Copy pathlen in ASN1_OBJECT_dup() and set pathLengthSet in X509_add_ext() when adding basic constraints with a path length

This commit is contained in:
Chris Conlon
2026-03-10 10:20:02 -06:00
parent 3540d89c0d
commit 354691d24a
4 changed files with 43 additions and 1 deletions
+9 -1
View File
@@ -2026,9 +2026,17 @@ WOLFSSL_ASN1_OBJECT* wolfSSL_ASN1_OBJECT_dup(WOLFSSL_ASN1_OBJECT* obj)
dupl->objSz = obj->objSz;
#ifdef OPENSSL_EXTRA
dupl->ca = obj->ca;
if (obj->pathlen != NULL) {
dupl->pathlen = wolfSSL_ASN1_INTEGER_dup(obj->pathlen);
if (dupl->pathlen == NULL) {
WOLFSSL_MSG("ASN1 pathlen alloc error");
wolfSSL_ASN1_OBJECT_free(dupl);
dupl = NULL;
}
}
#endif
/* Check for encoding. */
if (obj->obj) {
if (dupl != NULL && obj->obj) {
/* Allocate memory for ASN.1 OBJECT_ID DER encoding. */
dupl->obj = (const unsigned char*)XMALLOC(obj->objSz, NULL,
DYNAMIC_TYPE_ASN1);
+1
View File
@@ -1357,6 +1357,7 @@ int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext,
if (ext->obj->pathlen) {
x509->pathLength = (word32)ext->obj->pathlen->length;
x509->basicConstPlSet = 1;
x509->pathLengthSet = 1;
}
x509->basicConstSet = 1;
}
+31
View File
@@ -870,6 +870,37 @@ int test_wolfSSL_ASN1_OBJECT(void)
s.objSz = sizeof(der);
ExpectNotNull(a = wolfSSL_ASN1_OBJECT_dup(&s));
ASN1_OBJECT_free(a);
a = NULL;
ASN1_OBJECT_free(&s);
/* Test dup copies pathlen when set */
XMEMSET(&s, 0, sizeof(ASN1_OBJECT));
s.type = NID_basic_constraints;
s.ca = 1;
s.pathlen = wolfSSL_ASN1_INTEGER_new();
ExpectNotNull(s.pathlen);
if (s.pathlen != NULL) {
s.pathlen->length = 5;
}
ExpectNotNull(a = wolfSSL_ASN1_OBJECT_dup(&s));
if (a != NULL) {
ExpectIntEQ(a->ca, 1);
ExpectNotNull(a->pathlen);
if (a->pathlen != NULL) {
ExpectIntEQ(a->pathlen->length, 5);
}
}
ASN1_OBJECT_free(a);
a = NULL;
/* Test dup with NULL pathlen leaves it NULL */
wolfSSL_ASN1_INTEGER_free(s.pathlen);
s.pathlen = NULL;
ExpectNotNull(a = wolfSSL_ASN1_OBJECT_dup(&s));
if (a != NULL) {
ExpectNull(a->pathlen);
}
ASN1_OBJECT_free(a);
ASN1_OBJECT_free(&s);
#endif /* OPENSSL_EXTRA */
return EXPECT_RESULT();
+2
View File
@@ -282,6 +282,7 @@ static int test_X509_add_basic_constraints(WOLFSSL_X509* x509)
ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS);
ExpectIntEQ(x509->isCa, 0);
ExpectIntEQ(x509->pathLength, 2);
ExpectIntEQ(x509->pathLengthSet, 1);
if (ext != NULL && ext->obj != NULL) {
/* Add second time to without path length. */
ext->obj->ca = 1;
@@ -290,6 +291,7 @@ static int test_X509_add_basic_constraints(WOLFSSL_X509* x509)
ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS);
ExpectIntEQ(x509->isCa, 1);
ExpectIntEQ(x509->pathLength, 2);
ExpectIntEQ(x509->pathLengthSet, 1);
ExpectIntEQ(wolfSSL_X509_get_isSet_pathLength(NULL), 0);
ExpectIntEQ(wolfSSL_X509_get_isSet_pathLength(x509), 1);
ExpectIntEQ(wolfSSL_X509_get_pathLength(NULL), 0);