mirror of https://github.com/wolfSSL/wolfssl
itterate through certificates with PKCS7
This commit is contained in:
parent
19ce41c3cc
commit
a196fac0c2
|
@ -970,6 +970,11 @@ static int wc_PKCS7_SetHashType(PKCS7* pkcs7, enum wc_HashType* type)
|
||||||
|
|
||||||
switch (pkcs7->hashOID) {
|
switch (pkcs7->hashOID) {
|
||||||
|
|
||||||
|
#ifndef NO_MD5
|
||||||
|
case MD5h:
|
||||||
|
*type = WC_HASH_TYPE_MD5;
|
||||||
|
break;
|
||||||
|
#endif
|
||||||
#ifndef NO_SHA
|
#ifndef NO_SHA
|
||||||
case SHAh:
|
case SHAh:
|
||||||
*type = WC_HASH_TYPE_SHA;
|
*type = WC_HASH_TYPE_SHA;
|
||||||
|
@ -1956,6 +1961,30 @@ int wc_PKCS7_VerifySignedData(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz)
|
||||||
|
|
||||||
/* This will reset PKCS7 structure and then set the certificate */
|
/* This will reset PKCS7 structure and then set the certificate */
|
||||||
wc_PKCS7_InitWithCert(pkcs7, cert, certSz);
|
wc_PKCS7_InitWithCert(pkcs7, cert, certSz);
|
||||||
|
|
||||||
|
/* iterate through any additional certificates */
|
||||||
|
if (MAX_PKCS7_CERTS > 0) {
|
||||||
|
word32 localIdx;
|
||||||
|
int sz = 0;
|
||||||
|
int i;
|
||||||
|
|
||||||
|
pkcs7->cert[0] = cert;
|
||||||
|
pkcs7->certSz[0] = certSz;
|
||||||
|
certIdx = idx + certSz;
|
||||||
|
|
||||||
|
for (i = 1; i < MAX_PKCS7_CERTS && certIdx + 1 < pkiMsgSz; i++) {
|
||||||
|
localIdx = certIdx;
|
||||||
|
|
||||||
|
if (pkiMsg[certIdx++] == (ASN_CONSTRUCTED | ASN_SEQUENCE)) {
|
||||||
|
if (GetLength(pkiMsg, &certIdx, &sz, pkiMsgSz) < 0)
|
||||||
|
return ASN_PARSE_E;
|
||||||
|
|
||||||
|
pkcs7->cert[i] = &pkiMsg[localIdx];
|
||||||
|
pkcs7->certSz[i] = sz + (certIdx - localIdx);
|
||||||
|
certIdx += sz;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
idx += length;
|
idx += length;
|
||||||
}
|
}
|
||||||
|
|
|
@ -43,6 +43,11 @@
|
||||||
extern "C" {
|
extern "C" {
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
/* Max number of certificates that PKCS7 structure can parse */
|
||||||
|
#ifndef MAX_PKCS7_CERTS
|
||||||
|
#define MAX_PKCS7_CERTS 4
|
||||||
|
#endif
|
||||||
|
|
||||||
/* PKCS#7 content types, ref RFC 2315 (Section 14) */
|
/* PKCS#7 content types, ref RFC 2315 (Section 14) */
|
||||||
enum PKCS7_TYPES {
|
enum PKCS7_TYPES {
|
||||||
PKCS7_MSG = 650, /* 1.2.840.113549.1.7 */
|
PKCS7_MSG = 650, /* 1.2.840.113549.1.7 */
|
||||||
|
@ -100,6 +105,8 @@ typedef struct PKCS7 {
|
||||||
int keyAgreeOID; /* key agreement algorithm OID */
|
int keyAgreeOID; /* key agreement algorithm OID */
|
||||||
|
|
||||||
void* heap; /* heap hint for dynamic memory */
|
void* heap; /* heap hint for dynamic memory */
|
||||||
|
byte* cert[MAX_PKCS7_CERTS];
|
||||||
|
word32 certSz[MAX_PKCS7_CERTS];
|
||||||
byte* singleCert; /* recipient cert, DER, not owner */
|
byte* singleCert; /* recipient cert, DER, not owner */
|
||||||
word32 singleCertSz; /* size of recipient cert buffer, bytes */
|
word32 singleCertSz; /* size of recipient cert buffer, bytes */
|
||||||
byte issuerHash[KEYID_SIZE]; /* hash of all alt Names */
|
byte issuerHash[KEYID_SIZE]; /* hash of all alt Names */
|
||||||
|
|
Loading…
Reference in New Issue