diff --git a/cyassl/internal.h b/cyassl/internal.h index 8fe14fe45..0cff015ee 100644 --- a/cyassl/internal.h +++ b/cyassl/internal.h @@ -1662,6 +1662,8 @@ struct CYASSL_X509 { byte notBefore[MAX_DATE_SZ]; int notAfterSz; byte notAfter[MAX_DATE_SZ]; + int sigOID; + buffer sig; buffer pubKey; buffer derCert; /* may need */ DNS_entry* altNames; /* alt names list */ diff --git a/cyassl/ssl.h b/cyassl/ssl.h index 245cdebf4..e2645c99e 100644 --- a/cyassl/ssl.h +++ b/cyassl/ssl.h @@ -418,6 +418,8 @@ CYASSL_API int CyaSSL_X509_NAME_get_text_by_NID( CYASSL_X509_NAME*, int, char*, int); CYASSL_API int CyaSSL_X509_verify_cert(CYASSL_X509_STORE_CTX*); CYASSL_API const char* CyaSSL_X509_verify_cert_error_string(long); +CYASSL_API int CyaSSL_X509_get_signature_type(CYASSL_X509*); +CYASSL_API int CyaSSL_X509_get_signature(CYASSL_X509*, unsigned char*, int*); CYASSL_API int CyaSSL_X509_LOOKUP_add_dir(CYASSL_X509_LOOKUP*,const char*,long); CYASSL_API int CyaSSL_X509_LOOKUP_load_file(CYASSL_X509_LOOKUP*, const char*, diff --git a/src/internal.c b/src/internal.c index 94d50d7fa..d025cd4ab 100644 --- a/src/internal.c +++ b/src/internal.c @@ -1266,6 +1266,7 @@ void InitX509(CYASSL_X509* x509, int dynamicFlag) InitX509Name(&x509->subject, 0); x509->version = 0; x509->pubKey.buffer = NULL; + x509->sig.buffer = NULL; x509->derCert.buffer = NULL; x509->altNames = NULL; x509->altNamesNext = NULL; @@ -1284,6 +1285,7 @@ void FreeX509(CYASSL_X509* x509) if (x509->pubKey.buffer) XFREE(x509->pubKey.buffer, NULL, DYNAMIC_TYPE_PUBLIC_KEY); XFREE(x509->derCert.buffer, NULL, DYNAMIC_TYPE_SUBJECT_CN); + XFREE(x509->sig.buffer, NULL, 0); if (x509->altNames) FreeAltNames(x509->altNames, NULL); if (x509->dynamicMemory) @@ -3128,6 +3130,17 @@ int CopyDecodedToX509(CYASSL_X509* x509, DecodedCert* dCert) ret = MEMORY_E; } + x509->sig.buffer = (byte*)XMALLOC(dCert->sigLength, NULL, 0); + if (x509->sig.buffer == NULL) { + ret = MEMORY_E; + } + else { + XMEMCPY(x509->sig.buffer, + &dCert->source[dCert->sigIndex], dCert->sigLength); + x509->sig.length = dCert->sigLength; + x509->sigOID = dCert->signatureOID; + } + /* store cert for potential retrieval */ x509->derCert.buffer = (byte*)XMALLOC(dCert->maxIdx, NULL, DYNAMIC_TYPE_CERT); diff --git a/src/ssl.c b/src/ssl.c index cc21ba2a7..d7eae568c 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -7137,13 +7137,42 @@ int CyaSSL_set_compression(CYASSL* ssl) } + int CyaSSL_X509_get_signature_type(CYASSL_X509* x509) + { + int type = 0; + + CYASSL_ENTER("CyaSSL_X509_get_signature_type"); + + if (x509 != NULL) + type = x509->sigOID; + + return type; + } + + + int CyaSSL_X509_get_signature(CYASSL_X509* x509, + unsigned char* buf, int* bufSz) + { + CYASSL_ENTER("CyaSSL_X509_get_signature"); + if (x509 == NULL || bufSz == NULL || *bufSz < (int)x509->sig.length) + return SSL_FATAL_ERROR; + + if (buf != NULL) + XMEMCPY(buf, x509->sig.buffer, x509->sig.length); + *bufSz = x509->sig.length; + + return SSL_SUCCESS; + } + + /* write X509 serial number in unsigned binary to buffer buffer needs to be at least EXTERNAL_SERIAL_SIZE (32) for all cases return SSL_SUCCESS on success */ int CyaSSL_X509_get_serial_number(CYASSL_X509* x509, byte* in, int* inOutSz) { CYASSL_ENTER("CyaSSL_X509_get_serial_number"); - if (x509 == NULL || in == NULL || *inOutSz < x509->serialSz) + if (x509 == NULL || in == NULL || + inOutSz == NULL || *inOutSz < x509->serialSz) return BAD_FUNC_ARG; XMEMCPY(in, x509->serial, x509->serialSz);