wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 18:57:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2077 from ejohnstown/ocsp-ecdsa

Browse Source 
OCSP and ECDSA Signers
This commit is contained in:
Kaleb Himes
2019-02-12 09:50:37 -07:00
committed by GitHub
parent feae776ee3 6298074f93
commit f824c8c769
3 changed files with 32 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/ssl.c
View File

@ -4237,6 +4237,10 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
#endif
XMEMCPY(signer->subjectNameHash, cert->subjectHash,
SIGNER_DIGEST_SIZE);
#ifdef HAVE_OCSP
XMEMCPY(signer->subjectKeyHash, cert->subjectKeyHash,
KEYID_SIZE);
#endif
signer->keyUsage = cert->extKeyUsageSet ? cert->extKeyUsage
: 0xFFFF;
signer->next = NULL; /* If Key Usage not set, all uses valid. */

44
wolfcrypt/src/asn.c
View File

@ -4337,11 +4337,19 @@ static int GetKey(DecodedCert* cert)
case RSAk:
{
int ret;
ret = CheckBitString(cert->source, &cert->srcIdx, NULL,
ret = CheckBitString(cert->source, &cert->srcIdx, &length,
cert->maxIdx, 1, NULL);
if (ret != 0)
return ret;
#ifdef HAVE_OCSP
ret = CalcHashId(cert->source + cert->srcIdx, length,
cert->subjectKeyHash);
if (ret != 0)
return ret;
#endif
return StoreRsaKey(cert);
}
@ -4434,6 +4442,12 @@ static int GetKey(DecodedCert* cert)
cert->maxIdx, 1, NULL);
if (ret != 0)
return ret;
#ifdef HAVE_OCSP
ret = CalcHashId(cert->source + cert->srcIdx, length,
cert->subjectKeyHash);
if (ret != 0)
return ret;
#endif
}
publicKey = (byte*)XMALLOC(pubLen, cert->heap,
@ -4463,6 +4477,13 @@ static int GetKey(DecodedCert* cert)
if (ret != 0)
return ret;
#ifdef HAVE_OCSP
ret = CalcHashId(cert->source + cert->srcIdx, length,
cert->subjectKeyHash);
if (ret != 0)
return ret;
#endif
publicKey = (byte*) XMALLOC(length, cert->heap,
DYNAMIC_TYPE_PUBLIC_KEY);
if (publicKey == NULL)
@ -8076,10 +8097,7 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
#ifdef HAVE_OCSP
/* Need the CA's public key hash for OCSP */
ret = CalcHashId(cert->ca->publicKey, cert->ca->pubKeySize,
cert->issuerKeyHash);
if (ret != 0)
return ret;
XMEMCPY(cert->issuerKeyHash, cert->ca->subjectKeyHash, KEYID_SIZE);
#endif /* HAVE_OCSP */
}
}
@ -8139,21 +8157,7 @@ Signer* MakeSigner(void* heap)
Signer* signer = (Signer*) XMALLOC(sizeof(Signer), heap,
DYNAMIC_TYPE_SIGNER);
if (signer) {
signer->pubKeySize = 0;
signer->keyOID = 0;
signer->publicKey = NULL;
signer->nameLen = 0;
signer->name = NULL;
#ifndef IGNORE_NAME_CONSTRAINTS
signer->permittedNames = NULL;
signer->excludedNames = NULL;
#endif /* IGNORE_NAME_CONSTRAINTS */
signer->pathLengthSet = 0;
signer->pathLength = 0;
#ifdef WOLFSSL_SIGNER_DER_CERT
signer->derCert = NULL;
#endif
signer->next = NULL;
XMEMSET(signer, 0, sizeof(Signer));
}
(void)heap;

4
wolfssl/wolfcrypt/asn.h
View File

@ -696,6 +696,7 @@ struct DecodedCert {
byte subjectHash[KEYID_SIZE]; /* hash of all Names */
byte issuerHash[KEYID_SIZE]; /* hash of all Names */
#ifdef HAVE_OCSP
byte subjectKeyHash[KEYID_SIZE]; /* hash of the public Key */
byte issuerKeyHash[KEYID_SIZE]; /* hash of the public Key */
#endif /* HAVE_OCSP */
const byte* signature; /* not owned, points into raw cert */
@ -874,6 +875,9 @@ struct Signer {
byte subjectKeyIdHash[SIGNER_DIGEST_SIZE];
/* sha hash of names in certificate */
#endif
#ifdef HAVE_OCSP
byte subjectKeyHash[KEYID_SIZE];
#endif
#ifdef WOLFSSL_SIGNER_DER_CERT
DerBuffer* derCert;
#endif