wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-01 11:44:38 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #7730 from anhu/unknownExtCallbackEx

Browse Source 
Extend the unknown extension callback.
This commit is contained in:
Sean Parkinson
2024-07-24 08:37:44 +10:00
committed by GitHub
parent 140abe6c72 f84ea01f72
commit a34ea32f52
6 changed files with 79 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/ssl.c
View File

@@ -5358,6 +5358,14 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
#endif #endif
InitDecodedCert(cert, der->buffer, der->length, cm->heap); InitDecodedCert(cert, der->buffer, der->length, cm->heap);
#if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) && \
defined(HAVE_OID_DECODING)
if (cm->unknownExtCallback != NULL) {
wc_SetUnknownExtCallback(cert, cm->unknownExtCallback);
}
#endif
ret = ParseCert(cert, CA_TYPE, verify, cm); ret = ParseCert(cert, CA_TYPE, verify, cm);
WOLFSSL_MSG("\tParsed new CA"); WOLFSSL_MSG("\tParsed new CA");

2
tests/api.c
View File

@@ -1258,7 +1258,7 @@ static int myUnknownExtCallback(const word16* oid, word32 oidSz, int crit,
extCount ++; extCount ++;
/* Accept all extensions. This is only a test. Normally we would be much more /* Accept all extensions. This is only a test. Normally we would be much more
* careful about critical extensions. */ * careful about critical extensions. */
return 1; return 0;
} }
static int test_dual_alg_support(void) static int test_dual_alg_support(void)

29
wolfcrypt/src/asn.c
View File

@@ -21410,6 +21410,17 @@ int wc_SetUnknownExtCallback(DecodedCert* cert,
cert->unknownExtCallback = cb; cert->unknownExtCallback = cb;
return 0; return 0;
} }
int wc_SetUnknownExtCallbackEx(DecodedCert* cert,
wc_UnknownExtCallbackEx cb, void *ctx) {
if (cert == NULL) {
return BAD_FUNC_ARG;
}
cert->unknownExtCallbackEx = cb;
cert->unknownExtCallbackExCtx = ctx;
return 0;
}
#endif #endif
/* /*
@@ -21565,7 +21576,8 @@ end:
ret = DecodeExtensionType(input + idx, length, oid, critical, cert, ret = DecodeExtensionType(input + idx, length, oid, critical, cert,
&isUnknownExt); &isUnknownExt);
#if defined(WOLFSSL_CUSTOM_OID) && defined(HAVE_OID_DECODING) #if defined(WOLFSSL_CUSTOM_OID) && defined(HAVE_OID_DECODING)
if (isUnknownExt && (cert->unknownExtCallback != NULL)) { if (isUnknownExt && (cert->unknownExtCallback != NULL ||
cert->unknownExtCallbackEx != NULL)) {
word16 decOid[MAX_OID_SZ]; word16 decOid[MAX_OID_SZ];
word32 decOidSz = sizeof(decOid); word32 decOidSz = sizeof(decOid);
ret = DecodeObjectId( ret = DecodeObjectId(
@@ -21579,9 +21591,18 @@ end:
WOLFSSL_ERROR(ret); WOLFSSL_ERROR(ret);
} }
ret = cert->unknownExtCallback(decOid, decOidSz, critical, if ((ret == 0) && (cert->unknownExtCallback != NULL)) {
dataASN[CERTEXTASN_IDX_VAL].data.buffer.data, ret = cert->unknownExtCallback(decOid, decOidSz, critical,
dataASN[CERTEXTASN_IDX_VAL].length); dataASN[CERTEXTASN_IDX_VAL].data.buffer.data,
dataASN[CERTEXTASN_IDX_VAL].length);
}
if ((ret == 0) && (cert->unknownExtCallbackEx != NULL)) {
ret = cert->unknownExtCallbackEx(decOid, decOidSz, critical,
dataASN[CERTEXTASN_IDX_VAL].data.buffer.data,
dataASN[CERTEXTASN_IDX_VAL].length,
cert->unknownExtCallbackExCtx);
}
} }
#endif #endif
(void)isUnknownExt; (void)isUnknownExt;

27
wolfcrypt/src/pkcs7.c
View File

@@ -830,6 +830,15 @@ int wc_PKCS7_Init(PKCS7* pkcs7, void* heap, int devId)
return 0; return 0;
} }
#if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \
&& defined(HAVE_OID_DECODING)
void wc_PKCS7_SetUnknownExtCallback(PKCS7* pkcs7, wc_UnknownExtCallback cb)
{
if (pkcs7 != NULL) {
pkcs7->unknownExtCallback = cb;
}
}
#endif
/* Certificate structure holding der pointer, size, and pointer to next /* Certificate structure holding der pointer, size, and pointer to next
* Pkcs7Cert struct. Used when creating SignedData types with multiple * Pkcs7Cert struct. Used when creating SignedData types with multiple
@@ -1074,6 +1083,10 @@ int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* derCert, word32 derCertSz)
int devId; int devId;
Pkcs7Cert* cert; Pkcs7Cert* cert;
Pkcs7Cert* lastCert; Pkcs7Cert* lastCert;
#if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \
&& defined(HAVE_OID_DECODING)
wc_UnknownExtCallback cb;
#endif
if (pkcs7 == NULL || (derCert == NULL && derCertSz != 0)) { if (pkcs7 == NULL || (derCert == NULL && derCertSz != 0)) {
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
@@ -1082,9 +1095,18 @@ int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* derCert, word32 derCertSz)
heap = pkcs7->heap; heap = pkcs7->heap;
devId = pkcs7->devId; devId = pkcs7->devId;
cert = pkcs7->certList; cert = pkcs7->certList;
#if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \
&& defined(HAVE_OID_DECODING)
cb = pkcs7->unknownExtCallback;
#endif
ret = wc_PKCS7_Init(pkcs7, heap, devId); ret = wc_PKCS7_Init(pkcs7, heap, devId);
if (ret != 0) if (ret != 0)
return ret; return ret;
#if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \
&& defined(HAVE_OID_DECODING)
pkcs7->unknownExtCallback = cb;
#endif
pkcs7->certList = cert; pkcs7->certList = cert;
if (derCert != NULL && derCertSz > 0) { if (derCert != NULL && derCertSz > 0) {
@@ -1133,6 +1155,11 @@ int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* derCert, word32 derCertSz)
} }
InitDecodedCert(dCert, derCert, derCertSz, pkcs7->heap); InitDecodedCert(dCert, derCert, derCertSz, pkcs7->heap);
#if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \
&& defined(HAVE_OID_DECODING)
if (pkcs7->unknownExtCallback != NULL)
wc_SetUnknownExtCallback(dCert, pkcs7->unknownExtCallback);
#endif
ret = ParseCert(dCert, CA_TYPE, NO_VERIFY, 0); ret = ParseCert(dCert, CA_TYPE, NO_VERIFY, 0);
if (ret < 0) { if (ret < 0) {
FreeDecodedCert(dCert); FreeDecodedCert(dCert);

8
wolfssl/wolfcrypt/asn.h
View File

@@ -1664,6 +1664,9 @@ typedef struct CertSignCtx CertSignCtx;
&& defined(HAVE_OID_DECODING) && defined(HAVE_OID_DECODING)
typedef int (*wc_UnknownExtCallback)(const word16* oid, word32 oidSz, int crit, typedef int (*wc_UnknownExtCallback)(const word16* oid, word32 oidSz, int crit,
const unsigned char* der, word32 derSz); const unsigned char* der, word32 derSz);
typedef int (*wc_UnknownExtCallbackEx)(const word16* oid, word32 oidSz,
int crit, const unsigned char* der,
word32 derSz, void *ctx);
#endif #endif
struct DecodedCert { struct DecodedCert {
@@ -1997,6 +2000,8 @@ struct DecodedCert {
#if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \ #if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \
&& defined(HAVE_OID_DECODING) && defined(HAVE_OID_DECODING)
wc_UnknownExtCallback unknownExtCallback; wc_UnknownExtCallback unknownExtCallback;
wc_UnknownExtCallbackEx unknownExtCallbackEx;
void *unknownExtCallbackExCtx;
#endif #endif
#ifdef WOLFSSL_DUAL_ALG_CERTS #ifdef WOLFSSL_DUAL_ALG_CERTS
/* Subject Alternative Public Key Info */ /* Subject Alternative Public Key Info */
@@ -2166,6 +2171,9 @@ WOLFSSL_ASN_API int ParseCert(DecodedCert* cert, int type, int verify,
&& defined(HAVE_OID_DECODING) && defined(HAVE_OID_DECODING)
WOLFSSL_ASN_API int wc_SetUnknownExtCallback(DecodedCert* cert, WOLFSSL_ASN_API int wc_SetUnknownExtCallback(DecodedCert* cert,
wc_UnknownExtCallback cb); wc_UnknownExtCallback cb);
WOLFSSL_ASN_API int wc_SetUnknownExtCallbackEx(DecodedCert* cert,
wc_UnknownExtCallbackEx cb,
void *ctx);
#endif #endif
WOLFSSL_LOCAL int DecodePolicyOID(char *out, word32 outSz, const byte *in, WOLFSSL_LOCAL int DecodePolicyOID(char *out, word32 outSz, const byte *in,

10
wolfssl/wolfcrypt/pkcs7.h
View File

@@ -345,6 +345,11 @@ struct PKCS7 {
word32 plainDigestSz; word32 plainDigestSz;
word32 pkcs7DigestSz; word32 pkcs7DigestSz;
#if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \
&& defined(HAVE_OID_DECODING)
wc_UnknownExtCallback unknownExtCallback;
#endif
#if defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && !defined(NO_RSA) #if defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && !defined(NO_RSA)
CallbackRsaSignRawDigest rsaSignRawDigestCb; CallbackRsaSignRawDigest rsaSignRawDigestCb;
#endif #endif
@@ -358,6 +363,11 @@ struct PKCS7 {
}; };
WOLFSSL_API PKCS7* wc_PKCS7_New(void* heap, int devId); WOLFSSL_API PKCS7* wc_PKCS7_New(void* heap, int devId);
#if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \
&& defined(HAVE_OID_DECODING)
WOLFSSL_API void wc_PKCS7_SetUnknownExtCallback(PKCS7* pkcs7,
wc_UnknownExtCallback cb);
#endif
WOLFSSL_API int wc_PKCS7_Init(PKCS7* pkcs7, void* heap, int devId); WOLFSSL_API int wc_PKCS7_Init(PKCS7* pkcs7, void* heap, int devId);
WOLFSSL_API int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* der, word32 derSz); WOLFSSL_API int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* der, word32 derSz);
WOLFSSL_API int wc_PKCS7_AddCertificate(PKCS7* pkcs7, byte* der, word32 derSz); WOLFSSL_API int wc_PKCS7_AddCertificate(PKCS7* pkcs7, byte* der, word32 derSz);