mirror of https://github.com/wolfSSL/wolfssl.git
Certificates: ECC signature algorithm parameter
Allow, with a define, ECC signature algorithm parameters to be NULL and not just empty. Only for interop.pull/7903/head
parent
bf074d2bb9
commit
a3e239c2ad
|
@ -102,6 +102,9 @@ ASN Options:
|
||||||
* which is discouraged by X.690 specification - default values shall not
|
* which is discouraged by X.690 specification - default values shall not
|
||||||
* be encoded.
|
* be encoded.
|
||||||
* NO_TIME_SIGNEDNESS_CHECK: Disabled the time_t signedness check.
|
* NO_TIME_SIGNEDNESS_CHECK: Disabled the time_t signedness check.
|
||||||
|
* WOLFSSL_ECC_SIGALG_PARAMS_NULL_ALLOWED: Allows the ECDSA/EdDSA signature
|
||||||
|
* algorithms in certificates to have NULL parameter instead of empty.
|
||||||
|
* DO NOT enable this unless required for interoperability.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include <wolfssl/wolfcrypt/error-crypt.h>
|
#include <wolfssl/wolfcrypt/error-crypt.h>
|
||||||
|
@ -22089,16 +22092,20 @@ static int DecodeCertInternal(DecodedCert* cert, int verify, int* criticalExt,
|
||||||
}
|
}
|
||||||
/* Parameters not allowed after ECDSA or EdDSA algorithm OID. */
|
/* Parameters not allowed after ECDSA or EdDSA algorithm OID. */
|
||||||
else if (IsSigAlgoECC(cert->signatureOID)) {
|
else if (IsSigAlgoECC(cert->signatureOID)) {
|
||||||
if ((dataASN[X509CERTASN_IDX_SIGALGO_PARAMS_NULL].tag != 0)
|
#ifndef WOLFSSL_ECC_SIGALG_PARAMS_NULL_ALLOWED
|
||||||
#ifdef WC_RSA_PSS
|
if (dataASN[X509CERTASN_IDX_SIGALGO_PARAMS_NULL].tag != 0) {
|
||||||
|| (dataASN[X509CERTASN_IDX_SIGALGO_PARAMS].tag != 0)
|
|
||||||
#endif
|
|
||||||
) {
|
|
||||||
WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E);
|
WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E);
|
||||||
ret = ASN_PARSE_E;
|
ret = ASN_PARSE_E;
|
||||||
}
|
}
|
||||||
}
|
#endif
|
||||||
#ifdef WC_RSA_PSS
|
#ifdef WC_RSA_PSS
|
||||||
|
if (dataASN[X509CERTASN_IDX_SIGALGO_PARAMS].tag != 0) {
|
||||||
|
WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E);
|
||||||
|
ret = ASN_PARSE_E;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
#ifdef WC_RSA_PSS
|
||||||
/* Check parameters starting with a SEQUENCE. */
|
/* Check parameters starting with a SEQUENCE. */
|
||||||
else if (dataASN[X509CERTASN_IDX_SIGALGO_PARAMS].tag != 0) {
|
else if (dataASN[X509CERTASN_IDX_SIGALGO_PARAMS].tag != 0) {
|
||||||
word32 oid = dataASN[X509CERTASN_IDX_SIGALGO_OID].data.oid.sum;
|
word32 oid = dataASN[X509CERTASN_IDX_SIGALGO_OID].data.oid.sum;
|
||||||
|
@ -22140,7 +22147,7 @@ static int DecodeCertInternal(DecodedCert* cert, int verify, int* criticalExt,
|
||||||
cert->sigParamsLength = sigAlgParamsSz;
|
cert->sigParamsLength = sigAlgParamsSz;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
if ((ret == 0) && (!done)) {
|
if ((ret == 0) && (!done)) {
|
||||||
pubKeyEnd = dataASN[X509CERTASN_IDX_TBS_ISSUERUID].offset;
|
pubKeyEnd = dataASN[X509CERTASN_IDX_TBS_ISSUERUID].offset;
|
||||||
|
|
Loading…
Reference in New Issue