diff --git a/configure.ac b/configure.ac index 0c1838cfe..72d96f51d 100644 --- a/configure.ac +++ b/configure.ac @@ -6795,6 +6795,7 @@ then AM_CFLAGS="-DOPENSSL_EXTRA -DWOLFSSL_ALWAYS_VERIFY_CB $AM_CFLAGS" AM_CFLAGS="-DWOLFSSL_VERIFY_CB_ALL_CERTS -DWOLFSSL_EXTRA_ALERTS $AM_CFLAGS" AM_CFLAGS="-DHAVE_EXT_CACHE -DWOLFSSL_FORCE_CACHE_ON_TICKET $AM_CFLAGS" + AM_CFLAGS="-DWOLFSSL_AKID_NAME $AM_CFLAGS" fi if test "$ENABLED_OPENSSLEXTRA" = "x509small" diff --git a/src/internal.c b/src/internal.c index 37ae538e3..2574cd946 100644 --- a/src/internal.c +++ b/src/internal.c @@ -10715,6 +10715,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) x509->authKeyIdSet = dCert->extAuthKeyIdSet; x509->authKeyIdCrit = dCert->extAuthKeyIdCrit; if (dCert->extAuthKeyIdSrc != NULL && dCert->extAuthKeyIdSz != 0) { + #ifdef WOLFSSL_AKID_NAME if (dCert->extRawAuthKeyIdSrc != NULL && dCert->extAuthKeyIdSrc > dCert->extRawAuthKeyIdSrc && dCert->extAuthKeyIdSrc < @@ -10734,6 +10735,15 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) else ret = MEMORY_E; } + #else + x509->authKeyId = (byte*)XMALLOC(dCert->extAuthKeyIdSz, x509->heap, + DYNAMIC_TYPE_X509_EXT); + if (x509->authKeyId != NULL) { + XMEMCPY(x509->authKeyId, + dCert->extAuthKeyIdSrc, dCert->extAuthKeyIdSz); + x509->authKeyIdSz = dCert->extAuthKeyIdSz; + } + #endif else ret = MEMORY_E; } diff --git a/src/ssl.c b/src/ssl.c index 51dc8dee2..bc62c71d4 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -41858,16 +41858,18 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) } if (x509->authKeyIdSz < sizeof(cert->akid)) { - /* Not supported with WOLFSSL_ASN_TEMPLATE at the moment. */ + #ifdef WOLFSSL_AKID_NAME + cert->rawAkid = 0; if (x509->authKeyIdSrc) { XMEMCPY(cert->akid, x509->authKeyIdSrc, x509->authKeyIdSrcSz); cert->akidSz = (int)x509->authKeyIdSrcSz; cert->rawAkid = 1; } - else if (x509->authKeyId) { + else + #endif + if (x509->authKeyId) { XMEMCPY(cert->akid, x509->authKeyId, x509->authKeyIdSz); cert->akidSz = (int)x509->authKeyIdSz; - cert->rawAkid = 0; } } else { diff --git a/tests/api.c b/tests/api.c index 2b9cbab56..cd4bcc2f9 100644 --- a/tests/api.c +++ b/tests/api.c @@ -35680,6 +35680,7 @@ static void test_wolfSSL_X509_sign2(void) time_t t; const unsigned char expected[] = { +#ifdef WOLFSSL_AKID_NAME 0x30, 0x82, 0x04, 0xfd, 0x30, 0x82, 0x03, 0xe5, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xf1, 0x5c, 0x99, 0x43, 0x66, 0x3d, 0x96, 0x04, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, @@ -35787,6 +35788,100 @@ static void test_wolfSSL_X509_sign2(void) 0xec, 0xba, 0x3b, 0xa4, 0xfe, 0xa1, 0xfd, 0x26, 0x19, 0x7c, 0x2d, 0x14, 0x91, 0x91, 0x61, 0x30, 0x3e, 0xf4, 0x5c, 0x97, 0x4c, 0x06, 0x84, 0xab, 0x94, 0xa8, 0x17, 0x6c, 0xec, 0x19, 0xc0, 0x87, 0xd0 +#else + 0x30, 0x82, 0x04, 0x46, 0x30, 0x82, 0x03, 0x2e, 0xa0, 0x03, 0x02, 0x01, + 0x02, 0x02, 0x09, 0x00, 0xf1, 0x5c, 0x99, 0x43, 0x66, 0x3d, 0x96, 0x04, + 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, + 0x0b, 0x05, 0x00, 0x30, 0x81, 0x94, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, + 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, + 0x03, 0x55, 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, + 0x61, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, + 0x42, 0x6f, 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x11, 0x30, 0x0f, 0x06, + 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6f, 0x6f, + 0x74, 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, + 0x0a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x74, 0x69, 0x6e, 0x67, 0x31, + 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x77, + 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, + 0x6d, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, + 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, + 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e, + 0x17, 0x0d, 0x30, 0x30, 0x30, 0x32, 0x31, 0x35, 0x32, 0x30, 0x33, 0x30, + 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x30, 0x31, 0x30, 0x32, 0x31, 0x34, 0x32, + 0x30, 0x33, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x81, 0x9e, 0x31, 0x0b, 0x30, + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, + 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e, + 0x74, 0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, + 0x07, 0x0c, 0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x15, + 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0c, 0x77, 0x6f, 0x6c, + 0x66, 0x53, 0x53, 0x4c, 0x5f, 0x32, 0x30, 0x34, 0x38, 0x31, 0x19, 0x30, + 0x17, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x10, 0x50, 0x72, 0x6f, 0x67, + 0x72, 0x61, 0x6d, 0x6d, 0x69, 0x6e, 0x67, 0x2d, 0x32, 0x30, 0x34, 0x38, + 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, + 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, + 0x6f, 0x6d, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, + 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, + 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, + 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, + 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc3, 0x03, 0xd1, 0x2b, + 0xfe, 0x39, 0xa4, 0x32, 0x45, 0x3b, 0x53, 0xc8, 0x84, 0x2b, 0x2a, 0x7c, + 0x74, 0x9a, 0xbd, 0xaa, 0x2a, 0x52, 0x07, 0x47, 0xd6, 0xa6, 0x36, 0xb2, + 0x07, 0x32, 0x8e, 0xd0, 0xba, 0x69, 0x7b, 0xc6, 0xc3, 0x44, 0x9e, 0xd4, + 0x81, 0x48, 0xfd, 0x2d, 0x68, 0xa2, 0x8b, 0x67, 0xbb, 0xa1, 0x75, 0xc8, + 0x36, 0x2c, 0x4a, 0xd2, 0x1b, 0xf7, 0x8b, 0xba, 0xcf, 0x0d, 0xf9, 0xef, + 0xec, 0xf1, 0x81, 0x1e, 0x7b, 0x9b, 0x03, 0x47, 0x9a, 0xbf, 0x65, 0xcc, + 0x7f, 0x65, 0x24, 0x69, 0xa6, 0xe8, 0x14, 0x89, 0x5b, 0xe4, 0x34, 0xf7, + 0xc5, 0xb0, 0x14, 0x93, 0xf5, 0x67, 0x7b, 0x3a, 0x7a, 0x78, 0xe1, 0x01, + 0x56, 0x56, 0x91, 0xa6, 0x13, 0x42, 0x8d, 0xd2, 0x3c, 0x40, 0x9c, 0x4c, + 0xef, 0xd1, 0x86, 0xdf, 0x37, 0x51, 0x1b, 0x0c, 0xa1, 0x3b, 0xf5, 0xf1, + 0xa3, 0x4a, 0x35, 0xe4, 0xe1, 0xce, 0x96, 0xdf, 0x1b, 0x7e, 0xbf, 0x4e, + 0x97, 0xd0, 0x10, 0xe8, 0xa8, 0x08, 0x30, 0x81, 0xaf, 0x20, 0x0b, 0x43, + 0x14, 0xc5, 0x74, 0x67, 0xb4, 0x32, 0x82, 0x6f, 0x8d, 0x86, 0xc2, 0x88, + 0x40, 0x99, 0x36, 0x83, 0xba, 0x1e, 0x40, 0x72, 0x22, 0x17, 0xd7, 0x52, + 0x65, 0x24, 0x73, 0xb0, 0xce, 0xef, 0x19, 0xcd, 0xae, 0xff, 0x78, 0x6c, + 0x7b, 0xc0, 0x12, 0x03, 0xd4, 0x4e, 0x72, 0x0d, 0x50, 0x6d, 0x3b, 0xa3, + 0x3b, 0xa3, 0x99, 0x5e, 0x9d, 0xc8, 0xd9, 0x0c, 0x85, 0xb3, 0xd9, 0x8a, + 0xd9, 0x54, 0x26, 0xdb, 0x6d, 0xfa, 0xac, 0xbb, 0xff, 0x25, 0x4c, 0xc4, + 0xd1, 0x79, 0xf4, 0x71, 0xd3, 0x86, 0x40, 0x18, 0x13, 0xb0, 0x63, 0xb5, + 0x72, 0x4e, 0x30, 0xc4, 0x97, 0x84, 0x86, 0x2d, 0x56, 0x2f, 0xd7, 0x15, + 0xf7, 0x7f, 0xc0, 0xae, 0xf5, 0xfc, 0x5b, 0xe5, 0xfb, 0xa1, 0xba, 0xd3, + 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x81, 0x8e, 0x30, 0x81, 0x8b, 0x30, + 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, + 0xff, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x15, 0x30, 0x13, + 0x82, 0x0b, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, + 0x6d, 0x87, 0x04, 0x7f, 0x00, 0x00, 0x01, 0x30, 0x1d, 0x06, 0x03, 0x55, + 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x33, 0xd8, 0x45, 0x66, 0xd7, 0x68, + 0x87, 0x18, 0x7e, 0x54, 0x0d, 0x70, 0x27, 0x91, 0xc7, 0x26, 0xd7, 0x85, + 0x65, 0xc0, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, + 0x16, 0x80, 0x14, 0x33, 0xd8, 0x45, 0x66, 0xd7, 0x68, 0x87, 0x18, 0x7e, + 0x54, 0x0d, 0x70, 0x27, 0x91, 0xc7, 0x26, 0xd7, 0x85, 0x65, 0xc0, 0x30, + 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, + 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, + 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, + 0x01, 0x00, 0x98, 0x2a, 0x3d, 0x94, 0x37, 0xae, 0xd6, 0x28, 0x12, 0xed, + 0x6d, 0x95, 0xc9, 0x05, 0x89, 0x4b, 0x5c, 0x5e, 0x88, 0xed, 0x9e, 0x14, + 0x89, 0x79, 0x65, 0x7b, 0x5c, 0xdb, 0xcd, 0x21, 0xc5, 0xfc, 0x7a, 0x05, + 0xd2, 0x33, 0x54, 0xa1, 0x1b, 0xb2, 0xc6, 0xd8, 0x3e, 0x88, 0x7d, 0x58, + 0xfd, 0xd0, 0xca, 0x71, 0x58, 0xd5, 0x37, 0x81, 0xe0, 0xef, 0x65, 0xfc, + 0x1b, 0xf1, 0x5d, 0xdd, 0x26, 0x68, 0x12, 0xfb, 0x12, 0x24, 0xd5, 0x45, + 0x4f, 0x41, 0xad, 0xee, 0x3f, 0x16, 0x40, 0xb2, 0x59, 0xe6, 0x5b, 0x76, + 0xe7, 0x47, 0x11, 0xa4, 0xe1, 0x2f, 0x0d, 0xe8, 0x13, 0x13, 0x49, 0xb0, + 0x01, 0x11, 0x15, 0xb5, 0xb3, 0x93, 0x4f, 0x28, 0xdc, 0xd0, 0x30, 0x03, + 0x48, 0x02, 0x95, 0x2d, 0xd9, 0x26, 0x87, 0x1f, 0x19, 0xa1, 0x03, 0x5c, + 0x7c, 0xde, 0x54, 0xd4, 0x98, 0x85, 0x34, 0xcc, 0x54, 0xf1, 0x24, 0x43, + 0xa6, 0x87, 0xfa, 0xb6, 0x62, 0xee, 0xa3, 0x4a, 0xb3, 0xce, 0x1c, 0x2e, + 0xbf, 0x94, 0xef, 0x4c, 0x75, 0x75, 0x55, 0x1d, 0xc9, 0xc2, 0xe4, 0xe5, + 0x24, 0xb2, 0x0a, 0x93, 0xf0, 0xff, 0x2e, 0x43, 0x99, 0xad, 0x4e, 0x83, + 0x11, 0x52, 0xf4, 0xb9, 0x92, 0x30, 0xe1, 0x02, 0x2f, 0xa5, 0xf2, 0x21, + 0xb1, 0xf4, 0xe9, 0x57, 0xbd, 0xba, 0x17, 0x56, 0xd7, 0x31, 0xcb, 0x63, + 0xa3, 0xd5, 0xcf, 0xc9, 0xd9, 0xa6, 0x4f, 0x51, 0x6c, 0x52, 0x4c, 0x53, + 0x88, 0x9a, 0x2e, 0xb9, 0x72, 0x02, 0x6e, 0x1b, 0x21, 0x93, 0xa1, 0x88, + 0x1b, 0x35, 0x0e, 0x9e, 0x2b, 0x63, 0x81, 0xba, 0xb4, 0x6b, 0x28, 0x01, + 0x56, 0xe1, 0x0e, 0x13, 0x73, 0xf6, 0xd6, 0xa0, 0xd2, 0xfd, 0xc9, 0x4d, + 0xbd, 0xa8, 0xa9, 0x22, 0x9e, 0xc7, 0x13, 0x76, 0x5a, 0x9c, 0xd3, 0x9a, + 0xf4, 0x0c, 0x52, 0xe6, 0x47, 0xcb +#endif }; printf(testingFmt, "wolfSSL_X509_sign2"); @@ -37504,7 +37599,7 @@ static void test_wolfSSL_i2t_ASN1_OBJECT(void) static void test_wolfSSL_PEM_write_bio_X509(void) { -#if defined(OPENSSL_EXTRA) && \ +#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_AKID_NAME) && \ defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) /* This test contains the hard coded expected * lengths. Update if necessary */ diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 768357bfc..a3f7c0f07 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -74,6 +74,8 @@ ASN Options: * WOLFSSL_ASN_TEMPLATE_TYPE_CHECK: Use ASN functions to better test compiler type issues for testing * CRLDP_VALIDATE_DATA: For ASN template only, validates the reason data + * WOLFSSL_AKID_NAME: Enable support for full AuthorityKeyIdentifier extension. + * Only supports copying full AKID from an existing certificate. */ #ifndef NO_ASN @@ -14952,8 +14954,10 @@ static int DecodeAuthKeyId(const byte* input, int sz, DecodedCert* cert) } #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) +#ifdef WOLFSSL_AKID_NAME cert->extRawAuthKeyIdSrc = input; cert->extRawAuthKeyIdSz = sz; +#endif cert->extAuthKeyIdSrc = &input[idx]; cert->extAuthKeyIdSz = length; #endif /* OPENSSL_EXTRA */ @@ -14981,8 +14985,10 @@ static int DecodeAuthKeyId(const byte* input, int sz, DecodedCert* cert) else { #ifdef OPENSSL_EXTRA /* Store the authority key id. */ +#ifdef WOLFSSL_AKID_NAME cert->extRawAuthKeyIdSrc = input; cert->extRawAuthKeyIdSz = sz; +#endif GetASN_GetConstRef(&dataASN[1], &cert->extAuthKeyIdSrc, &cert->extAuthKeyIdSz); #endif /* OPENSSL_EXTRA */ @@ -20031,7 +20037,11 @@ typedef struct DerCert { byte extensions[MAX_EXTENSIONS_SZ]; /* all extensions */ #ifdef WOLFSSL_CERT_EXT byte skid[MAX_KID_SZ]; /* Subject Key Identifier extension */ - byte akid[MAX_KID_SZ + sizeof(CertName)]; /* Authority Key Identifier extension */ + byte akid[MAX_KID_SZ +#ifdef WOLFSSL_AKID_NAME + + sizeof(CertName) + CTC_SERIAL_SIZE +#endif + ]; /* Authority Key Identifier extension */ byte keyUsage[MAX_KEYUSAGE_SZ]; /* Key Usage extension */ byte extKeyUsage[MAX_EXTKEYUSAGE_SZ]; /* Extended Key Usage extension */ #ifndef IGNORE_NETSCAPE_CERT_TYPE @@ -21022,7 +21032,7 @@ static int SetSKID(byte* output, word32 outSz, const byte *input, word32 length) /* encode Authority Key Identifier, return total bytes written * RFC5280 : non-critical */ static int SetAKID(byte* output, word32 outSz, byte *input, word32 length, - byte rawAkid) + byte rawAkid) { int enc_valSz, inSeqSz; byte enc_val_buf[MAX_KID_SZ]; @@ -21031,14 +21041,19 @@ static int SetAKID(byte* output, word32 outSz, byte *input, word32 length, const byte akid_cs[] = { 0x80 }; word32 idx; + (void)rawAkid; + if (output == NULL || input == NULL) return BAD_FUNC_ARG; +#ifdef WOLFSSL_AKID_NAME if (rawAkid) { enc_val = input; enc_valSz = length; } - else { + else +#endif + { enc_val = enc_val_buf; enc_valSz = length + 3 + sizeof(akid_cs); if (enc_valSz > (int)sizeof(enc_val_buf)) @@ -22843,13 +22858,25 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey, /* AKID */ if (cert->akidSz) { /* check the provided AKID size */ - if ((!cert->rawAkid && - cert->akidSz > (int)min(CTC_MAX_AKID_SIZE, sizeof(der->akid))) || - (cert->rawAkid && cert->akidSz > (int)sizeof(der->akid))) + if (( +#ifdef WOLFSSL_AKID_NAME + !cert->rawAkid && +#endif + cert->akidSz > (int)min(CTC_MAX_AKID_SIZE, sizeof(der->akid))) +#ifdef WOLFSSL_AKID_NAME + || (cert->rawAkid && cert->akidSz > (int)sizeof(der->akid)) +#endif + ) return AKID_E; der->akidSz = SetAKID(der->akid, sizeof(der->akid), cert->akid, - cert->akidSz, cert->rawAkid); + cert->akidSz, +#ifdef WOLFSSL_AKID_NAME + cert->rawAkid +#else + 0 +#endif + ); if (der->akidSz <= 0) return AKID_E; diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 13292b3b0..4cc9714bc 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -1441,8 +1441,10 @@ struct DecodedCert { const byte* extExtKeyUsageSrc; word32 extExtKeyUsageSz; word32 extExtKeyUsageCount; +#ifdef WOLFSSL_AKID_NAME const byte* extRawAuthKeyIdSrc; word32 extRawAuthKeyIdSz; +#endif const byte* extAuthKeyIdSrc; word32 extAuthKeyIdSz; const byte* extSubjKeyIdSrc; diff --git a/wolfssl/wolfcrypt/asn_public.h b/wolfssl/wolfcrypt/asn_public.h index a11ceb623..7f2ab82be 100644 --- a/wolfssl/wolfcrypt/asn_public.h +++ b/wolfssl/wolfcrypt/asn_public.h @@ -363,13 +363,19 @@ typedef struct Cert { #ifdef WOLFSSL_CERT_EXT byte skid[CTC_MAX_SKID_SIZE]; /* Subject Key Identifier */ int skidSz; /* SKID size in bytes */ - byte akid[CTC_MAX_AKID_SIZE + sizeof(CertName)]; /* Authority Key + byte akid[CTC_MAX_AKID_SIZE +#ifdef WOLFSSL_AKID_NAME + + sizeof(CertName) + CTC_SERIAL_SIZE +#endif + ]; /* Authority Key * Identifier */ int akidSz; /* AKID size in bytes */ +#ifdef WOLFSSL_AKID_NAME byte rawAkid; /* Set to true if akid is a * AuthorityKeyIdentifier object. * Set to false if akid is just a * KeyIdentifier object. */ +#endif word16 keyUsage; /* Key Usage */ byte extKeyUsage; /* Extended Key Usage */ #ifndef IGNORE_NETSCAPE_CERT_TYPE