wolfSSL_X509V3_EXT_i2d cont.

2025-07-30 02:37:28 +02:00 · 2020-06-25 16:10:45 +02:00
parent dfee8d0346
commit 229c5e9563
3 changed files with 103 additions and 27 deletions
--- a/src/ssl.c
+++ b/src/ssl.c
@ -9268,6 +9268,12 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c,

        case AUTH_KEY_OID:
            if (x509->authKeyIdSet) {
+                WOLFSSL_AUTHORITY_KEYID* akey = wolfSSL_AUTHORITY_KEYID_new();
+                if (!akey) {
+                    WOLFSSL_MSG("Issue creating WOLFSSL_AUTHORITY_KEYID struct");
+                    return NULL;
+                }
+
                if (c != NULL) {
                    *c = x509->authKeyIdCrit;
                }
@ -9282,6 +9288,8 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c,
                obj->objSz = x509->authKeyIdSz;
                obj->dynamic |= WOLFSSL_ASN1_DYNAMIC;
                obj->dynamic &= ~WOLFSSL_ASN1_DYNAMIC_DATA;
+                akey->issuer = obj;
+                return akey;
            }
            else {
                WOLFSSL_MSG("No Auth Key set");
@ -9391,33 +9399,32 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c,
        }
        case KEY_USAGE_OID:
        {
-            WOLFSSL_ASN1_BIT_STRING* bit_str = NULL;
+            WOLFSSL_ASN1_STRING* asn1str = NULL;
            if (x509->keyUsageSet) {
                if (c != NULL) {
                    *c = x509->keyUsageCrit;
                }

-                bit_str = wolfSSL_ASN1_BIT_STRING_new();
-                if (bit_str == NULL) {
-                    WOLFSSL_MSG("Issue creating WOLFSSL_ASN1_BIT_STRING struct");
+                asn1str = wolfSSL_ASN1_STRING_new();
+                if (asn1str == NULL) {
+                    WOLFSSL_MSG("Failed to malloc ASN1_STRING");
                    return NULL;
                }

-                bit_str->type = KEY_USAGE_OID;
-                bit_str->flags = 0;
-                bit_str->length = sizeof(word16);
-                bit_str->data = (byte*)XMALLOC(bit_str->length, NULL, DYNAMIC_TYPE_OPENSSL);
-                if (bit_str->data == NULL) {
-                    wolfSSL_ASN1_BIT_STRING_free(bit_str);
+                if (wolfSSL_ASN1_STRING_set(asn1str, &x509->keyUsage,
+                        sizeof(word16)) != WOLFSSL_SUCCESS) {
+                    WOLFSSL_MSG("wolfSSL_ASN1_STRING_set error");
+                    wolfSSL_ASN1_STRING_free(asn1str);
                    return NULL;
                }
-                XMEMCPY(bit_str->data, &x509->keyUsage, bit_str->length);
+
+                asn1str->type = KEY_USAGE_OID;
            }
            else {
                WOLFSSL_MSG("No Key Usage set");
            }
            /* don't add stack of and return bit string directly */
-            return bit_str;
+            return asn1str;
        }
        case INHIBIT_ANY_OID:
            WOLFSSL_MSG("INHIBIT ANY extension not supported");
@ -9703,14 +9710,53 @@ WOLFSSL_X509_EXTENSION *wolfSSL_X509V3_EXT_i2d(int nid, int crit,
        break;
    }
    case NID_basic_constraints:
-        // WOLFSSL_BASIC_CONSTRAINTS
-        break;
-    case NID_inhibit_any_policy:
-        // ASN1_INTEGER
+    {
+        /* WOLFSSL_BASIC_CONSTRAINTS */
+        WOLFSSL_BASIC_CONSTRAINTS* bc = data;
+
+        if (!(ext->obj = wolfSSL_ASN1_OBJECT_new())) {
+            WOLFSSL_MSG("wolfSSL_ASN1_OBJECT_new failed");
+            goto err_cleanup;
+        }
+
+        ext->obj->ca = bc->ca;
+        if (bc->pathlen) {
+            ext->obj->pathlen = wolfSSL_ASN1_INTEGER_dup(bc->pathlen);
+            if (!ext->obj->pathlen) {
+                WOLFSSL_MSG("wolfSSL_ASN1_INTEGER_dup failed");
+                goto err_cleanup;
+            }
+        }
        break;
+    }
    case NID_authority_key_identifier:
-        // AUTHORITY_KEYID
+    {
+        /* AUTHORITY_KEYID */
+        WOLFSSL_AUTHORITY_KEYID* akey = data;
+
+        if (akey->keyid) {
+            if (wolfSSL_ASN1_STRING_set(&ext->value, akey->keyid->data,
+                                    akey->keyid->length) != WOLFSSL_SUCCESS) {
+                WOLFSSL_MSG("wolfSSL_ASN1_STRING_set failed");
+                goto err_cleanup;
+            }
+            ext->value.type = akey->keyid->type;
+        }
+        else if (akey->issuer) {
+            ext->obj = wolfSSL_ASN1_OBJECT_dup(akey->issuer);
+            if (!ext->obj) {
+                WOLFSSL_MSG("wolfSSL_ASN1_OBJECT_dup failed");
+                goto err_cleanup;
+            }
+        }
+        else {
+            WOLFSSL_MSG("NID_authority_key_identifier empty data");
+            goto err_cleanup;
+        }
        break;
+    }
+    case NID_inhibit_any_policy:
+        /* ASN1_INTEGER */
    case NID_certificate_policies:
        /* STACK_OF(POLICYINFO) */
    case NID_policy_mappings:
@ -19256,7 +19302,7 @@ WOLFSSL_ASN1_OBJECT* wolfSSL_ASN1_OBJECT_dup(WOLFSSL_ASN1_OBJECT* obj)
            wolfSSL_ASN1_OBJECT_free(dup);
            return NULL;
        }
-        XMEMCPY(dup->obj, obj->obj, obj->objSz);
+        XMEMCPY((byte*)dup->obj, obj->obj, obj->objSz);
        dup->dynamic = 1;
    }
    return dup;
@ -27372,6 +27418,18 @@ void wolfSSL_BASIC_CONSTRAINTS_free(WOLFSSL_BASIC_CONSTRAINTS *bc)
    XFREE(bc, NULL, DYNAMIC_TYPE_OPENSSL);
 }

+WOLFSSL_AUTHORITY_KEYID* wolfSSL_AUTHORITY_KEYID_new(void)
+{
+    WOLFSSL_AUTHORITY_KEYID* akey = (WOLFSSL_AUTHORITY_KEYID*)XMALLOC(
+          sizeof(WOLFSSL_AUTHORITY_KEYID), NULL, DYNAMIC_TYPE_OPENSSL);
+    if (!akey) {
+        WOLFSSL_MSG("Issue creating WOLFSSL_AUTHORITY_KEYID struct");
+        return NULL;
+    }
+    XMEMSET(akey, 0, sizeof(WOLFSSL_AUTHORITY_KEYID));
+    return akey;
+}
+
 /* frees the wolfSSL_AUTHORITY_KEYID object */
 void wolfSSL_AUTHORITY_KEYID_free(WOLFSSL_AUTHORITY_KEYID *id)
 {
--- a/tests/api.c
+++ b/tests/api.c
@ -23305,7 +23305,8 @@ static void test_wolfSSL_certs(void)
    WOLFSSL*     ssl;
    WOLFSSL_CTX* ctx;
    STACK_OF(ASN1_OBJECT)* sk;
-    ASN1_BIT_STRING* bit_str;
+    ASN1_STRING* asn1_str;
+    AUTHORITY_KEYID* akey;
    int crit;

    printf(testingFmt, "wolfSSL_certs()");
@ -23373,14 +23374,24 @@ static void test_wolfSSL_certs(void)
    sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_basic_constraints,
            &crit, NULL);
    AssertNotNull(sk);
+#ifdef OPENSSL_ALL
+    ext = X509V3_EXT_i2d(NID_basic_constraints, crit, sk);
+    AssertNotNull(ext);
+    X509_EXTENSION_free(ext);
+#endif
    AssertIntEQ(crit, 0);
    sk_ASN1_OBJECT_free(sk);

-    bit_str = (ASN1_BIT_STRING*)X509_get_ext_d2i(x509ext, NID_key_usage, &crit, NULL);
-    AssertNotNull(bit_str);
+    asn1_str = (ASN1_STRING*)X509_get_ext_d2i(x509ext, NID_key_usage, &crit, NULL);
+    AssertNotNull(asn1_str);
    AssertIntEQ(crit, 1);
-    AssertIntEQ(bit_str->type, NID_key_usage);
-    ASN1_BIT_STRING_free(bit_str);
+    AssertIntEQ(asn1_str->type, NID_key_usage);
+#ifdef OPENSSL_ALL
+    ext = X509V3_EXT_i2d(NID_key_usage, crit, asn1_str);
+    AssertNotNull(ext);
+    X509_EXTENSION_free(ext);
+#endif
+    ASN1_STRING_free(asn1_str);

 #ifdef OPENSSL_ALL
    sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_ext_key_usage,
@ -23388,6 +23399,7 @@ static void test_wolfSSL_certs(void)
    AssertNotNull(sk);
    ext = X509V3_EXT_i2d(NID_ext_key_usage, crit, sk);
    AssertNotNull(ext);
+    X509_EXTENSION_free(ext);
    sk_ASN1_OBJECT_free(sk);
 #else
    sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_ext_key_usage,
@ -23395,9 +23407,15 @@ static void test_wolfSSL_certs(void)
    AssertNull(sk);
 #endif

-    sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext,
+    akey = (AUTHORITY_KEYID*)X509_get_ext_d2i(x509ext,
            NID_authority_key_identifier, &crit, NULL);
-    AssertNotNull(sk);
+    AssertNotNull(akey);
+#ifdef OPENSSL_ALL
+    ext = X509V3_EXT_i2d(NID_authority_key_identifier, crit, akey);
+    AssertNotNull(ext);
+    wolfSSL_AUTHORITY_KEYID_free(akey);
+    X509_EXTENSION_free(ext);
+#endif
    sk_ASN1_OBJECT_free(sk);

    sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext,
@ -23478,7 +23496,6 @@ static void test_wolfSSL_certs(void)

    AssertIntEQ(SSL_get_hit(ssl), 0);
 #ifdef OPENSSL_ALL
-    X509_EXTENSION_free(ext);
    X509_free(x509);
 #endif
    X509_free(x509ext);
@ -31375,7 +31392,7 @@ static void test_wolfSSL_X509V3_EXT(void) {
 #endif
    AssertIntEQ(actual, expected);
    wolfSSL_ASN1_STRING_free(asn1str);
-#if 0
+#if 1
    i++;

    /* Authority Info Access */
--- a/wolfssl/openssl/x509v3.h
+++ b/wolfssl/openssl/x509v3.h
@ -89,6 +89,7 @@ typedef struct WOLFSSL_ACCESS_DESCRIPTION ACCESS_DESCRIPTION;
 typedef WOLF_STACK_OF(WOLFSSL_ACCESS_DESCRIPTION) WOLFSSL_AUTHORITY_INFO_ACCESS;

 WOLFSSL_API void wolfSSL_BASIC_CONSTRAINTS_free(WOLFSSL_BASIC_CONSTRAINTS *bc);
+WOLFSSL_API WOLFSSL_AUTHORITY_KEYID* wolfSSL_AUTHORITY_KEYID_new(void);
 WOLFSSL_API void wolfSSL_AUTHORITY_KEYID_free(WOLFSSL_AUTHORITY_KEYID *id);
 WOLFSSL_API const WOLFSSL_v3_ext_method* wolfSSL_X509V3_EXT_get(
                                                    WOLFSSL_X509_EXTENSION* ex);