|
output[0] = ASN_INTEGER;
|
||||||
|
output[1] = snSz;
|
||||||
|
output[2] = 0;
|
||||||
|
XMEMCPY(&output[3], sn, snSz);
|
||||||
|
result = snSz + 3;
|
||||||
|
}
|
||||||
|
return result;
|
||||||
}
|
}
|
||||||
#define MAX_INT_SZ 32
|
|
||||||
|
|
||||||
int EncodeOcspRequest(DecodedCert* cert, byte* output, word32 outputSz)
|
int EncodeOcspRequest(DecodedCert* cert, byte* output, word32 outputSz)
|
||||||
{
|
{
|
||||||
byte seqArray[5][MAX_SEQ_SZ];
|
byte seqArray[5][MAX_SEQ_SZ];
|
||||||
/* The ASN.1 of the OCSP Request is an onion of sequences */
|
/* The ASN.1 of the OCSP Request is an onion of sequences */
|
||||||
byte algoArray[MAX_ALGO_SZ];
|
byte algoArray[MAX_ALGO_SZ];
|
||||||
byte issuerArray[MAX_ENCODED_DIG_SZ];
|
byte issuerArray[MAX_ENCODED_DIG_SZ];
|
||||||
byte issuerKeyArray[MAX_ENCODED_DIG_SZ];
|
byte issuerKeyArray[MAX_ENCODED_DIG_SZ];
|
||||||
byte snArray[MAX_INT_SZ];
|
byte snArray[MAX_SN_SZ];
|
||||||
|
|
||||||
word32 seqSz[5], algoSz, issuerSz, issuerKeySz, snSz, totalSz;
|
word32 seqSz[5], algoSz, issuerSz, issuerKeySz, snSz, totalSz;
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
algoSz = SetAlgoID(SHAh, algoArray, hashType);
|
algoSz = SetAlgoID(SHAh, algoArray, hashType);
|
||||||
issuerSz = SetDigest(cert->issuerHash, SHA_SIZE, issuerArray);
|
issuerSz = SetDigest(cert->issuerHash, SHA_SIZE, issuerArray);
|
||||||
issuerKeySz = SetDigest(cert->issuerKeyHash, SHA_SIZE, issuerKeyArray);
|
issuerKeySz = SetDigest(cert->issuerKeyHash, SHA_SIZE, issuerKeyArray);
|
||||||
snSz = SetInt(cert->serial, cert->serialSz, snArray);
|
snSz = SetSerialNumber(cert->serial, cert->serialSz, snArray);
|
||||||
|
|
||||||
totalSz = algoSz + issuerSz + issuerKeySz + snSz;
|
totalSz = algoSz + issuerSz + issuerKeySz + snSz;
|
||||||
|
|
||||||
for (i = 4; i >= 0; i--) {
|
for (i = 4; i >= 0; i--) {
|
||||||
seqSz[i] = SetSequence(totalSz, seqArray[i]);
|
seqSz[i] = SetSequence(totalSz, seqArray[i]);
|
||||||
totalSz += seqSz[i];
|
totalSz += seqSz[i];
|
||||||
}
|
}
|
||||||
totalSz = 0;
|
totalSz = 0;
|
||||||
for (i = 0; i < 5; i++) {
|
for (i = 0; i < 5; i++) {
|
||||||
XMEMCPY(output + totalSz, seqArray[i], seqSz[i]);
|
XMEMCPY(output + totalSz, seqArray[i], seqSz[i]);
|
||||||
totalSz += seqSz[i];
|
totalSz += seqSz[i];
|
||||||
}
|
}
|
||||||
XMEMCPY(output + totalSz, algoArray, algoSz);
|
XMEMCPY(output + totalSz, algoArray, algoSz);
|
||||||
totalSz += algoSz;
|
totalSz += algoSz;
|
||||||
XMEMCPY(output + totalSz, issuerArray, issuerSz);
|
XMEMCPY(output + totalSz, issuerArray, issuerSz);
|
||||||
totalSz += issuerSz;
|
totalSz += issuerSz;
|
||||||
XMEMCPY(output + totalSz, issuerKeyArray, issuerKeySz);
|
XMEMCPY(output + totalSz, issuerKeyArray, issuerKeySz);
|
||||||
totalSz += issuerKeySz;
|
totalSz += issuerKeySz;
|
||||||
XMEMCPY(output + totalSz, snArray, snSz);
|
XMEMCPY(output + totalSz, snArray, snSz);
|
||||||
totalSz += snSz;
|
totalSz += snSz;
|
||||||
|
|
||||||
return totalSz;
|
return totalSz;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -127,6 +127,7 @@ enum Misc_ASN {
|
|||||||
MAX_LENGTH_SZ = 4, /* Max length size for DER encoding */
|
MAX_LENGTH_SZ = 4, /* Max length size for DER encoding */
|
||||||
MAX_RSA_E_SZ = 16, /* Max RSA public e size */
|
MAX_RSA_E_SZ = 16, /* Max RSA public e size */
|
||||||
MAX_CA_SZ = 32, /* Max encoded CA basic constraint length */
|
MAX_CA_SZ = 32, /* Max encoded CA basic constraint length */
|
||||||
|
MAX_SN_SZ = 35, /* Max encoded serial number (INT) length */
|
||||||
#ifdef CYASSL_CERT_GEN
|
#ifdef CYASSL_CERT_GEN
|
||||||
#ifdef CYASSL_ALT_NAMES
|
#ifdef CYASSL_ALT_NAMES
|
||||||
MAX_EXTENSIONS_SZ = 1 + MAX_LENGTH_SZ + CTC_MAX_ALT_SIZE,
|
MAX_EXTENSIONS_SZ = 1 + MAX_LENGTH_SZ + CTC_MAX_ALT_SIZE,
|
||||||
|
|||||||
@ -202,7 +202,7 @@ static int build_http_request(CYASSL_OCSP* ocsp, int ocspReqSz,
|
|||||||
ocsp->overridePath, ocsp->overrideName, ocspReqSz);
|
ocsp->overridePath, ocsp->overrideName, ocspReqSz);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if 0
|
||||||
static const char foo[] = \
|
static const char foo[] = \
|
||||||
"\x30\x81\xB7\x30\x81\xB4\x30\x81\x8C\x30\x44\x30\x42\x30\x09\x06\x05\x2B\x0E\x03" \
|
"\x30\x81\xB7\x30\x81\xB4\x30\x81\x8C\x30\x44\x30\x42\x30\x09\x06\x05\x2B\x0E\x03" \
|
||||||
"\x02\x1A\x05\x00\x04\x14\x49\x2D\x52\x83\x4B\x40\x37\xF5\xA9\x9E\x26\xA2\x3E\x48" \
|
"\x02\x1A\x05\x00\x04\x14\x49\x2D\x52\x83\x4B\x40\x37\xF5\xA9\x9E\x26\xA2\x3E\x48" \
|
||||||
@ -221,7 +221,7 @@ static int build_ocsp_request(CYASSL_OCSP* ocsp, byte* buf, int bufSz)
|
|||||||
memcpy(buf, foo, sizeof(foo));
|
memcpy(buf, foo, sizeof(foo));
|
||||||
return sizeof(foo) - 1;
|
return sizeof(foo) - 1;
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
static byte* decode_http_response(byte* httpBuf, int httpBufSz, int* ocspRespSz)
|
static byte* decode_http_response(byte* httpBuf, int httpBufSz, int* ocspRespSz)
|
||||||
{
|
{
|
||||||
@ -311,6 +311,7 @@ int CyaSSL_OCSP_Lookup_Cert(CYASSL_OCSP* ocsp, DecodedCert* cert)
|
|||||||
ocsp->status[0].serialSz = cert->serialSz;
|
ocsp->status[0].serialSz = cert->serialSz;
|
||||||
ocsp->statusLen = 1;
|
ocsp->statusLen = 1;
|
||||||
|
|
||||||
|
/*ocspReqSz = build_ocsp_request(ocsp, ocspReqBuf, ocspReqSz);*/
|
||||||
ocspReqSz = EncodeOcspRequest(cert, ocspReqBuf, ocspReqSz);
|
ocspReqSz = EncodeOcspRequest(cert, ocspReqBuf, ocspReqSz);
|
||||||
httpBufSz = build_http_request(ocsp, ocspReqSz, httpBuf, httpBufSz);
|
httpBufSz = build_http_request(ocsp, ocspReqSz, httpBuf, httpBufSz);
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user