mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-05 14:10:51 +02:00
Merge pull request #10641 from rlm2002/zd21890
Fixes for SM2/3 and FindMultiAttrib
This commit is contained in:
@@ -1495,6 +1495,58 @@ int test_DecodeAltNames_length_underflow(void)
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
||||
int test_ParseCert_SM3wSM2_short_pubkey(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
|
||||
#if !defined(NO_CERTS) && !defined(NO_ASN) && !defined(NO_SKID) && \
|
||||
defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
|
||||
/* Malformed cert: the SubjectPublicKeyInfo is an id-ecPublicKey key on the
|
||||
* sm2p256v1 curve with only a 4-byte public key body, whole SPKI is 30
|
||||
* bytes with no subjectKeyIdentifier extension and SKID derived from the
|
||||
* key. */
|
||||
static const byte sm2ShortKeyCert[] = {
|
||||
0x30, 0x81, 0xa7,
|
||||
0x30, 0x56,
|
||||
0xa0, 0x03, 0x02, 0x01, 0x02,
|
||||
0x02, 0x01, 0x01,
|
||||
0x30, 0x0a, 0x06, 0x08,
|
||||
0x2a, 0x81, 0x1c, 0xcf, 0x55, 0x01, 0x83, 0x75,
|
||||
0x30, 0x00,
|
||||
0x30, 0x1e,
|
||||
0x17, 0x0d, 0x32, 0x35, 0x31, 0x31, 0x31, 0x33,
|
||||
0x32, 0x30, 0x34, 0x31, 0x32, 0x31, 0x5a,
|
||||
0x17, 0x0d, 0x32, 0x38, 0x30, 0x38, 0x30, 0x39,
|
||||
0x32, 0x30, 0x34, 0x31, 0x32, 0x31, 0x5a,
|
||||
0x30, 0x00,
|
||||
0x30, 0x1c,
|
||||
0x30, 0x13,
|
||||
0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01,
|
||||
0x06, 0x08, 0x2a, 0x81, 0x1c, 0xcf, 0x55, 0x01, 0x82, 0x2d,
|
||||
0x03, 0x05, 0x00, 0x04, 0x11, 0x22, 0x33,
|
||||
0x30, 0x0a, 0x06, 0x08,
|
||||
0x2a, 0x81, 0x1c, 0xcf, 0x55, 0x01, 0x83, 0x75,
|
||||
0x03, 0x41, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
|
||||
};
|
||||
DecodedCert cert;
|
||||
|
||||
wc_InitDecodedCert(&cert, sm2ShortKeyCert, (word32)sizeof(sm2ShortKeyCert),
|
||||
NULL);
|
||||
ExpectIntEQ(wc_ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL),
|
||||
WC_NO_ERR_TRACE(BUFFER_E));
|
||||
wc_FreeDecodedCert(&cert);
|
||||
#endif
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
||||
int test_SerialNumber0_RootCA(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
|
||||
@@ -35,6 +35,7 @@ int test_wolfssl_local_MatchUriNameConstraint(void);
|
||||
int test_wc_DecodeRsaPssParams(void);
|
||||
int test_SerialNumber0_RootCA(void);
|
||||
int test_DecodeAltNames_length_underflow(void);
|
||||
int test_ParseCert_SM3wSM2_short_pubkey(void);
|
||||
int test_wc_DecodeObjectId(void);
|
||||
int test_ToTraditional_ex_handcrafted(void);
|
||||
int test_ToTraditional_ex_roundtrip(void);
|
||||
@@ -53,6 +54,7 @@ int test_ToTraditional_ex_mldsa_bad_params(void);
|
||||
TEST_DECL_GROUP("asn", test_wc_DecodeRsaPssParams), \
|
||||
TEST_DECL_GROUP("asn", test_SerialNumber0_RootCA), \
|
||||
TEST_DECL_GROUP("asn", test_DecodeAltNames_length_underflow), \
|
||||
TEST_DECL_GROUP("asn", test_ParseCert_SM3wSM2_short_pubkey), \
|
||||
TEST_DECL_GROUP("asn", test_wc_DecodeObjectId), \
|
||||
TEST_DECL_GROUP("asn", test_ToTraditional_ex_handcrafted), \
|
||||
TEST_DECL_GROUP("asn", test_ToTraditional_ex_roundtrip), \
|
||||
|
||||
+12
-3
@@ -23490,6 +23490,10 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm,
|
||||
if (cert->extSubjKeyIdSet == 0 && cert->publicKey != NULL &&
|
||||
cert->pubKeySize > 0) {
|
||||
if (cert->signatureOID == CTC_SM3wSM2) {
|
||||
if (cert->pubKeySize < 65) {
|
||||
WOLFSSL_ERROR_VERBOSE(BUFFER_E);
|
||||
return BUFFER_E;
|
||||
}
|
||||
/* TODO: GmSSL creates IDs this way but whole public key info
|
||||
* block should be hashed. */
|
||||
ret = CalcHashId_ex(cert->publicKey + cert->pubKeySize - 65, 65,
|
||||
@@ -27262,7 +27266,7 @@ static void SetRdnItems(ASNItem* namesASN, ASNSetData* dataASN, const byte* oid,
|
||||
static int FindMultiAttrib(CertName* name, int id, int* idx)
|
||||
{
|
||||
int i;
|
||||
for (i = *idx + 1; i < CTC_MAX_ATTRIB; i++) {
|
||||
for (i = *idx + 1; i >= 0 && i < CTC_MAX_ATTRIB; i++) {
|
||||
if (name->name[i].sz > 0 && name->name[i].id == id) {
|
||||
break;
|
||||
}
|
||||
@@ -30806,11 +30810,16 @@ static int SetAuthKeyIdFromDcert(Cert* cert, DecodedCert* decoded)
|
||||
#if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
|
||||
cert->akidSz = wc_HashGetDigestSize(wc_HashTypeConvert(HashIdAlg(
|
||||
cert->sigType)));
|
||||
if (cert->akidSz <= 0) {
|
||||
ret = HASH_TYPE_E;
|
||||
}
|
||||
#else
|
||||
cert->akidSz = KEYID_SIZE;
|
||||
#endif
|
||||
/* Put the SKID of CA to AKID of certificate */
|
||||
XMEMCPY(cert->akid, decoded->extSubjKeyId, (size_t)cert->akidSz);
|
||||
if (ret == 0) {
|
||||
/* Put the SKID of CA to AKID of certificate */
|
||||
XMEMCPY(cert->akid, decoded->extSubjKeyId, (size_t)cert->akidSz);
|
||||
}
|
||||
}
|
||||
|
||||
return ret;
|
||||
|
||||
Reference in New Issue
Block a user