wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-02 04:04:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

Saved original SKID and AKID from certificate for later use with X.509 functions.

Browse Source
This commit is contained in:
John Safranek
2013-11-19 16:20:18 -08:00
parent 0fd6aed9b6
commit 4377996d87
5 changed files with 60 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
ctaocrypt/src/asn.c
View File

@@ -1314,6 +1314,10 @@ void InitDecodedCert(DecodedCert* cert, byte* source, word32 inSz, void* heap)
cert->extKeyUsageSet = 0; cert->extKeyUsageSet = 0;
cert->extKeyUsageCrit = 0; cert->extKeyUsageCrit = 0;
cert->extKeyUsage = 0; cert->extKeyUsage = 0;
cert->extAuthKeyIdSrc = NULL;
cert->extAuthKeyIdSz = 0;
cert->extSubjKeyIdSrc = NULL;
cert->extSubjKeyIdSz = 0;
#ifdef HAVE_ECC #ifdef HAVE_ECC
cert->pkCurveOID = 0; cert->pkCurveOID = 0;
#endif /* HAVE_ECC */ #endif /* HAVE_ECC */
@@ -3077,6 +3081,11 @@ static void DecodeAuthKeyId(byte* input, int sz, DecodedCert* cert)
return; return;
} }
#ifdef OPENSSL_EXTRA
cert->extAuthKeyIdSrc = &input[idx];
cert->extAuthKeyIdSz = length;
#endif /* OPENSSL_EXTRA */
if (length == SHA_SIZE) { if (length == SHA_SIZE) {
XMEMCPY(cert->extAuthKeyId, input + idx, length); XMEMCPY(cert->extAuthKeyId, input + idx, length);
} }
@@ -3108,6 +3117,11 @@ static void DecodeSubjKeyId(byte* input, int sz, DecodedCert* cert)
return; return;
} }
#ifdef OPENSSL_EXTRA
cert->extSubjKeyIdSrc = &input[idx];
cert->extSubjKeyIdSz = length;
#endif /* OPENSSL_EXTRA */
if (length == SIGNER_DIGEST_SIZE) { if (length == SIGNER_DIGEST_SIZE) {
XMEMCPY(cert->extSubjKeyId, input + idx, length); XMEMCPY(cert->extSubjKeyId, input + idx, length);
} }
@@ -3420,7 +3434,6 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
InitSha(&sha); InitSha(&sha);
ShaUpdate(&sha, cert->publicKey, cert->pubKeySize); ShaUpdate(&sha, cert->publicKey, cert->pubKeySize);
ShaFinal(&sha, cert->extSubjKeyId); ShaFinal(&sha, cert->extSubjKeyId);
cert->extSubjKeyIdSet = 1;
} }
#endif #endif

4
cyassl/ctaocrypt/asn.h
View File

@@ -323,6 +323,10 @@ struct DecodedCert {
byte extKeyUsageSet; byte extKeyUsageSet;
byte extKeyUsageCrit; byte extKeyUsageCrit;
word16 extKeyUsage; /* Key usage bitfield */ word16 extKeyUsage; /* Key usage bitfield */
byte* extAuthKeyIdSrc;
word32 extAuthKeyIdSz;
byte* extSubjKeyIdSrc;
word32 extSubjKeyIdSz;
#ifdef HAVE_ECC #ifdef HAVE_ECC
word32 pkCurveOID; /* Public Key's curve OID */ word32 pkCurveOID; /* Public Key's curve OID */
#endif /* HAVE_ECC */ #endif /* HAVE_ECC */

6
cyassl/internal.h
View File

@@ -1692,10 +1692,12 @@ struct CYASSL_X509 {
byte subjAltNameCrit; byte subjAltNameCrit;
byte authKeyIdSet; byte authKeyIdSet;
byte authKeyIdCrit; byte authKeyIdCrit;
byte authKeyId[SHA_SIZE]; byte* authKeyId;
word32 authKeyIdSz;
byte subjKeyIdSet; byte subjKeyIdSet;
byte subjKeyIdCrit; byte subjKeyIdCrit;
byte subjKeyId[SHA_SIZE]; byte* subjKeyId;
word32 subjKeyIdSz;
byte keyUsageSet; byte keyUsageSet;
byte keyUsageCrit; byte keyUsageCrit;
#endif /* OPENSSL_EXTRA */ #endif /* OPENSSL_EXTRA */

32
src/internal.c
View File

@@ -1281,10 +1281,12 @@ void InitX509(CYASSL_X509* x509, int dynamicFlag)
x509->subjAltNameCrit = 0; x509->subjAltNameCrit = 0;
x509->authKeyIdSet = 0; x509->authKeyIdSet = 0;
x509->authKeyIdCrit = 0; x509->authKeyIdCrit = 0;
XMEMSET(x509->authKeyId, 0, SHA_SIZE); x509->authKeyId = NULL;
x509->authKeyIdSz = 0;
x509->subjKeyIdSet = 0; x509->subjKeyIdSet = 0;
x509->subjKeyIdCrit = 0; x509->subjKeyIdCrit = 0;
XMEMSET(x509->subjKeyId, 0, SHA_SIZE); x509->subjKeyId = NULL;
x509->subjKeyIdSz = 0;
x509->keyUsageSet = 0; x509->keyUsageSet = 0;
x509->keyUsageCrit = 0; x509->keyUsageCrit = 0;
x509->keyUsage = 0; x509->keyUsage = 0;
@@ -1311,6 +1313,10 @@ void FreeX509(CYASSL_X509* x509)
XFREE(x509->pubKey.buffer, NULL, DYNAMIC_TYPE_PUBLIC_KEY); XFREE(x509->pubKey.buffer, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
XFREE(x509->derCert.buffer, NULL, DYNAMIC_TYPE_SUBJECT_CN); XFREE(x509->derCert.buffer, NULL, DYNAMIC_TYPE_SUBJECT_CN);
XFREE(x509->sig.buffer, NULL, 0); XFREE(x509->sig.buffer, NULL, 0);
#ifdef OPENSSL_EXTRA
XFREE(x509->authKeyId, NULL, 0);
XFREE(x509->subjKeyId, NULL, 0);
#endif /* OPENSSL_EXTRA */
if (x509->altNames) if (x509->altNames)
FreeAltNames(x509->altNames, NULL); FreeAltNames(x509->altNames, NULL);
if (x509->dynamicMemory) if (x509->dynamicMemory)
@@ -3193,10 +3199,28 @@ int CopyDecodedToX509(CYASSL_X509* x509, DecodedCert* dCert)
x509->subjAltNameCrit = dCert->extSubjAltNameCrit; x509->subjAltNameCrit = dCert->extSubjAltNameCrit;
x509->authKeyIdSet = dCert->extAuthKeyIdSet; x509->authKeyIdSet = dCert->extAuthKeyIdSet;
x509->authKeyIdCrit = dCert->extAuthKeyIdCrit; x509->authKeyIdCrit = dCert->extAuthKeyIdCrit;
XMEMCPY(x509->authKeyId, dCert->extAuthKeyId, SHA_SIZE); if (dCert->extAuthKeyIdSrc != NULL && dCert->extAuthKeyIdSz != 0) {
x509->authKeyId = (byte*)XMALLOC(dCert->extAuthKeyIdSz, NULL, 0);
if (x509->authKeyId != NULL) {
XMEMCPY(x509->authKeyId,
dCert->extAuthKeyIdSrc, dCert->extAuthKeyIdSz);
x509->authKeyIdSz = dCert->extAuthKeyIdSz;
}
else
ret = MEMORY_E;
}
x509->subjKeyIdSet = dCert->extSubjKeyIdSet; x509->subjKeyIdSet = dCert->extSubjKeyIdSet;
x509->subjKeyIdCrit = dCert->extSubjKeyIdCrit; x509->subjKeyIdCrit = dCert->extSubjKeyIdCrit;
XMEMCPY(x509->subjKeyId, dCert->extSubjKeyId, SHA_SIZE); if (dCert->extSubjKeyIdSrc != NULL && dCert->extSubjKeyIdSz != 0) {
x509->subjKeyId = (byte*)XMALLOC(dCert->extSubjKeyIdSz, NULL, 0);
if (x509->subjKeyId != NULL) {
XMEMCPY(x509->subjKeyId,
dCert->extSubjKeyIdSrc, dCert->extSubjKeyIdSz);
x509->subjKeyIdSz = dCert->extSubjKeyIdSz;
}
else
ret = MEMORY_E;
}
x509->keyUsageSet = dCert->extKeyUsageSet; x509->keyUsageSet = dCert->extKeyUsageSet;
x509->keyUsageCrit = dCert->extKeyUsageCrit; x509->keyUsageCrit = dCert->extKeyUsageCrit;
#ifdef HAVE_ECC #ifdef HAVE_ECC

14
src/ssl.c
View File

@@ -7209,13 +7209,16 @@ int CyaSSL_set_compression(CYASSL* ssl)
CYASSL_X509* x509, byte* dst, int* dstLen) CYASSL_X509* x509, byte* dst, int* dstLen)
{ {
byte *id = NULL; byte *id = NULL;
int copySz = min(dstLen != NULL ? *dstLen : 0, SHA_SIZE); int copySz = 0;
CYASSL_ENTER("CyaSSL_X509_get_authorityKeyID"); CYASSL_ENTER("CyaSSL_X509_get_authorityKeyID");
if (x509 != NULL) { if (x509 != NULL) {
if (x509->authKeyIdSet) if (x509->authKeyIdSet) {
copySz = min(dstLen != NULL ? *dstLen : 0,
(int)x509->authKeyIdSz);
id = x509->authKeyId; id = x509->authKeyId;
}
if (dst != NULL && dstLen != NULL && id != NULL && copySz > 0) { if (dst != NULL && dstLen != NULL && id != NULL && copySz > 0) {
XMEMCPY(dst, id, copySz); XMEMCPY(dst, id, copySz);
@@ -7234,13 +7237,16 @@ int CyaSSL_set_compression(CYASSL* ssl)
CYASSL_X509* x509, byte* dst, int* dstLen) CYASSL_X509* x509, byte* dst, int* dstLen)
{ {
byte *id = NULL; byte *id = NULL;
int copySz = min(dstLen != NULL ? *dstLen : 0, SHA_SIZE); int copySz = 0;
CYASSL_ENTER("CyaSSL_X509_get_subjectKeyID"); CYASSL_ENTER("CyaSSL_X509_get_subjectKeyID");
if (x509 != NULL) { if (x509 != NULL) {
if (x509->subjKeyIdSet) if (x509->subjKeyIdSet) {
copySz = min(dstLen != NULL ? *dstLen : 0,
(int)x509->subjKeyIdSz);
id = x509->subjKeyId; id = x509->subjKeyId;
}
if (dst != NULL && dstLen != NULL && id != NULL && copySz > 0) { if (dst != NULL && dstLen != NULL && id != NULL && copySz > 0) {
XMEMCPY(dst, id, copySz); XMEMCPY(dst, id, copySz);