Saved original SKID and AKID from certificate for later use with X.509 functions.

This commit is contained in:
John Safranek 2013-11-19 16:20:18 -08:00
parent 0fd6aed9b6
commit 4377996d87
5 changed files with 60 additions and 11 deletions

View File

@ -1314,6 +1314,10 @@ void InitDecodedCert(DecodedCert* cert, byte* source, word32 inSz, void* heap)
cert->extKeyUsageSet = 0;
cert->extKeyUsageCrit = 0;
cert->extKeyUsage = 0;
cert->extAuthKeyIdSrc = NULL;
cert->extAuthKeyIdSz = 0;
cert->extSubjKeyIdSrc = NULL;
cert->extSubjKeyIdSz = 0;
#ifdef HAVE_ECC
cert->pkCurveOID = 0;
#endif /* HAVE_ECC */
@ -3077,6 +3081,11 @@ static void DecodeAuthKeyId(byte* input, int sz, DecodedCert* cert)
return;
}
#ifdef OPENSSL_EXTRA
cert->extAuthKeyIdSrc = &input[idx];
cert->extAuthKeyIdSz = length;
#endif /* OPENSSL_EXTRA */
if (length == SHA_SIZE) {
XMEMCPY(cert->extAuthKeyId, input + idx, length);
}
@ -3108,6 +3117,11 @@ static void DecodeSubjKeyId(byte* input, int sz, DecodedCert* cert)
return;
}
#ifdef OPENSSL_EXTRA
cert->extSubjKeyIdSrc = &input[idx];
cert->extSubjKeyIdSz = length;
#endif /* OPENSSL_EXTRA */
if (length == SIGNER_DIGEST_SIZE) {
XMEMCPY(cert->extSubjKeyId, input + idx, length);
}
@ -3420,7 +3434,6 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
InitSha(&sha);
ShaUpdate(&sha, cert->publicKey, cert->pubKeySize);
ShaFinal(&sha, cert->extSubjKeyId);
cert->extSubjKeyIdSet = 1;
}
#endif

View File

@ -323,6 +323,10 @@ struct DecodedCert {
byte extKeyUsageSet;
byte extKeyUsageCrit;
word16 extKeyUsage; /* Key usage bitfield */
byte* extAuthKeyIdSrc;
word32 extAuthKeyIdSz;
byte* extSubjKeyIdSrc;
word32 extSubjKeyIdSz;
#ifdef HAVE_ECC
word32 pkCurveOID; /* Public Key's curve OID */
#endif /* HAVE_ECC */

View File

@ -1692,10 +1692,12 @@ struct CYASSL_X509 {
byte subjAltNameCrit;
byte authKeyIdSet;
byte authKeyIdCrit;
byte authKeyId[SHA_SIZE];
byte* authKeyId;
word32 authKeyIdSz;
byte subjKeyIdSet;
byte subjKeyIdCrit;
byte subjKeyId[SHA_SIZE];
byte* subjKeyId;
word32 subjKeyIdSz;
byte keyUsageSet;
byte keyUsageCrit;
#endif /* OPENSSL_EXTRA */

View File

@ -1281,10 +1281,12 @@ void InitX509(CYASSL_X509* x509, int dynamicFlag)
x509->subjAltNameCrit = 0;
x509->authKeyIdSet = 0;
x509->authKeyIdCrit = 0;
XMEMSET(x509->authKeyId, 0, SHA_SIZE);
x509->authKeyId = NULL;
x509->authKeyIdSz = 0;
x509->subjKeyIdSet = 0;
x509->subjKeyIdCrit = 0;
XMEMSET(x509->subjKeyId, 0, SHA_SIZE);
x509->subjKeyId = NULL;
x509->subjKeyIdSz = 0;
x509->keyUsageSet = 0;
x509->keyUsageCrit = 0;
x509->keyUsage = 0;
@ -1311,6 +1313,10 @@ void FreeX509(CYASSL_X509* x509)
XFREE(x509->pubKey.buffer, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
XFREE(x509->derCert.buffer, NULL, DYNAMIC_TYPE_SUBJECT_CN);
XFREE(x509->sig.buffer, NULL, 0);
#ifdef OPENSSL_EXTRA
XFREE(x509->authKeyId, NULL, 0);
XFREE(x509->subjKeyId, NULL, 0);
#endif /* OPENSSL_EXTRA */
if (x509->altNames)
FreeAltNames(x509->altNames, NULL);
if (x509->dynamicMemory)
@ -3193,10 +3199,28 @@ int CopyDecodedToX509(CYASSL_X509* x509, DecodedCert* dCert)
x509->subjAltNameCrit = dCert->extSubjAltNameCrit;
x509->authKeyIdSet = dCert->extAuthKeyIdSet;
x509->authKeyIdCrit = dCert->extAuthKeyIdCrit;
XMEMCPY(x509->authKeyId, dCert->extAuthKeyId, SHA_SIZE);
if (dCert->extAuthKeyIdSrc != NULL && dCert->extAuthKeyIdSz != 0) {
x509->authKeyId = (byte*)XMALLOC(dCert->extAuthKeyIdSz, NULL, 0);
if (x509->authKeyId != NULL) {
XMEMCPY(x509->authKeyId,
dCert->extAuthKeyIdSrc, dCert->extAuthKeyIdSz);
x509->authKeyIdSz = dCert->extAuthKeyIdSz;
}
else
ret = MEMORY_E;
}
x509->subjKeyIdSet = dCert->extSubjKeyIdSet;
x509->subjKeyIdCrit = dCert->extSubjKeyIdCrit;
XMEMCPY(x509->subjKeyId, dCert->extSubjKeyId, SHA_SIZE);
if (dCert->extSubjKeyIdSrc != NULL && dCert->extSubjKeyIdSz != 0) {
x509->subjKeyId = (byte*)XMALLOC(dCert->extSubjKeyIdSz, NULL, 0);
if (x509->subjKeyId != NULL) {
XMEMCPY(x509->subjKeyId,
dCert->extSubjKeyIdSrc, dCert->extSubjKeyIdSz);
x509->subjKeyIdSz = dCert->extSubjKeyIdSz;
}
else
ret = MEMORY_E;
}
x509->keyUsageSet = dCert->extKeyUsageSet;
x509->keyUsageCrit = dCert->extKeyUsageCrit;
#ifdef HAVE_ECC

View File

@ -7209,13 +7209,16 @@ int CyaSSL_set_compression(CYASSL* ssl)
CYASSL_X509* x509, byte* dst, int* dstLen)
{
byte *id = NULL;
int copySz = min(dstLen != NULL ? *dstLen : 0, SHA_SIZE);
int copySz = 0;
CYASSL_ENTER("CyaSSL_X509_get_authorityKeyID");
if (x509 != NULL) {
if (x509->authKeyIdSet)
if (x509->authKeyIdSet) {
copySz = min(dstLen != NULL ? *dstLen : 0,
(int)x509->authKeyIdSz);
id = x509->authKeyId;
}
if (dst != NULL && dstLen != NULL && id != NULL && copySz > 0) {
XMEMCPY(dst, id, copySz);
@ -7234,13 +7237,16 @@ int CyaSSL_set_compression(CYASSL* ssl)
CYASSL_X509* x509, byte* dst, int* dstLen)
{
byte *id = NULL;
int copySz = min(dstLen != NULL ? *dstLen : 0, SHA_SIZE);
int copySz = 0;
CYASSL_ENTER("CyaSSL_X509_get_subjectKeyID");
if (x509 != NULL) {
if (x509->subjKeyIdSet)
if (x509->subjKeyIdSet) {
copySz = min(dstLen != NULL ? *dstLen : 0,
(int)x509->subjKeyIdSz);
id = x509->subjKeyId;
}
if (dst != NULL && dstLen != NULL && id != NULL && copySz > 0) {
XMEMCPY(dst, id, copySz);