mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #5095 from haydenroche5/decoded_cert_crit_fields

Browse Source 
Make the critical extension flags in DecodedCert always available.
This commit is contained in:
David Garske 2022-05-20 15:03:39 -07:00 committed by GitHub
commit 04ddd0abe4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 13 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
wolfcrypt/src/asn.c
View File

@ -16758,9 +16758,7 @@ static int DecodeExtensionType(const byte* input, int length, word32 oid,
/* Basic Constraints. */
case BASIC_CA_OID:
VERIFY_AND_SET_OID(cert->extBasicConstSet);
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
cert->extBasicConstCrit = critical;
#endif
cert->extBasicConstCrit = critical;
if (DecodeBasicCaConstraint(input, length, cert) < 0) {
ret = ASN_PARSE_E;
}
@ -16769,9 +16767,7 @@ static int DecodeExtensionType(const byte* input, int length, word32 oid,
/* CRL Distribution point. */
case CRL_DIST_OID:
VERIFY_AND_SET_OID(cert->extCRLdistSet);
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
cert->extCRLdistCrit = critical;
#endif
cert->extCRLdistCrit = critical;
if (DecodeCrlDist(input, length, cert) < 0) {
ret = ASN_PARSE_E;
}
@ -16780,9 +16776,7 @@ static int DecodeExtensionType(const byte* input, int length, word32 oid,
/* Authority information access. */
case AUTH_INFO_OID:
VERIFY_AND_SET_OID(cert->extAuthInfoSet);
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
cert->extAuthInfoCrit = critical;
#endif
cert->extAuthInfoCrit = critical;
if (DecodeAuthInfo(input, length, cert) < 0) {
ret = ASN_PARSE_E;
}
@ -16791,18 +16785,14 @@ static int DecodeExtensionType(const byte* input, int length, word32 oid,
/* Subject alternative name. */
case ALT_NAMES_OID:
VERIFY_AND_SET_OID(cert->extSubjAltNameSet);
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
cert->extSubjAltNameCrit = critical;
#endif
cert->extSubjAltNameCrit = critical;
ret = DecodeAltNames(input, length, cert);
break;
/* Authority Key Identifier. */
case AUTH_KEY_OID:
VERIFY_AND_SET_OID(cert->extAuthKeyIdSet);
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
cert->extAuthKeyIdCrit = critical;
#endif
cert->extAuthKeyIdCrit = critical;
#ifndef WOLFSSL_ALLOW_CRIT_SKID
/* This check is added due to RFC 5280 section 4.2.1.1
* stating that conforming CA's must mark this extension
@ -16822,9 +16812,7 @@ static int DecodeExtensionType(const byte* input, int length, word32 oid,
/* Subject Key Identifier. */
case SUBJ_KEY_OID:
VERIFY_AND_SET_OID(cert->extSubjKeyIdSet);
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
cert->extSubjKeyIdCrit = critical;
#endif
cert->extSubjKeyIdCrit = critical;
#ifndef WOLFSSL_ALLOW_CRIT_SKID
/* This check is added due to RFC 5280 section 4.2.1.2
* stating that conforming CA's must mark this extension
@ -16864,9 +16852,7 @@ static int DecodeExtensionType(const byte* input, int length, word32 oid,
/* Key usage. */
case KEY_USAGE_OID:
VERIFY_AND_SET_OID(cert->extKeyUsageSet);
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
cert->extKeyUsageCrit = critical;
#endif
cert->extKeyUsageCrit = critical;
if (DecodeKeyUsage(input, length, cert) < 0) {
ret = ASN_PARSE_E;
}
@ -16875,9 +16861,7 @@ static int DecodeExtensionType(const byte* input, int length, word32 oid,
/* Extended key usage. */
case EXT_KEY_USAGE_OID:
VERIFY_AND_SET_OID(cert->extExtKeyUsageSet);
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
cert->extExtKeyUsageCrit = critical;
#endif
cert->extExtKeyUsageCrit = critical;
if (DecodeExtKeyUsage(input, length, cert) < 0) {
ret = ASN_PARSE_E;
}
@ -16896,9 +16880,7 @@ static int DecodeExtensionType(const byte* input, int length, word32 oid,
}
#endif
VERIFY_AND_SET_OID(cert->extNameConstraintSet);
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
cert->extNameConstraintCrit = critical;
#endif
cert->extNameConstraintCrit = critical;
if (DecodeNameConstraints(input, length, cert) < 0) {
ret = ASN_PARSE_E;
}
@ -16930,9 +16912,7 @@ static int DecodeExtensionType(const byte* input, int length, word32 oid,
#endif
case POLICY_CONST_OID:
VERIFY_AND_SET_OID(cert->extPolicyConstSet);
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
cert->extPolicyConstCrit = critical;
#endif
cert->extPolicyConstCrit = critical;
if (DecodePolicyConstraints(&input[idx], length, cert) < 0)
return ASN_PARSE_E;
break;

8
wolfssl/wolfcrypt/asn.h
View File

@ -1705,20 +1705,18 @@ struct DecodedCert {
#if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT)
byte extCertPolicySet : 1;
#endif
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
byte extCRLdistCrit : 1;
byte extAuthInfoCrit : 1;
byte extBasicConstCrit : 1;
byte extPolicyConstCrit : 1;
byte extSubjAltNameCrit : 1;
byte extAuthKeyIdCrit : 1;
#ifndef IGNORE_NAME_CONSTRAINTS
byte extNameConstraintCrit : 1;
#endif
#ifndef IGNORE_NAME_CONSTRAINTS
byte extNameConstraintCrit : 1;
#endif
byte extSubjKeyIdCrit : 1;
byte extKeyUsageCrit : 1;
byte extExtKeyUsageCrit : 1;
#endif /* OPENSSL_EXTRA */
#if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT)
byte extCertPolicyCrit : 1;
#endif