mirrors
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

itterate through certificates with PKCS7

This commit is contained in:
Jacob Barthelmeh 2018-02-05 10:52:54 -07:00
parent 19ce41c3cc
commit a196fac0c2
2 changed files with 36 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
wolfcrypt/src/pkcs7.c
View File

@ -970,6 +970,11 @@ static int wc_PKCS7_SetHashType(PKCS7* pkcs7, enum wc_HashType* type)
switch (pkcs7->hashOID) { switch (pkcs7->hashOID) {
#ifndef NO_MD5
case MD5h:
*type = WC_HASH_TYPE_MD5;
break;
#endif
#ifndef NO_SHA #ifndef NO_SHA
case SHAh: case SHAh:
*type = WC_HASH_TYPE_SHA; *type = WC_HASH_TYPE_SHA;
@ -1956,6 +1961,30 @@ int wc_PKCS7_VerifySignedData(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz)
/* This will reset PKCS7 structure and then set the certificate */ /* This will reset PKCS7 structure and then set the certificate */
wc_PKCS7_InitWithCert(pkcs7, cert, certSz); wc_PKCS7_InitWithCert(pkcs7, cert, certSz);
/* iterate through any additional certificates */
if (MAX_PKCS7_CERTS > 0) {
word32 localIdx;
int sz = 0;
int i;
pkcs7->cert[0] = cert;
pkcs7->certSz[0] = certSz;
certIdx = idx + certSz;
for (i = 1; i < MAX_PKCS7_CERTS && certIdx + 1 < pkiMsgSz; i++) {
localIdx = certIdx;
if (pkiMsg[certIdx++] == (ASN_CONSTRUCTED | ASN_SEQUENCE)) {
if (GetLength(pkiMsg, &certIdx, &sz, pkiMsgSz) < 0)
return ASN_PARSE_E;
pkcs7->cert[i] = &pkiMsg[localIdx];
pkcs7->certSz[i] = sz + (certIdx - localIdx);
certIdx += sz;
}
}
}
} }
idx += length; idx += length;
} }

7
wolfssl/wolfcrypt/pkcs7.h
View File

@ -43,6 +43,11 @@
extern "C" { extern "C" {
#endif #endif
/* Max number of certificates that PKCS7 structure can parse */
#ifndef MAX_PKCS7_CERTS
#define MAX_PKCS7_CERTS 4
#endif
/* PKCS#7 content types, ref RFC 2315 (Section 14) */ /* PKCS#7 content types, ref RFC 2315 (Section 14) */
enum PKCS7_TYPES { enum PKCS7_TYPES {
PKCS7_MSG = 650, /* 1.2.840.113549.1.7 */ PKCS7_MSG = 650, /* 1.2.840.113549.1.7 */
@ -100,6 +105,8 @@ typedef struct PKCS7 {
int keyAgreeOID; /* key agreement algorithm OID */ int keyAgreeOID; /* key agreement algorithm OID */
void* heap; /* heap hint for dynamic memory */ void* heap; /* heap hint for dynamic memory */
byte* cert[MAX_PKCS7_CERTS];
word32 certSz[MAX_PKCS7_CERTS];
byte* singleCert; /* recipient cert, DER, not owner */ byte* singleCert; /* recipient cert, DER, not owner */
word32 singleCertSz; /* size of recipient cert buffer, bytes */ word32 singleCertSz; /* size of recipient cert buffer, bytes */
byte issuerHash[KEYID_SIZE]; /* hash of all alt Names */ byte issuerHash[KEYID_SIZE]; /* hash of all alt Names */