wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-01 03:34:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

Gate new AKID functionality on WOLFSSL_AKID_NAME

Browse Source
This commit is contained in:
Juliusz Sosinowicz
2021-10-21 12:44:13 +02:00
parent cb79bc5c46
commit a6be157628
7 changed files with 155 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
configure.ac
View File

@@ -6795,6 +6795,7 @@ then
AM_CFLAGS="-DOPENSSL_EXTRA -DWOLFSSL_ALWAYS_VERIFY_CB $AM_CFLAGS"
AM_CFLAGS="-DWOLFSSL_VERIFY_CB_ALL_CERTS -DWOLFSSL_EXTRA_ALERTS $AM_CFLAGS"
AM_CFLAGS="-DHAVE_EXT_CACHE -DWOLFSSL_FORCE_CACHE_ON_TICKET $AM_CFLAGS"
AM_CFLAGS="-DWOLFSSL_AKID_NAME $AM_CFLAGS"
fi
if test "$ENABLED_OPENSSLEXTRA" = "x509small"

10
src/internal.c
View File

@@ -10715,6 +10715,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
x509->authKeyIdSet = dCert->extAuthKeyIdSet;
x509->authKeyIdCrit = dCert->extAuthKeyIdCrit;
if (dCert->extAuthKeyIdSrc != NULL && dCert->extAuthKeyIdSz != 0) {
#ifdef WOLFSSL_AKID_NAME
if (dCert->extRawAuthKeyIdSrc != NULL &&
dCert->extAuthKeyIdSrc > dCert->extRawAuthKeyIdSrc &&
dCert->extAuthKeyIdSrc <
@@ -10734,6 +10735,15 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
else
ret = MEMORY_E;
}
#else
x509->authKeyId = (byte*)XMALLOC(dCert->extAuthKeyIdSz, x509->heap,
DYNAMIC_TYPE_X509_EXT);
if (x509->authKeyId != NULL) {
XMEMCPY(x509->authKeyId,
dCert->extAuthKeyIdSrc, dCert->extAuthKeyIdSz);
x509->authKeyIdSz = dCert->extAuthKeyIdSz;
}
#endif
else
ret = MEMORY_E;
}

8
src/ssl.c
View File

@@ -41858,16 +41858,18 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
}
if (x509->authKeyIdSz < sizeof(cert->akid)) {
/* Not supported with WOLFSSL_ASN_TEMPLATE at the moment. */
#ifdef WOLFSSL_AKID_NAME
cert->rawAkid = 0;
if (x509->authKeyIdSrc) {
XMEMCPY(cert->akid, x509->authKeyIdSrc, x509->authKeyIdSrcSz);
cert->akidSz = (int)x509->authKeyIdSrcSz;
cert->rawAkid = 1;
}
else if (x509->authKeyId) {
else
#endif
if (x509->authKeyId) {
XMEMCPY(cert->akid, x509->authKeyId, x509->authKeyIdSz);
cert->akidSz = (int)x509->authKeyIdSz;
cert->rawAkid = 0;
}
}
else {

97
tests/api.c
View File

@@ -35680,6 +35680,7 @@ static void test_wolfSSL_X509_sign2(void)
time_t t;
const unsigned char expected[] = {
#ifdef WOLFSSL_AKID_NAME
0x30, 0x82, 0x04, 0xfd, 0x30, 0x82, 0x03, 0xe5, 0xa0, 0x03, 0x02, 0x01,
0x02, 0x02, 0x09, 0x00, 0xf1, 0x5c, 0x99, 0x43, 0x66, 0x3d, 0x96, 0x04,
0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
@@ -35787,6 +35788,100 @@ static void test_wolfSSL_X509_sign2(void)
0xec, 0xba, 0x3b, 0xa4, 0xfe, 0xa1, 0xfd, 0x26, 0x19, 0x7c, 0x2d, 0x14,
0x91, 0x91, 0x61, 0x30, 0x3e, 0xf4, 0x5c, 0x97, 0x4c, 0x06, 0x84, 0xab,
0x94, 0xa8, 0x17, 0x6c, 0xec, 0x19, 0xc0, 0x87, 0xd0
#else
0x30, 0x82, 0x04, 0x46, 0x30, 0x82, 0x03, 0x2e, 0xa0, 0x03, 0x02, 0x01,
0x02, 0x02, 0x09, 0x00, 0xf1, 0x5c, 0x99, 0x43, 0x66, 0x3d, 0x96, 0x04,
0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
0x0b, 0x05, 0x00, 0x30, 0x81, 0x94, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,
0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06,
0x03, 0x55, 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e,
0x61, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07,
0x42, 0x6f, 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x11, 0x30, 0x0f, 0x06,
0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6f, 0x6f,
0x74, 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c,
0x0a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x74, 0x69, 0x6e, 0x67, 0x31,
0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x77,
0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f,
0x6d, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77,
0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e,
0x17, 0x0d, 0x30, 0x30, 0x30, 0x32, 0x31, 0x35, 0x32, 0x30, 0x33, 0x30,
0x30, 0x30, 0x5a, 0x17, 0x0d, 0x30, 0x31, 0x30, 0x32, 0x31, 0x34, 0x32,
0x30, 0x33, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x81, 0x9e, 0x31, 0x0b, 0x30,
0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10,
0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e,
0x74, 0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04,
0x07, 0x0c, 0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x15,
0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0c, 0x77, 0x6f, 0x6c,
0x66, 0x53, 0x53, 0x4c, 0x5f, 0x32, 0x30, 0x34, 0x38, 0x31, 0x19, 0x30,
0x17, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x10, 0x50, 0x72, 0x6f, 0x67,
0x72, 0x61, 0x6d, 0x6d, 0x69, 0x6e, 0x67, 0x2d, 0x32, 0x30, 0x34, 0x38,
0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77,
0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63,
0x6f, 0x6d, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40,
0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30,
0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30,
0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc3, 0x03, 0xd1, 0x2b,
0xfe, 0x39, 0xa4, 0x32, 0x45, 0x3b, 0x53, 0xc8, 0x84, 0x2b, 0x2a, 0x7c,
0x74, 0x9a, 0xbd, 0xaa, 0x2a, 0x52, 0x07, 0x47, 0xd6, 0xa6, 0x36, 0xb2,
0x07, 0x32, 0x8e, 0xd0, 0xba, 0x69, 0x7b, 0xc6, 0xc3, 0x44, 0x9e, 0xd4,
0x81, 0x48, 0xfd, 0x2d, 0x68, 0xa2, 0x8b, 0x67, 0xbb, 0xa1, 0x75, 0xc8,
0x36, 0x2c, 0x4a, 0xd2, 0x1b, 0xf7, 0x8b, 0xba, 0xcf, 0x0d, 0xf9, 0xef,
0xec, 0xf1, 0x81, 0x1e, 0x7b, 0x9b, 0x03, 0x47, 0x9a, 0xbf, 0x65, 0xcc,
0x7f, 0x65, 0x24, 0x69, 0xa6, 0xe8, 0x14, 0x89, 0x5b, 0xe4, 0x34, 0xf7,
0xc5, 0xb0, 0x14, 0x93, 0xf5, 0x67, 0x7b, 0x3a, 0x7a, 0x78, 0xe1, 0x01,
0x56, 0x56, 0x91, 0xa6, 0x13, 0x42, 0x8d, 0xd2, 0x3c, 0x40, 0x9c, 0x4c,
0xef, 0xd1, 0x86, 0xdf, 0x37, 0x51, 0x1b, 0x0c, 0xa1, 0x3b, 0xf5, 0xf1,
0xa3, 0x4a, 0x35, 0xe4, 0xe1, 0xce, 0x96, 0xdf, 0x1b, 0x7e, 0xbf, 0x4e,
0x97, 0xd0, 0x10, 0xe8, 0xa8, 0x08, 0x30, 0x81, 0xaf, 0x20, 0x0b, 0x43,
0x14, 0xc5, 0x74, 0x67, 0xb4, 0x32, 0x82, 0x6f, 0x8d, 0x86, 0xc2, 0x88,
0x40, 0x99, 0x36, 0x83, 0xba, 0x1e, 0x40, 0x72, 0x22, 0x17, 0xd7, 0x52,
0x65, 0x24, 0x73, 0xb0, 0xce, 0xef, 0x19, 0xcd, 0xae, 0xff, 0x78, 0x6c,
0x7b, 0xc0, 0x12, 0x03, 0xd4, 0x4e, 0x72, 0x0d, 0x50, 0x6d, 0x3b, 0xa3,
0x3b, 0xa3, 0x99, 0x5e, 0x9d, 0xc8, 0xd9, 0x0c, 0x85, 0xb3, 0xd9, 0x8a,
0xd9, 0x54, 0x26, 0xdb, 0x6d, 0xfa, 0xac, 0xbb, 0xff, 0x25, 0x4c, 0xc4,
0xd1, 0x79, 0xf4, 0x71, 0xd3, 0x86, 0x40, 0x18, 0x13, 0xb0, 0x63, 0xb5,
0x72, 0x4e, 0x30, 0xc4, 0x97, 0x84, 0x86, 0x2d, 0x56, 0x2f, 0xd7, 0x15,
0xf7, 0x7f, 0xc0, 0xae, 0xf5, 0xfc, 0x5b, 0xe5, 0xfb, 0xa1, 0xba, 0xd3,
0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x81, 0x8e, 0x30, 0x81, 0x8b, 0x30,
0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01,
0xff, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x15, 0x30, 0x13,
0x82, 0x0b, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f,
0x6d, 0x87, 0x04, 0x7f, 0x00, 0x00, 0x01, 0x30, 0x1d, 0x06, 0x03, 0x55,
0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x33, 0xd8, 0x45, 0x66, 0xd7, 0x68,
0x87, 0x18, 0x7e, 0x54, 0x0d, 0x70, 0x27, 0x91, 0xc7, 0x26, 0xd7, 0x85,
0x65, 0xc0, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30,
0x16, 0x80, 0x14, 0x33, 0xd8, 0x45, 0x66, 0xd7, 0x68, 0x87, 0x18, 0x7e,
0x54, 0x0d, 0x70, 0x27, 0x91, 0xc7, 0x26, 0xd7, 0x85, 0x65, 0xc0, 0x30,
0x1d, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08,
0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06,
0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86,
0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01,
0x01, 0x00, 0x98, 0x2a, 0x3d, 0x94, 0x37, 0xae, 0xd6, 0x28, 0x12, 0xed,
0x6d, 0x95, 0xc9, 0x05, 0x89, 0x4b, 0x5c, 0x5e, 0x88, 0xed, 0x9e, 0x14,
0x89, 0x79, 0x65, 0x7b, 0x5c, 0xdb, 0xcd, 0x21, 0xc5, 0xfc, 0x7a, 0x05,
0xd2, 0x33, 0x54, 0xa1, 0x1b, 0xb2, 0xc6, 0xd8, 0x3e, 0x88, 0x7d, 0x58,
0xfd, 0xd0, 0xca, 0x71, 0x58, 0xd5, 0x37, 0x81, 0xe0, 0xef, 0x65, 0xfc,
0x1b, 0xf1, 0x5d, 0xdd, 0x26, 0x68, 0x12, 0xfb, 0x12, 0x24, 0xd5, 0x45,
0x4f, 0x41, 0xad, 0xee, 0x3f, 0x16, 0x40, 0xb2, 0x59, 0xe6, 0x5b, 0x76,
0xe7, 0x47, 0x11, 0xa4, 0xe1, 0x2f, 0x0d, 0xe8, 0x13, 0x13, 0x49, 0xb0,
0x01, 0x11, 0x15, 0xb5, 0xb3, 0x93, 0x4f, 0x28, 0xdc, 0xd0, 0x30, 0x03,
0x48, 0x02, 0x95, 0x2d, 0xd9, 0x26, 0x87, 0x1f, 0x19, 0xa1, 0x03, 0x5c,
0x7c, 0xde, 0x54, 0xd4, 0x98, 0x85, 0x34, 0xcc, 0x54, 0xf1, 0x24, 0x43,
0xa6, 0x87, 0xfa, 0xb6, 0x62, 0xee, 0xa3, 0x4a, 0xb3, 0xce, 0x1c, 0x2e,
0xbf, 0x94, 0xef, 0x4c, 0x75, 0x75, 0x55, 0x1d, 0xc9, 0xc2, 0xe4, 0xe5,
0x24, 0xb2, 0x0a, 0x93, 0xf0, 0xff, 0x2e, 0x43, 0x99, 0xad, 0x4e, 0x83,
0x11, 0x52, 0xf4, 0xb9, 0x92, 0x30, 0xe1, 0x02, 0x2f, 0xa5, 0xf2, 0x21,
0xb1, 0xf4, 0xe9, 0x57, 0xbd, 0xba, 0x17, 0x56, 0xd7, 0x31, 0xcb, 0x63,
0xa3, 0xd5, 0xcf, 0xc9, 0xd9, 0xa6, 0x4f, 0x51, 0x6c, 0x52, 0x4c, 0x53,
0x88, 0x9a, 0x2e, 0xb9, 0x72, 0x02, 0x6e, 0x1b, 0x21, 0x93, 0xa1, 0x88,
0x1b, 0x35, 0x0e, 0x9e, 0x2b, 0x63, 0x81, 0xba, 0xb4, 0x6b, 0x28, 0x01,
0x56, 0xe1, 0x0e, 0x13, 0x73, 0xf6, 0xd6, 0xa0, 0xd2, 0xfd, 0xc9, 0x4d,
0xbd, 0xa8, 0xa9, 0x22, 0x9e, 0xc7, 0x13, 0x76, 0x5a, 0x9c, 0xd3, 0x9a,
0xf4, 0x0c, 0x52, 0xe6, 0x47, 0xcb
#endif
};
printf(testingFmt, "wolfSSL_X509_sign2");
@@ -37504,7 +37599,7 @@ static void test_wolfSSL_i2t_ASN1_OBJECT(void)
static void test_wolfSSL_PEM_write_bio_X509(void)
{
#if defined(OPENSSL_EXTRA) && \
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_AKID_NAME) && \
defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)
/* This test contains the hard coded expected
* lengths. Update if necessary */

41
wolfcrypt/src/asn.c
View File

@@ -74,6 +74,8 @@ ASN Options:
* WOLFSSL_ASN_TEMPLATE_TYPE_CHECK: Use ASN functions to better test compiler
type issues for testing
* CRLDP_VALIDATE_DATA: For ASN template only, validates the reason data
* WOLFSSL_AKID_NAME: Enable support for full AuthorityKeyIdentifier extension.
* Only supports copying full AKID from an existing certificate.
*/
#ifndef NO_ASN
@@ -14952,8 +14954,10 @@ static int DecodeAuthKeyId(const byte* input, int sz, DecodedCert* cert)
}
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
#ifdef WOLFSSL_AKID_NAME
cert->extRawAuthKeyIdSrc = input;
cert->extRawAuthKeyIdSz = sz;
#endif
cert->extAuthKeyIdSrc = &input[idx];
cert->extAuthKeyIdSz = length;
#endif /* OPENSSL_EXTRA */
@@ -14981,8 +14985,10 @@ static int DecodeAuthKeyId(const byte* input, int sz, DecodedCert* cert)
else {
#ifdef OPENSSL_EXTRA
/* Store the authority key id. */
#ifdef WOLFSSL_AKID_NAME
cert->extRawAuthKeyIdSrc = input;
cert->extRawAuthKeyIdSz = sz;
#endif
GetASN_GetConstRef(&dataASN[1], &cert->extAuthKeyIdSrc,
&cert->extAuthKeyIdSz);
#endif /* OPENSSL_EXTRA */
@@ -20031,7 +20037,11 @@ typedef struct DerCert {
byte extensions[MAX_EXTENSIONS_SZ]; /* all extensions */
#ifdef WOLFSSL_CERT_EXT
byte skid[MAX_KID_SZ]; /* Subject Key Identifier extension */
byte akid[MAX_KID_SZ + sizeof(CertName)]; /* Authority Key Identifier extension */
byte akid[MAX_KID_SZ
#ifdef WOLFSSL_AKID_NAME
+ sizeof(CertName) + CTC_SERIAL_SIZE
#endif
]; /* Authority Key Identifier extension */
byte keyUsage[MAX_KEYUSAGE_SZ]; /* Key Usage extension */
byte extKeyUsage[MAX_EXTKEYUSAGE_SZ]; /* Extended Key Usage extension */
#ifndef IGNORE_NETSCAPE_CERT_TYPE
@@ -21022,7 +21032,7 @@ static int SetSKID(byte* output, word32 outSz, const byte *input, word32 length)
/* encode Authority Key Identifier, return total bytes written
* RFC5280 : non-critical */
static int SetAKID(byte* output, word32 outSz, byte *input, word32 length,
byte rawAkid)
byte rawAkid)
{
int enc_valSz, inSeqSz;
byte enc_val_buf[MAX_KID_SZ];
@@ -21031,14 +21041,19 @@ static int SetAKID(byte* output, word32 outSz, byte *input, word32 length,
const byte akid_cs[] = { 0x80 };
word32 idx;
(void)rawAkid;
if (output == NULL || input == NULL)
return BAD_FUNC_ARG;
#ifdef WOLFSSL_AKID_NAME
if (rawAkid) {
enc_val = input;
enc_valSz = length;
}
else {
else
#endif
{
enc_val = enc_val_buf;
enc_valSz = length + 3 + sizeof(akid_cs);
if (enc_valSz > (int)sizeof(enc_val_buf))
@@ -22843,13 +22858,25 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
/* AKID */
if (cert->akidSz) {
/* check the provided AKID size */
if ((!cert->rawAkid &&
cert->akidSz > (int)min(CTC_MAX_AKID_SIZE, sizeof(der->akid))) ||
(cert->rawAkid && cert->akidSz > (int)sizeof(der->akid)))
if ((
#ifdef WOLFSSL_AKID_NAME
!cert->rawAkid &&
#endif
cert->akidSz > (int)min(CTC_MAX_AKID_SIZE, sizeof(der->akid)))
#ifdef WOLFSSL_AKID_NAME
|| (cert->rawAkid && cert->akidSz > (int)sizeof(der->akid))
#endif
)
return AKID_E;
der->akidSz = SetAKID(der->akid, sizeof(der->akid), cert->akid,
cert->akidSz, cert->rawAkid);
cert->akidSz,
#ifdef WOLFSSL_AKID_NAME
cert->rawAkid
#else
0
#endif
);
if (der->akidSz <= 0)
return AKID_E;

2
wolfssl/wolfcrypt/asn.h
View File

@@ -1441,8 +1441,10 @@ struct DecodedCert {
const byte* extExtKeyUsageSrc;
word32 extExtKeyUsageSz;
word32 extExtKeyUsageCount;
#ifdef WOLFSSL_AKID_NAME
const byte* extRawAuthKeyIdSrc;
word32 extRawAuthKeyIdSz;
#endif
const byte* extAuthKeyIdSrc;
word32 extAuthKeyIdSz;
const byte* extSubjKeyIdSrc;

8
wolfssl/wolfcrypt/asn_public.h
View File

@@ -363,13 +363,19 @@ typedef struct Cert {
#ifdef WOLFSSL_CERT_EXT
byte skid[CTC_MAX_SKID_SIZE]; /* Subject Key Identifier */
int skidSz; /* SKID size in bytes */
byte akid[CTC_MAX_AKID_SIZE + sizeof(CertName)]; /* Authority Key
byte akid[CTC_MAX_AKID_SIZE
#ifdef WOLFSSL_AKID_NAME
+ sizeof(CertName) + CTC_SERIAL_SIZE
#endif
]; /* Authority Key
* Identifier */
int akidSz; /* AKID size in bytes */
#ifdef WOLFSSL_AKID_NAME
byte rawAkid; /* Set to true if akid is a
* AuthorityKeyIdentifier object.
* Set to false if akid is just a
* KeyIdentifier object. */
#endif
word16 keyUsage; /* Key Usage */
byte extKeyUsage; /* Extended Key Usage */
#ifndef IGNORE_NETSCAPE_CERT_TYPE