mirror of https://github.com/wolfSSL/wolfssl
itterate through certificates with PKCS7
This commit is contained in:
parent
19ce41c3cc
commit
a196fac0c2
|
@ -970,6 +970,11 @@ static int wc_PKCS7_SetHashType(PKCS7* pkcs7, enum wc_HashType* type)
|
|||
|
||||
switch (pkcs7->hashOID) {
|
||||
|
||||
#ifndef NO_MD5
|
||||
case MD5h:
|
||||
*type = WC_HASH_TYPE_MD5;
|
||||
break;
|
||||
#endif
|
||||
#ifndef NO_SHA
|
||||
case SHAh:
|
||||
*type = WC_HASH_TYPE_SHA;
|
||||
|
@ -1956,6 +1961,30 @@ int wc_PKCS7_VerifySignedData(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz)
|
|||
|
||||
/* This will reset PKCS7 structure and then set the certificate */
|
||||
wc_PKCS7_InitWithCert(pkcs7, cert, certSz);
|
||||
|
||||
/* iterate through any additional certificates */
|
||||
if (MAX_PKCS7_CERTS > 0) {
|
||||
word32 localIdx;
|
||||
int sz = 0;
|
||||
int i;
|
||||
|
||||
pkcs7->cert[0] = cert;
|
||||
pkcs7->certSz[0] = certSz;
|
||||
certIdx = idx + certSz;
|
||||
|
||||
for (i = 1; i < MAX_PKCS7_CERTS && certIdx + 1 < pkiMsgSz; i++) {
|
||||
localIdx = certIdx;
|
||||
|
||||
if (pkiMsg[certIdx++] == (ASN_CONSTRUCTED | ASN_SEQUENCE)) {
|
||||
if (GetLength(pkiMsg, &certIdx, &sz, pkiMsgSz) < 0)
|
||||
return ASN_PARSE_E;
|
||||
|
||||
pkcs7->cert[i] = &pkiMsg[localIdx];
|
||||
pkcs7->certSz[i] = sz + (certIdx - localIdx);
|
||||
certIdx += sz;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
idx += length;
|
||||
}
|
||||
|
|
|
@ -43,6 +43,11 @@
|
|||
extern "C" {
|
||||
#endif
|
||||
|
||||
/* Max number of certificates that PKCS7 structure can parse */
|
||||
#ifndef MAX_PKCS7_CERTS
|
||||
#define MAX_PKCS7_CERTS 4
|
||||
#endif
|
||||
|
||||
/* PKCS#7 content types, ref RFC 2315 (Section 14) */
|
||||
enum PKCS7_TYPES {
|
||||
PKCS7_MSG = 650, /* 1.2.840.113549.1.7 */
|
||||
|
@ -100,6 +105,8 @@ typedef struct PKCS7 {
|
|||
int keyAgreeOID; /* key agreement algorithm OID */
|
||||
|
||||
void* heap; /* heap hint for dynamic memory */
|
||||
byte* cert[MAX_PKCS7_CERTS];
|
||||
word32 certSz[MAX_PKCS7_CERTS];
|
||||
byte* singleCert; /* recipient cert, DER, not owner */
|
||||
word32 singleCertSz; /* size of recipient cert buffer, bytes */
|
||||
byte issuerHash[KEYID_SIZE]; /* hash of all alt Names */
|
||||
|
|
Loading…
Reference in New Issue