Saved original SKID and AKID from certificate for later use with X.509 functions.
This commit is contained in:
parent
0fd6aed9b6
commit
4377996d87
@ -1314,6 +1314,10 @@ void InitDecodedCert(DecodedCert* cert, byte* source, word32 inSz, void* heap)
|
||||
cert->extKeyUsageSet = 0;
|
||||
cert->extKeyUsageCrit = 0;
|
||||
cert->extKeyUsage = 0;
|
||||
cert->extAuthKeyIdSrc = NULL;
|
||||
cert->extAuthKeyIdSz = 0;
|
||||
cert->extSubjKeyIdSrc = NULL;
|
||||
cert->extSubjKeyIdSz = 0;
|
||||
#ifdef HAVE_ECC
|
||||
cert->pkCurveOID = 0;
|
||||
#endif /* HAVE_ECC */
|
||||
@ -3077,6 +3081,11 @@ static void DecodeAuthKeyId(byte* input, int sz, DecodedCert* cert)
|
||||
return;
|
||||
}
|
||||
|
||||
#ifdef OPENSSL_EXTRA
|
||||
cert->extAuthKeyIdSrc = &input[idx];
|
||||
cert->extAuthKeyIdSz = length;
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
|
||||
if (length == SHA_SIZE) {
|
||||
XMEMCPY(cert->extAuthKeyId, input + idx, length);
|
||||
}
|
||||
@ -3108,6 +3117,11 @@ static void DecodeSubjKeyId(byte* input, int sz, DecodedCert* cert)
|
||||
return;
|
||||
}
|
||||
|
||||
#ifdef OPENSSL_EXTRA
|
||||
cert->extSubjKeyIdSrc = &input[idx];
|
||||
cert->extSubjKeyIdSz = length;
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
|
||||
if (length == SIGNER_DIGEST_SIZE) {
|
||||
XMEMCPY(cert->extSubjKeyId, input + idx, length);
|
||||
}
|
||||
@ -3420,7 +3434,6 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
|
||||
InitSha(&sha);
|
||||
ShaUpdate(&sha, cert->publicKey, cert->pubKeySize);
|
||||
ShaFinal(&sha, cert->extSubjKeyId);
|
||||
cert->extSubjKeyIdSet = 1;
|
||||
}
|
||||
#endif
|
||||
|
||||
|
@ -323,6 +323,10 @@ struct DecodedCert {
|
||||
byte extKeyUsageSet;
|
||||
byte extKeyUsageCrit;
|
||||
word16 extKeyUsage; /* Key usage bitfield */
|
||||
byte* extAuthKeyIdSrc;
|
||||
word32 extAuthKeyIdSz;
|
||||
byte* extSubjKeyIdSrc;
|
||||
word32 extSubjKeyIdSz;
|
||||
#ifdef HAVE_ECC
|
||||
word32 pkCurveOID; /* Public Key's curve OID */
|
||||
#endif /* HAVE_ECC */
|
||||
|
@ -1692,10 +1692,12 @@ struct CYASSL_X509 {
|
||||
byte subjAltNameCrit;
|
||||
byte authKeyIdSet;
|
||||
byte authKeyIdCrit;
|
||||
byte authKeyId[SHA_SIZE];
|
||||
byte* authKeyId;
|
||||
word32 authKeyIdSz;
|
||||
byte subjKeyIdSet;
|
||||
byte subjKeyIdCrit;
|
||||
byte subjKeyId[SHA_SIZE];
|
||||
byte* subjKeyId;
|
||||
word32 subjKeyIdSz;
|
||||
byte keyUsageSet;
|
||||
byte keyUsageCrit;
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
|
@ -1281,10 +1281,12 @@ void InitX509(CYASSL_X509* x509, int dynamicFlag)
|
||||
x509->subjAltNameCrit = 0;
|
||||
x509->authKeyIdSet = 0;
|
||||
x509->authKeyIdCrit = 0;
|
||||
XMEMSET(x509->authKeyId, 0, SHA_SIZE);
|
||||
x509->authKeyId = NULL;
|
||||
x509->authKeyIdSz = 0;
|
||||
x509->subjKeyIdSet = 0;
|
||||
x509->subjKeyIdCrit = 0;
|
||||
XMEMSET(x509->subjKeyId, 0, SHA_SIZE);
|
||||
x509->subjKeyId = NULL;
|
||||
x509->subjKeyIdSz = 0;
|
||||
x509->keyUsageSet = 0;
|
||||
x509->keyUsageCrit = 0;
|
||||
x509->keyUsage = 0;
|
||||
@ -1311,6 +1313,10 @@ void FreeX509(CYASSL_X509* x509)
|
||||
XFREE(x509->pubKey.buffer, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
|
||||
XFREE(x509->derCert.buffer, NULL, DYNAMIC_TYPE_SUBJECT_CN);
|
||||
XFREE(x509->sig.buffer, NULL, 0);
|
||||
#ifdef OPENSSL_EXTRA
|
||||
XFREE(x509->authKeyId, NULL, 0);
|
||||
XFREE(x509->subjKeyId, NULL, 0);
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
if (x509->altNames)
|
||||
FreeAltNames(x509->altNames, NULL);
|
||||
if (x509->dynamicMemory)
|
||||
@ -3193,10 +3199,28 @@ int CopyDecodedToX509(CYASSL_X509* x509, DecodedCert* dCert)
|
||||
x509->subjAltNameCrit = dCert->extSubjAltNameCrit;
|
||||
x509->authKeyIdSet = dCert->extAuthKeyIdSet;
|
||||
x509->authKeyIdCrit = dCert->extAuthKeyIdCrit;
|
||||
XMEMCPY(x509->authKeyId, dCert->extAuthKeyId, SHA_SIZE);
|
||||
if (dCert->extAuthKeyIdSrc != NULL && dCert->extAuthKeyIdSz != 0) {
|
||||
x509->authKeyId = (byte*)XMALLOC(dCert->extAuthKeyIdSz, NULL, 0);
|
||||
if (x509->authKeyId != NULL) {
|
||||
XMEMCPY(x509->authKeyId,
|
||||
dCert->extAuthKeyIdSrc, dCert->extAuthKeyIdSz);
|
||||
x509->authKeyIdSz = dCert->extAuthKeyIdSz;
|
||||
}
|
||||
else
|
||||
ret = MEMORY_E;
|
||||
}
|
||||
x509->subjKeyIdSet = dCert->extSubjKeyIdSet;
|
||||
x509->subjKeyIdCrit = dCert->extSubjKeyIdCrit;
|
||||
XMEMCPY(x509->subjKeyId, dCert->extSubjKeyId, SHA_SIZE);
|
||||
if (dCert->extSubjKeyIdSrc != NULL && dCert->extSubjKeyIdSz != 0) {
|
||||
x509->subjKeyId = (byte*)XMALLOC(dCert->extSubjKeyIdSz, NULL, 0);
|
||||
if (x509->subjKeyId != NULL) {
|
||||
XMEMCPY(x509->subjKeyId,
|
||||
dCert->extSubjKeyIdSrc, dCert->extSubjKeyIdSz);
|
||||
x509->subjKeyIdSz = dCert->extSubjKeyIdSz;
|
||||
}
|
||||
else
|
||||
ret = MEMORY_E;
|
||||
}
|
||||
x509->keyUsageSet = dCert->extKeyUsageSet;
|
||||
x509->keyUsageCrit = dCert->extKeyUsageCrit;
|
||||
#ifdef HAVE_ECC
|
||||
|
14
src/ssl.c
14
src/ssl.c
@ -7209,13 +7209,16 @@ int CyaSSL_set_compression(CYASSL* ssl)
|
||||
CYASSL_X509* x509, byte* dst, int* dstLen)
|
||||
{
|
||||
byte *id = NULL;
|
||||
int copySz = min(dstLen != NULL ? *dstLen : 0, SHA_SIZE);
|
||||
int copySz = 0;
|
||||
|
||||
CYASSL_ENTER("CyaSSL_X509_get_authorityKeyID");
|
||||
|
||||
if (x509 != NULL) {
|
||||
if (x509->authKeyIdSet)
|
||||
if (x509->authKeyIdSet) {
|
||||
copySz = min(dstLen != NULL ? *dstLen : 0,
|
||||
(int)x509->authKeyIdSz);
|
||||
id = x509->authKeyId;
|
||||
}
|
||||
|
||||
if (dst != NULL && dstLen != NULL && id != NULL && copySz > 0) {
|
||||
XMEMCPY(dst, id, copySz);
|
||||
@ -7234,13 +7237,16 @@ int CyaSSL_set_compression(CYASSL* ssl)
|
||||
CYASSL_X509* x509, byte* dst, int* dstLen)
|
||||
{
|
||||
byte *id = NULL;
|
||||
int copySz = min(dstLen != NULL ? *dstLen : 0, SHA_SIZE);
|
||||
int copySz = 0;
|
||||
|
||||
CYASSL_ENTER("CyaSSL_X509_get_subjectKeyID");
|
||||
|
||||
if (x509 != NULL) {
|
||||
if (x509->subjKeyIdSet)
|
||||
if (x509->subjKeyIdSet) {
|
||||
copySz = min(dstLen != NULL ? *dstLen : 0,
|
||||
(int)x509->subjKeyIdSz);
|
||||
id = x509->subjKeyId;
|
||||
}
|
||||
|
||||
if (dst != NULL && dstLen != NULL && id != NULL && copySz > 0) {
|
||||
XMEMCPY(dst, id, copySz);
|
||||
|
Loading…
Reference in New Issue
Block a user