forked from wolfSSL/wolfssl
Merge pull request #2077 from ejohnstown/ocsp-ecdsa
OCSP and ECDSA Signers
This commit is contained in:
Kaleb Himes
GitHub
@@ -4237,6 +4237,10 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
|
|||||||
#endif
|
#endif
|
||||||
XMEMCPY(signer->subjectNameHash, cert->subjectHash,
|
XMEMCPY(signer->subjectNameHash, cert->subjectHash,
|
||||||
SIGNER_DIGEST_SIZE);
|
SIGNER_DIGEST_SIZE);
|
||||||
|
#ifdef HAVE_OCSP
|
||||||
|
XMEMCPY(signer->subjectKeyHash, cert->subjectKeyHash,
|
||||||
|
KEYID_SIZE);
|
||||||
|
#endif
|
||||||
signer->keyUsage = cert->extKeyUsageSet ? cert->extKeyUsage
|
signer->keyUsage = cert->extKeyUsageSet ? cert->extKeyUsage
|
||||||
: 0xFFFF;
|
: 0xFFFF;
|
||||||
signer->next = NULL; /* If Key Usage not set, all uses valid. */
|
signer->next = NULL; /* If Key Usage not set, all uses valid. */
|
||||||
|
|||||||
@@ -4337,11 +4337,19 @@ static int GetKey(DecodedCert* cert)
|
|||||||
case RSAk:
|
case RSAk:
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
ret = CheckBitString(cert->source, &cert->srcIdx, NULL,
|
|
||||||
|
ret = CheckBitString(cert->source, &cert->srcIdx, &length,
|
||||||
cert->maxIdx, 1, NULL);
|
cert->maxIdx, 1, NULL);
|
||||||
if (ret != 0)
|
if (ret != 0)
|
||||||
return ret;
|
return ret;
|
||||||
|
|
||||||
|
#ifdef HAVE_OCSP
|
||||||
|
ret = CalcHashId(cert->source + cert->srcIdx, length,
|
||||||
|
cert->subjectKeyHash);
|
||||||
|
if (ret != 0)
|
||||||
|
return ret;
|
||||||
|
#endif
|
||||||
|
|
||||||
return StoreRsaKey(cert);
|
return StoreRsaKey(cert);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -4434,6 +4442,12 @@ static int GetKey(DecodedCert* cert)
|
|||||||
cert->maxIdx, 1, NULL);
|
cert->maxIdx, 1, NULL);
|
||||||
if (ret != 0)
|
if (ret != 0)
|
||||||
return ret;
|
return ret;
|
||||||
|
#ifdef HAVE_OCSP
|
||||||
|
ret = CalcHashId(cert->source + cert->srcIdx, length,
|
||||||
|
cert->subjectKeyHash);
|
||||||
|
if (ret != 0)
|
||||||
|
return ret;
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
publicKey = (byte*)XMALLOC(pubLen, cert->heap,
|
publicKey = (byte*)XMALLOC(pubLen, cert->heap,
|
||||||
@@ -4463,6 +4477,13 @@ static int GetKey(DecodedCert* cert)
|
|||||||
if (ret != 0)
|
if (ret != 0)
|
||||||
return ret;
|
return ret;
|
||||||
|
|
||||||
|
#ifdef HAVE_OCSP
|
||||||
|
ret = CalcHashId(cert->source + cert->srcIdx, length,
|
||||||
|
cert->subjectKeyHash);
|
||||||
|
if (ret != 0)
|
||||||
|
return ret;
|
||||||
|
#endif
|
||||||
|
|
||||||
publicKey = (byte*) XMALLOC(length, cert->heap,
|
publicKey = (byte*) XMALLOC(length, cert->heap,
|
||||||
DYNAMIC_TYPE_PUBLIC_KEY);
|
DYNAMIC_TYPE_PUBLIC_KEY);
|
||||||
if (publicKey == NULL)
|
if (publicKey == NULL)
|
||||||
@@ -8076,10 +8097,7 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
|
|||||||
|
|
||||||
#ifdef HAVE_OCSP
|
#ifdef HAVE_OCSP
|
||||||
/* Need the CA's public key hash for OCSP */
|
/* Need the CA's public key hash for OCSP */
|
||||||
ret = CalcHashId(cert->ca->publicKey, cert->ca->pubKeySize,
|
XMEMCPY(cert->issuerKeyHash, cert->ca->subjectKeyHash, KEYID_SIZE);
|
||||||
cert->issuerKeyHash);
|
|
||||||
if (ret != 0)
|
|
||||||
return ret;
|
|
||||||
#endif /* HAVE_OCSP */
|
#endif /* HAVE_OCSP */
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -8139,21 +8157,7 @@ Signer* MakeSigner(void* heap)
|
|||||||
Signer* signer = (Signer*) XMALLOC(sizeof(Signer), heap,
|
Signer* signer = (Signer*) XMALLOC(sizeof(Signer), heap,
|
||||||
DYNAMIC_TYPE_SIGNER);
|
DYNAMIC_TYPE_SIGNER);
|
||||||
if (signer) {
|
if (signer) {
|
||||||
signer->pubKeySize = 0;
|
XMEMSET(signer, 0, sizeof(Signer));
|
||||||
signer->keyOID = 0;
|
|
||||||
signer->publicKey = NULL;
|
|
||||||
signer->nameLen = 0;
|
|
||||||
signer->name = NULL;
|
|
||||||
#ifndef IGNORE_NAME_CONSTRAINTS
|
|
||||||
signer->permittedNames = NULL;
|
|
||||||
signer->excludedNames = NULL;
|
|
||||||
#endif /* IGNORE_NAME_CONSTRAINTS */
|
|
||||||
signer->pathLengthSet = 0;
|
|
||||||
signer->pathLength = 0;
|
|
||||||
#ifdef WOLFSSL_SIGNER_DER_CERT
|
|
||||||
signer->derCert = NULL;
|
|
||||||
#endif
|
|
||||||
signer->next = NULL;
|
|
||||||
}
|
}
|
||||||
(void)heap;
|
(void)heap;
|
||||||
|
|
||||||
|
|||||||
@@ -696,6 +696,7 @@ struct DecodedCert {
|
|||||||
byte subjectHash[KEYID_SIZE]; /* hash of all Names */
|
byte subjectHash[KEYID_SIZE]; /* hash of all Names */
|
||||||
byte issuerHash[KEYID_SIZE]; /* hash of all Names */
|
byte issuerHash[KEYID_SIZE]; /* hash of all Names */
|
||||||
#ifdef HAVE_OCSP
|
#ifdef HAVE_OCSP
|
||||||
|
byte subjectKeyHash[KEYID_SIZE]; /* hash of the public Key */
|
||||||
byte issuerKeyHash[KEYID_SIZE]; /* hash of the public Key */
|
byte issuerKeyHash[KEYID_SIZE]; /* hash of the public Key */
|
||||||
#endif /* HAVE_OCSP */
|
#endif /* HAVE_OCSP */
|
||||||
const byte* signature; /* not owned, points into raw cert */
|
const byte* signature; /* not owned, points into raw cert */
|
||||||
@@ -874,6 +875,9 @@ struct Signer {
|
|||||||
byte subjectKeyIdHash[SIGNER_DIGEST_SIZE];
|
byte subjectKeyIdHash[SIGNER_DIGEST_SIZE];
|
||||||
/* sha hash of names in certificate */
|
/* sha hash of names in certificate */
|
||||||
#endif
|
#endif
|
||||||
|
#ifdef HAVE_OCSP
|
||||||
|
byte subjectKeyHash[KEYID_SIZE];
|
||||||
|
#endif
|
||||||
#ifdef WOLFSSL_SIGNER_DER_CERT
|
#ifdef WOLFSSL_SIGNER_DER_CERT
|
||||||
DerBuffer* derCert;
|
DerBuffer* derCert;
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
Reference in New Issue
Block a user