WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Avoid conversions to PEM and register DER certificate chain

pull/3531/head
Vysakh P Pillai 2020-12-15 16:15:36 +05:30 committed by GitHub
parent c31f20706b
commit aa2e02807d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 25 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
wolfcrypt/src/port/atmel/atmel.c
View File

@ -911,44 +911,47 @@ exit:
static int atcatls_set_certificates(WOLFSSL_CTX *ctx) static int atcatls_set_certificates(WOLFSSL_CTX *ctx)
{ {
#ifndef ATCATLS_MAX_CERT_SIZE #ifndef ATCATLS_TNGTLS_SIGNER_CERT_SIZE
#define ATCATLS_MAX_CERT_SIZE 560 #define ATCATLS_TNGTLS_SIGNER_CERT_SIZE 0x208
#endif
#ifndef ATCATLS_TNGTLS_DEVICE_CERT_SIZE
#define ATCATLS_TNGTLS_DEVICE_CERT_SIZE 0x222
#endif #endif
int ret = 0; int ret = 0;
ATCA_STATUS status; ATCA_STATUS status;
size_t signerCertSize = ATCATLS_MAX_CERT_SIZE; size_t signerCertSize = ATCATLS_TNGTLS_SIGNER_CERT_SIZE;
uint8_t signerCert[ATCATLS_MAX_CERT_SIZE]; size_t deviceCertSize = ATCATLS_TNGTLS_DEVICE_CERT_SIZE;
size_t deviceCertSize = ATCATLS_MAX_CERT_SIZE; uint8_t certBuffer[ATCATLS_TNGTLS_SIGNER_CERT_SIZE+ATCATLS_TNGTLS_DEVICE_CERT_SIZE];
uint8_t deviceCert[ATCATLS_MAX_CERT_SIZE];
int devPemSz, signerPemSz;
char devCertChain[2048];
/*Read signer cert*/ /*Read signer cert*/
status = tng_atcacert_read_signer_cert((uint8_t*)&signerCert, &signerCertSize); status = tng_atcacert_read_signer_cert(&certBuffer[ATCATLS_TNGTLS_DEVICE_CERT_SIZE], &signerCertSize);
if (ATCA_SUCCESS != status) { if (ATCA_SUCCESS != status) {
ret = atmel_ecc_translate_err(ret); ret = atmel_ecc_translate_err(ret);
return ret; return ret;
} }
if(signerCertSize != ATCATLS_TNGTLS_SIGNER_CERT_SIZE){
#ifdef WOLFSSL_ATECC_DEBUG
printf("tng_atcacert_read_signer_cert read size != ATCATLS_TNGTLS_SIGNER_CERT_SIZE. (%d) \r\n",signerCertSize);
#endif
return WOLFSSL_FAILURE;
}
/*Read device cert signed by the signer above*/ /*Read device cert signed by the signer above*/
status = tng_atcacert_read_device_cert((uint8_t*)deviceCert, &deviceCertSize, (uint8_t*)signerCert); status = tng_atcacert_read_device_cert(certBuffer, &deviceCertSize, &certBuffer[ATCATLS_TNGTLS_DEVICE_CERT_SIZE]);
if (ATCA_SUCCESS != status) { if (ATCA_SUCCESS != status) {
ret = atmel_ecc_translate_err(ret); ret = atmel_ecc_translate_err(ret);
return ret; return ret;
} }
/*Generate a PEM chain of device certificate.*/ if(deviceCertSize != ATCATLS_TNGTLS_DEVICE_CERT_SIZE){
XMEMSET(devCertChain, 0, sizeof(devCertChain)); #ifdef WOLFSSL_ATECC_DEBUG
devPemSz = wc_DerToPem(deviceCert, deviceCertSize, (byte*)&devCertChain[0], printf("tng_atcacert_read_device_cert read size != ATCATLS_TNGTLS_DEVICE_CERT_SIZE. (%d) \r\n",deviceCertSize);
sizeof(devCertChain), CERT_TYPE); #endif
if(devPemSz <= 0){ return WOLFSSL_FAILURE;
return devPemSz;
} }
signerPemSz = wc_DerToPem(signerCert, signerCertSize, (byte*)&devCertChain[devPemSz],
sizeof(devCertChain)-devPemSz, CERT_TYPE); ret = wolfSSL_CTX_use_certificate_chain_buffer_format(ctx, (const unsigned char*)certBuffer,
if(signerPemSz <= 0){ ATCATLS_TNGTLS_SIGNER_CERT_SIZE+ATCATLS_TNGTLS_DEVICE_CERT_SIZE, WOLFSSL_FILETYPE_ASN1);
return signerPemSz;
}
ret = wolfSSL_CTX_use_certificate_chain_buffer(ctx, (const unsigned char*)devCertChain, XSTRLEN(devCertChain));
if (ret != WOLFSSL_SUCCESS) { if (ret != WOLFSSL_SUCCESS) {
ret = -1; ret = -1;
} }