mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #7004 from julek-wolfssl/zd/17033

Browse Source 
x509 AIA: store the first OCSP and CA Issuer URI's
This commit is contained in:
JacobBarthelmeh 2023-12-05 14:08:43 -07:00 committed by GitHub
commit 223d8c9a10
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 12 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
wolfcrypt/src/asn.c
View File

@ -18961,7 +18961,6 @@ static int DecodeAuthInfo(const byte* input, word32 sz, DecodedCert* cert)
#ifndef WOLFSSL_ASN_TEMPLATE
word32 idx = 0;
int length = 0;
int count = 0;
byte b = 0;
word32 oid;
@ -18971,7 +18970,7 @@ static int DecodeAuthInfo(const byte* input, word32 sz, DecodedCert* cert)
if (GetSequence(input, &idx, &length, sz) < 0)
return ASN_PARSE_E;
while ((idx < (word32)sz) && (count < MAX_AIA_SZ)) {
while ((idx < (word32)sz)) {
/* Unwrap a single AIA */
if (GetSequence(input, &idx, &length, sz) < 0)
return ASN_PARSE_E;
@ -18989,23 +18988,22 @@ static int DecodeAuthInfo(const byte* input, word32 sz, DecodedCert* cert)
return ASN_PARSE_E;
/* Set ocsp entry */
if (b == GENERALNAME_URI && oid == AIA_OCSP_OID)
if (b == GENERALNAME_URI && oid == AIA_OCSP_OID &&
cert->extAuthInfo == NULL)
{
cert->extAuthInfoSz = length;
cert->extAuthInfo = input + idx;
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
count++;
#else
#if !defined(OPENSSL_ALL) && !defined(WOLFSSL_QT)
break;
#endif
}
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
/* Set CaIssuers entry */
else if ((b == GENERALNAME_URI) && oid == AIA_CA_ISSUER_OID)
else if ((b == GENERALNAME_URI) && oid == AIA_CA_ISSUER_OID &&
cert->extAuthInfoCaIssuer == NULL)
{
cert->extAuthInfoCaIssuerSz = length;
cert->extAuthInfoCaIssuer = input + idx;
count++;
}
#endif
idx += (word32)length;
@ -19015,7 +19013,6 @@ static int DecodeAuthInfo(const byte* input, word32 sz, DecodedCert* cert)
#else
word32 idx = 0;
int length = 0;
int count = 0;
int ret = 0;
WOLFSSL_ENTER("DecodeAuthInfo");
@ -19025,7 +19022,7 @@ static int DecodeAuthInfo(const byte* input, word32 sz, DecodedCert* cert)
ret = ASN_PARSE_E;
}
while ((ret == 0) && (idx < (word32)sz) && (count < MAX_AIA_SZ)) {
while ((ret == 0) && (idx < (word32)sz)) {
ASNGetData dataASN[accessDescASN_Length];
/* Clear dynamic data and retrieve OID and name. */
@ -19040,14 +19037,13 @@ static int DecodeAuthInfo(const byte* input, word32 sz, DecodedCert* cert)
/* Check we have OCSP and URI. */
if ((dataASN[ACCESSDESCASN_IDX_METH].data.oid.sum == AIA_OCSP_OID) &&
(dataASN[ACCESSDESCASN_IDX_LOC].tag == GENERALNAME_URI)) {
(dataASN[ACCESSDESCASN_IDX_LOC].tag == GENERALNAME_URI) &&
(cert->extAuthInfo == NULL)) {
/* Store URI for OCSP lookup. */
GetASN_GetConstRef(&dataASN[ACCESSDESCASN_IDX_LOC],
&cert->extAuthInfo, &sz32);
cert->extAuthInfoSz = (int)sz32;
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
count++;
#else
#if !defined(OPENSSL_ALL) && !defined(WOLFSSL_QT)
break;
#endif
}
@ -19055,12 +19051,12 @@ static int DecodeAuthInfo(const byte* input, word32 sz, DecodedCert* cert)
/* Check we have CA Issuer and URI. */
else if ((dataASN[ACCESSDESCASN_IDX_METH].data.oid.sum ==
AIA_CA_ISSUER_OID) &&
(dataASN[ACCESSDESCASN_IDX_LOC].tag == GENERALNAME_URI)) {
(dataASN[ACCESSDESCASN_IDX_LOC].tag == GENERALNAME_URI) &&
(cert->extAuthInfoCaIssuer == NULL)) {
/* Set CaIssuers entry */
GetASN_GetConstRef(&dataASN[ACCESSDESCASN_IDX_LOC],
&cert->extAuthInfoCaIssuer, &sz32);
cert->extAuthInfoCaIssuerSz = (int)sz32;
count++;
}
#endif
/* Otherwise skip. */

1
wolfssl/wolfcrypt/asn.h
View File

@ -1004,7 +1004,6 @@ enum Misc_ASN {
MAX_CERTPOL_NB = CTC_MAX_CERTPOL_NB,/* Max number of Cert Policy */
MAX_CERTPOL_SZ = CTC_MAX_CERTPOL_SZ,
#endif
MAX_AIA_SZ = 2, /* Max Authority Info Access extension size*/
OCSP_NONCE_EXT_SZ = 35, /* OCSP Nonce Extension size */
MAX_OCSP_EXT_SZ = 58, /* Max OCSP Extension length */
MAX_OCSP_NONCE_SZ = 16, /* OCSP Nonce size */