wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-02 20:24:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

Gate new AKID functionality on WOLFSSL_AKID_NAME

Browse Source
This commit is contained in:
Juliusz Sosinowicz
2021-10-21 12:44:13 +02:00
parent cb79bc5c46
commit a6be157628
7 changed files with 155 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
configure.ac
View File

@@ -6795,6 +6795,7 @@ then
AM_CFLAGS="-DOPENSSL_EXTRA -DWOLFSSL_ALWAYS_VERIFY_CB $AM_CFLAGS" AM_CFLAGS="-DOPENSSL_EXTRA -DWOLFSSL_ALWAYS_VERIFY_CB $AM_CFLAGS"
AM_CFLAGS="-DWOLFSSL_VERIFY_CB_ALL_CERTS -DWOLFSSL_EXTRA_ALERTS $AM_CFLAGS" AM_CFLAGS="-DWOLFSSL_VERIFY_CB_ALL_CERTS -DWOLFSSL_EXTRA_ALERTS $AM_CFLAGS"
AM_CFLAGS="-DHAVE_EXT_CACHE -DWOLFSSL_FORCE_CACHE_ON_TICKET $AM_CFLAGS" AM_CFLAGS="-DHAVE_EXT_CACHE -DWOLFSSL_FORCE_CACHE_ON_TICKET $AM_CFLAGS"
AM_CFLAGS="-DWOLFSSL_AKID_NAME $AM_CFLAGS"
fi fi
if test "$ENABLED_OPENSSLEXTRA" = "x509small" if test "$ENABLED_OPENSSLEXTRA" = "x509small"

10
src/internal.c
View File

@@ -10715,6 +10715,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
x509->authKeyIdSet = dCert->extAuthKeyIdSet; x509->authKeyIdSet = dCert->extAuthKeyIdSet;
x509->authKeyIdCrit = dCert->extAuthKeyIdCrit; x509->authKeyIdCrit = dCert->extAuthKeyIdCrit;
if (dCert->extAuthKeyIdSrc != NULL && dCert->extAuthKeyIdSz != 0) { if (dCert->extAuthKeyIdSrc != NULL && dCert->extAuthKeyIdSz != 0) {
#ifdef WOLFSSL_AKID_NAME
if (dCert->extRawAuthKeyIdSrc != NULL && if (dCert->extRawAuthKeyIdSrc != NULL &&
dCert->extAuthKeyIdSrc > dCert->extRawAuthKeyIdSrc && dCert->extAuthKeyIdSrc > dCert->extRawAuthKeyIdSrc &&
dCert->extAuthKeyIdSrc < dCert->extAuthKeyIdSrc <
@@ -10734,6 +10735,15 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
else else
ret = MEMORY_E; ret = MEMORY_E;
} }
#else
x509->authKeyId = (byte*)XMALLOC(dCert->extAuthKeyIdSz, x509->heap,
DYNAMIC_TYPE_X509_EXT);
if (x509->authKeyId != NULL) {
XMEMCPY(x509->authKeyId,
dCert->extAuthKeyIdSrc, dCert->extAuthKeyIdSz);
x509->authKeyIdSz = dCert->extAuthKeyIdSz;
}
#endif
else else
ret = MEMORY_E; ret = MEMORY_E;
} }

8
src/ssl.c
View File

@@ -41858,16 +41858,18 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
} }
if (x509->authKeyIdSz < sizeof(cert->akid)) { if (x509->authKeyIdSz < sizeof(cert->akid)) {
/* Not supported with WOLFSSL_ASN_TEMPLATE at the moment. */ #ifdef WOLFSSL_AKID_NAME
cert->rawAkid = 0;
if (x509->authKeyIdSrc) { if (x509->authKeyIdSrc) {
XMEMCPY(cert->akid, x509->authKeyIdSrc, x509->authKeyIdSrcSz); XMEMCPY(cert->akid, x509->authKeyIdSrc, x509->authKeyIdSrcSz);
cert->akidSz = (int)x509->authKeyIdSrcSz; cert->akidSz = (int)x509->authKeyIdSrcSz;
cert->rawAkid = 1; cert->rawAkid = 1;
} }
else if (x509->authKeyId) { else
#endif
if (x509->authKeyId) {
XMEMCPY(cert->akid, x509->authKeyId, x509->authKeyIdSz); XMEMCPY(cert->akid, x509->authKeyId, x509->authKeyIdSz);
cert->akidSz = (int)x509->authKeyIdSz; cert->akidSz = (int)x509->authKeyIdSz;
cert->rawAkid = 0;
} }
} }
else { else {

97
tests/api.c
View File

@@ -35680,6 +35680,7 @@ static void test_wolfSSL_X509_sign2(void)
time_t t; time_t t;
const unsigned char expected[] = { const unsigned char expected[] = {
#ifdef WOLFSSL_AKID_NAME
0x30, 0x82, 0x04, 0xfd, 0x30, 0x82, 0x03, 0xe5, 0xa0, 0x03, 0x02, 0x01, 0x30, 0x82, 0x04, 0xfd, 0x30, 0x82, 0x03, 0xe5, 0xa0, 0x03, 0x02, 0x01,
0x02, 0x02, 0x09, 0x00, 0xf1, 0x5c, 0x99, 0x43, 0x66, 0x3d, 0x96, 0x04, 0x02, 0x02, 0x09, 0x00, 0xf1, 0x5c, 0x99, 0x43, 0x66, 0x3d, 0x96, 0x04,
0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
@@ -35787,6 +35788,100 @@ static void test_wolfSSL_X509_sign2(void)
0xec, 0xba, 0x3b, 0xa4, 0xfe, 0xa1, 0xfd, 0x26, 0x19, 0x7c, 0x2d, 0x14, 0xec, 0xba, 0x3b, 0xa4, 0xfe, 0xa1, 0xfd, 0x26, 0x19, 0x7c, 0x2d, 0x14,
0x91, 0x91, 0x61, 0x30, 0x3e, 0xf4, 0x5c, 0x97, 0x4c, 0x06, 0x84, 0xab, 0x91, 0x91, 0x61, 0x30, 0x3e, 0xf4, 0x5c, 0x97, 0x4c, 0x06, 0x84, 0xab,
0x94, 0xa8, 0x17, 0x6c, 0xec, 0x19, 0xc0, 0x87, 0xd0 0x94, 0xa8, 0x17, 0x6c, 0xec, 0x19, 0xc0, 0x87, 0xd0
#else
0x30, 0x82, 0x04, 0x46, 0x30, 0x82, 0x03, 0x2e, 0xa0, 0x03, 0x02, 0x01,
0x02, 0x02, 0x09, 0x00, 0xf1, 0x5c, 0x99, 0x43, 0x66, 0x3d, 0x96, 0x04,
0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
0x0b, 0x05, 0x00, 0x30, 0x81, 0x94, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,
0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06,
0x03, 0x55, 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e,
0x61, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07,
0x42, 0x6f, 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x11, 0x30, 0x0f, 0x06,
0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6f, 0x6f,
0x74, 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c,
0x0a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x74, 0x69, 0x6e, 0x67, 0x31,
0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x77,
0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f,
0x6d, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77,
0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e,
0x17, 0x0d, 0x30, 0x30, 0x30, 0x32, 0x31, 0x35, 0x32, 0x30, 0x33, 0x30,
0x30, 0x30, 0x5a, 0x17, 0x0d, 0x30, 0x31, 0x30, 0x32, 0x31, 0x34, 0x32,
0x30, 0x33, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x81, 0x9e, 0x31, 0x0b, 0x30,
0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10,
0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e,
0x74, 0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04,
0x07, 0x0c, 0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x15,
0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0c, 0x77, 0x6f, 0x6c,
0x66, 0x53, 0x53, 0x4c, 0x5f, 0x32, 0x30, 0x34, 0x38, 0x31, 0x19, 0x30,
0x17, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x10, 0x50, 0x72, 0x6f, 0x67,
0x72, 0x61, 0x6d, 0x6d, 0x69, 0x6e, 0x67, 0x2d, 0x32, 0x30, 0x34, 0x38,
0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77,
0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63,
0x6f, 0x6d, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40,
0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30,
0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30,
0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc3, 0x03, 0xd1, 0x2b,
0xfe, 0x39, 0xa4, 0x32, 0x45, 0x3b, 0x53, 0xc8, 0x84, 0x2b, 0x2a, 0x7c,
0x74, 0x9a, 0xbd, 0xaa, 0x2a, 0x52, 0x07, 0x47, 0xd6, 0xa6, 0x36, 0xb2,
0x07, 0x32, 0x8e, 0xd0, 0xba, 0x69, 0x7b, 0xc6, 0xc3, 0x44, 0x9e, 0xd4,
0x81, 0x48, 0xfd, 0x2d, 0x68, 0xa2, 0x8b, 0x67, 0xbb, 0xa1, 0x75, 0xc8,
0x36, 0x2c, 0x4a, 0xd2, 0x1b, 0xf7, 0x8b, 0xba, 0xcf, 0x0d, 0xf9, 0xef,
0xec, 0xf1, 0x81, 0x1e, 0x7b, 0x9b, 0x03, 0x47, 0x9a, 0xbf, 0x65, 0xcc,
0x7f, 0x65, 0x24, 0x69, 0xa6, 0xe8, 0x14, 0x89, 0x5b, 0xe4, 0x34, 0xf7,
0xc5, 0xb0, 0x14, 0x93, 0xf5, 0x67, 0x7b, 0x3a, 0x7a, 0x78, 0xe1, 0x01,
0x56, 0x56, 0x91, 0xa6, 0x13, 0x42, 0x8d, 0xd2, 0x3c, 0x40, 0x9c, 0x4c,
0xef, 0xd1, 0x86, 0xdf, 0x37, 0x51, 0x1b, 0x0c, 0xa1, 0x3b, 0xf5, 0xf1,
0xa3, 0x4a, 0x35, 0xe4, 0xe1, 0xce, 0x96, 0xdf, 0x1b, 0x7e, 0xbf, 0x4e,
0x97, 0xd0, 0x10, 0xe8, 0xa8, 0x08, 0x30, 0x81, 0xaf, 0x20, 0x0b, 0x43,
0x14, 0xc5, 0x74, 0x67, 0xb4, 0x32, 0x82, 0x6f, 0x8d, 0x86, 0xc2, 0x88,
0x40, 0x99, 0x36, 0x83, 0xba, 0x1e, 0x40, 0x72, 0x22, 0x17, 0xd7, 0x52,
0x65, 0x24, 0x73, 0xb0, 0xce, 0xef, 0x19, 0xcd, 0xae, 0xff, 0x78, 0x6c,
0x7b, 0xc0, 0x12, 0x03, 0xd4, 0x4e, 0x72, 0x0d, 0x50, 0x6d, 0x3b, 0xa3,
0x3b, 0xa3, 0x99, 0x5e, 0x9d, 0xc8, 0xd9, 0x0c, 0x85, 0xb3, 0xd9, 0x8a,
0xd9, 0x54, 0x26, 0xdb, 0x6d, 0xfa, 0xac, 0xbb, 0xff, 0x25, 0x4c, 0xc4,
0xd1, 0x79, 0xf4, 0x71, 0xd3, 0x86, 0x40, 0x18, 0x13, 0xb0, 0x63, 0xb5,
0x72, 0x4e, 0x30, 0xc4, 0x97, 0x84, 0x86, 0x2d, 0x56, 0x2f, 0xd7, 0x15,
0xf7, 0x7f, 0xc0, 0xae, 0xf5, 0xfc, 0x5b, 0xe5, 0xfb, 0xa1, 0xba, 0xd3,
0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x81, 0x8e, 0x30, 0x81, 0x8b, 0x30,
0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01,
0xff, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x15, 0x30, 0x13,
0x82, 0x0b, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f,
0x6d, 0x87, 0x04, 0x7f, 0x00, 0x00, 0x01, 0x30, 0x1d, 0x06, 0x03, 0x55,
0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x33, 0xd8, 0x45, 0x66, 0xd7, 0x68,
0x87, 0x18, 0x7e, 0x54, 0x0d, 0x70, 0x27, 0x91, 0xc7, 0x26, 0xd7, 0x85,
0x65, 0xc0, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30,
0x16, 0x80, 0x14, 0x33, 0xd8, 0x45, 0x66, 0xd7, 0x68, 0x87, 0x18, 0x7e,
0x54, 0x0d, 0x70, 0x27, 0x91, 0xc7, 0x26, 0xd7, 0x85, 0x65, 0xc0, 0x30,
0x1d, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08,
0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06,
0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86,
0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01,
0x01, 0x00, 0x98, 0x2a, 0x3d, 0x94, 0x37, 0xae, 0xd6, 0x28, 0x12, 0xed,
0x6d, 0x95, 0xc9, 0x05, 0x89, 0x4b, 0x5c, 0x5e, 0x88, 0xed, 0x9e, 0x14,
0x89, 0x79, 0x65, 0x7b, 0x5c, 0xdb, 0xcd, 0x21, 0xc5, 0xfc, 0x7a, 0x05,
0xd2, 0x33, 0x54, 0xa1, 0x1b, 0xb2, 0xc6, 0xd8, 0x3e, 0x88, 0x7d, 0x58,
0xfd, 0xd0, 0xca, 0x71, 0x58, 0xd5, 0x37, 0x81, 0xe0, 0xef, 0x65, 0xfc,
0x1b, 0xf1, 0x5d, 0xdd, 0x26, 0x68, 0x12, 0xfb, 0x12, 0x24, 0xd5, 0x45,
0x4f, 0x41, 0xad, 0xee, 0x3f, 0x16, 0x40, 0xb2, 0x59, 0xe6, 0x5b, 0x76,
0xe7, 0x47, 0x11, 0xa4, 0xe1, 0x2f, 0x0d, 0xe8, 0x13, 0x13, 0x49, 0xb0,
0x01, 0x11, 0x15, 0xb5, 0xb3, 0x93, 0x4f, 0x28, 0xdc, 0xd0, 0x30, 0x03,
0x48, 0x02, 0x95, 0x2d, 0xd9, 0x26, 0x87, 0x1f, 0x19, 0xa1, 0x03, 0x5c,
0x7c, 0xde, 0x54, 0xd4, 0x98, 0x85, 0x34, 0xcc, 0x54, 0xf1, 0x24, 0x43,
0xa6, 0x87, 0xfa, 0xb6, 0x62, 0xee, 0xa3, 0x4a, 0xb3, 0xce, 0x1c, 0x2e,
0xbf, 0x94, 0xef, 0x4c, 0x75, 0x75, 0x55, 0x1d, 0xc9, 0xc2, 0xe4, 0xe5,
0x24, 0xb2, 0x0a, 0x93, 0xf0, 0xff, 0x2e, 0x43, 0x99, 0xad, 0x4e, 0x83,
0x11, 0x52, 0xf4, 0xb9, 0x92, 0x30, 0xe1, 0x02, 0x2f, 0xa5, 0xf2, 0x21,
0xb1, 0xf4, 0xe9, 0x57, 0xbd, 0xba, 0x17, 0x56, 0xd7, 0x31, 0xcb, 0x63,
0xa3, 0xd5, 0xcf, 0xc9, 0xd9, 0xa6, 0x4f, 0x51, 0x6c, 0x52, 0x4c, 0x53,
0x88, 0x9a, 0x2e, 0xb9, 0x72, 0x02, 0x6e, 0x1b, 0x21, 0x93, 0xa1, 0x88,
0x1b, 0x35, 0x0e, 0x9e, 0x2b, 0x63, 0x81, 0xba, 0xb4, 0x6b, 0x28, 0x01,
0x56, 0xe1, 0x0e, 0x13, 0x73, 0xf6, 0xd6, 0xa0, 0xd2, 0xfd, 0xc9, 0x4d,
0xbd, 0xa8, 0xa9, 0x22, 0x9e, 0xc7, 0x13, 0x76, 0x5a, 0x9c, 0xd3, 0x9a,
0xf4, 0x0c, 0x52, 0xe6, 0x47, 0xcb
#endif
}; };
printf(testingFmt, "wolfSSL_X509_sign2"); printf(testingFmt, "wolfSSL_X509_sign2");
@@ -37504,7 +37599,7 @@ static void test_wolfSSL_i2t_ASN1_OBJECT(void)
static void test_wolfSSL_PEM_write_bio_X509(void) static void test_wolfSSL_PEM_write_bio_X509(void)
{ {
#if defined(OPENSSL_EXTRA) && \ #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_AKID_NAME) && \
defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)
/* This test contains the hard coded expected /* This test contains the hard coded expected
* lengths. Update if necessary */ * lengths. Update if necessary */

39
wolfcrypt/src/asn.c
View File

@@ -74,6 +74,8 @@ ASN Options:
* WOLFSSL_ASN_TEMPLATE_TYPE_CHECK: Use ASN functions to better test compiler * WOLFSSL_ASN_TEMPLATE_TYPE_CHECK: Use ASN functions to better test compiler
type issues for testing type issues for testing
* CRLDP_VALIDATE_DATA: For ASN template only, validates the reason data * CRLDP_VALIDATE_DATA: For ASN template only, validates the reason data
* WOLFSSL_AKID_NAME: Enable support for full AuthorityKeyIdentifier extension.
* Only supports copying full AKID from an existing certificate.
*/ */
#ifndef NO_ASN #ifndef NO_ASN
@@ -14952,8 +14954,10 @@ static int DecodeAuthKeyId(const byte* input, int sz, DecodedCert* cert)
} }
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
#ifdef WOLFSSL_AKID_NAME
cert->extRawAuthKeyIdSrc = input; cert->extRawAuthKeyIdSrc = input;
cert->extRawAuthKeyIdSz = sz; cert->extRawAuthKeyIdSz = sz;
#endif
cert->extAuthKeyIdSrc = &input[idx]; cert->extAuthKeyIdSrc = &input[idx];
cert->extAuthKeyIdSz = length; cert->extAuthKeyIdSz = length;
#endif /* OPENSSL_EXTRA */ #endif /* OPENSSL_EXTRA */
@@ -14981,8 +14985,10 @@ static int DecodeAuthKeyId(const byte* input, int sz, DecodedCert* cert)
else { else {
#ifdef OPENSSL_EXTRA #ifdef OPENSSL_EXTRA
/* Store the authority key id. */ /* Store the authority key id. */
#ifdef WOLFSSL_AKID_NAME
cert->extRawAuthKeyIdSrc = input; cert->extRawAuthKeyIdSrc = input;
cert->extRawAuthKeyIdSz = sz; cert->extRawAuthKeyIdSz = sz;
#endif
GetASN_GetConstRef(&dataASN[1], &cert->extAuthKeyIdSrc, GetASN_GetConstRef(&dataASN[1], &cert->extAuthKeyIdSrc,
&cert->extAuthKeyIdSz); &cert->extAuthKeyIdSz);
#endif /* OPENSSL_EXTRA */ #endif /* OPENSSL_EXTRA */
@@ -20031,7 +20037,11 @@ typedef struct DerCert {
byte extensions[MAX_EXTENSIONS_SZ]; /* all extensions */ byte extensions[MAX_EXTENSIONS_SZ]; /* all extensions */
#ifdef WOLFSSL_CERT_EXT #ifdef WOLFSSL_CERT_EXT
byte skid[MAX_KID_SZ]; /* Subject Key Identifier extension */ byte skid[MAX_KID_SZ]; /* Subject Key Identifier extension */
byte akid[MAX_KID_SZ + sizeof(CertName)]; /* Authority Key Identifier extension */ byte akid[MAX_KID_SZ
#ifdef WOLFSSL_AKID_NAME
+ sizeof(CertName) + CTC_SERIAL_SIZE
#endif
]; /* Authority Key Identifier extension */
byte keyUsage[MAX_KEYUSAGE_SZ]; /* Key Usage extension */ byte keyUsage[MAX_KEYUSAGE_SZ]; /* Key Usage extension */
byte extKeyUsage[MAX_EXTKEYUSAGE_SZ]; /* Extended Key Usage extension */ byte extKeyUsage[MAX_EXTKEYUSAGE_SZ]; /* Extended Key Usage extension */
#ifndef IGNORE_NETSCAPE_CERT_TYPE #ifndef IGNORE_NETSCAPE_CERT_TYPE
@@ -21031,14 +21041,19 @@ static int SetAKID(byte* output, word32 outSz, byte *input, word32 length,
const byte akid_cs[] = { 0x80 }; const byte akid_cs[] = { 0x80 };
word32 idx; word32 idx;
(void)rawAkid;
if (output == NULL || input == NULL) if (output == NULL || input == NULL)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
#ifdef WOLFSSL_AKID_NAME
if (rawAkid) { if (rawAkid) {
enc_val = input; enc_val = input;
enc_valSz = length; enc_valSz = length;
} }
else { else
#endif
{
enc_val = enc_val_buf; enc_val = enc_val_buf;
enc_valSz = length + 3 + sizeof(akid_cs); enc_valSz = length + 3 + sizeof(akid_cs);
if (enc_valSz > (int)sizeof(enc_val_buf)) if (enc_valSz > (int)sizeof(enc_val_buf))
@@ -22843,13 +22858,25 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
/* AKID */ /* AKID */
if (cert->akidSz) { if (cert->akidSz) {
/* check the provided AKID size */ /* check the provided AKID size */
if ((!cert->rawAkid && if ((
cert->akidSz > (int)min(CTC_MAX_AKID_SIZE, sizeof(der->akid))) || #ifdef WOLFSSL_AKID_NAME
(cert->rawAkid && cert->akidSz > (int)sizeof(der->akid))) !cert->rawAkid &&
#endif
cert->akidSz > (int)min(CTC_MAX_AKID_SIZE, sizeof(der->akid)))
#ifdef WOLFSSL_AKID_NAME
|| (cert->rawAkid && cert->akidSz > (int)sizeof(der->akid))
#endif
)
return AKID_E; return AKID_E;
der->akidSz = SetAKID(der->akid, sizeof(der->akid), cert->akid, der->akidSz = SetAKID(der->akid, sizeof(der->akid), cert->akid,
cert->akidSz, cert->rawAkid); cert->akidSz,
#ifdef WOLFSSL_AKID_NAME
cert->rawAkid
#else
0
#endif
);
if (der->akidSz <= 0) if (der->akidSz <= 0)
return AKID_E; return AKID_E;

2
wolfssl/wolfcrypt/asn.h
View File

@@ -1441,8 +1441,10 @@ struct DecodedCert {
const byte* extExtKeyUsageSrc; const byte* extExtKeyUsageSrc;
word32 extExtKeyUsageSz; word32 extExtKeyUsageSz;
word32 extExtKeyUsageCount; word32 extExtKeyUsageCount;
#ifdef WOLFSSL_AKID_NAME
const byte* extRawAuthKeyIdSrc; const byte* extRawAuthKeyIdSrc;
word32 extRawAuthKeyIdSz; word32 extRawAuthKeyIdSz;
#endif
const byte* extAuthKeyIdSrc; const byte* extAuthKeyIdSrc;
word32 extAuthKeyIdSz; word32 extAuthKeyIdSz;
const byte* extSubjKeyIdSrc; const byte* extSubjKeyIdSrc;

8
wolfssl/wolfcrypt/asn_public.h
View File

@@ -363,13 +363,19 @@ typedef struct Cert {
#ifdef WOLFSSL_CERT_EXT #ifdef WOLFSSL_CERT_EXT
byte skid[CTC_MAX_SKID_SIZE]; /* Subject Key Identifier */ byte skid[CTC_MAX_SKID_SIZE]; /* Subject Key Identifier */
int skidSz; /* SKID size in bytes */ int skidSz; /* SKID size in bytes */
byte akid[CTC_MAX_AKID_SIZE + sizeof(CertName)]; /* Authority Key byte akid[CTC_MAX_AKID_SIZE
#ifdef WOLFSSL_AKID_NAME
+ sizeof(CertName) + CTC_SERIAL_SIZE
#endif
]; /* Authority Key
* Identifier */ * Identifier */
int akidSz; /* AKID size in bytes */ int akidSz; /* AKID size in bytes */
#ifdef WOLFSSL_AKID_NAME
byte rawAkid; /* Set to true if akid is a byte rawAkid; /* Set to true if akid is a
* AuthorityKeyIdentifier object. * AuthorityKeyIdentifier object.
* Set to false if akid is just a * Set to false if akid is just a
* KeyIdentifier object. */ * KeyIdentifier object. */
#endif
word16 keyUsage; /* Key Usage */ word16 keyUsage; /* Key Usage */
byte extKeyUsage; /* Extended Key Usage */ byte extKeyUsage; /* Extended Key Usage */
#ifndef IGNORE_NETSCAPE_CERT_TYPE #ifndef IGNORE_NETSCAPE_CERT_TYPE