mirror of https://github.com/wolfSSL/wolfssl.git
fixup! csrv2multi: pending ca list
Marco Oliverio
parent
9222cb1304
commit
fe932b893c
|
|
@ -14130,7 +14130,7 @@ PRAGMA_GCC_DIAG_POP
|
|||
}
|
||||
#endif
|
||||
/* Parse Certificate */
|
||||
ret = ParseCertRelativeEx(args->dCert, certType, verify, SSL_CM(ssl), extraSigners);
|
||||
ret = ParseCertRelative(args->dCert, certType, verify, SSL_CM(ssl), extraSigners);
|
||||
|
||||
#if defined(HAVE_RPK)
|
||||
/* if cert type has negotiated with peer, confirm the cert received has
|
||||
|
|
@ -14961,6 +14961,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
|
|||
s = MakeSigner(SSL_CM(ssl)->heap);
|
||||
if (s == NULL) {
|
||||
FreeDecodedCert(&dCertAdd);
|
||||
FreeDer(&derBuffer);
|
||||
ret = MEMORY_E;
|
||||
goto exit_ppc;
|
||||
}
|
||||
|
|
@ -23254,7 +23255,7 @@ static int CreateOcspRequest(WOLFSSL* ssl, OcspRequest* request,
|
|||
|
||||
InitDecodedCert(cert, certData, length, ssl->heap);
|
||||
/* TODO: Setup async support here */
|
||||
ret = ParseCertRelative(cert, CERT_TYPE, VERIFY, SSL_CM(ssl));
|
||||
ret = ParseCertRelative(cert, CERT_TYPE, VERIFY, SSL_CM(ssl), NULL);
|
||||
if (ret != 0) {
|
||||
WOLFSSL_MSG("ParseCert failed");
|
||||
}
|
||||
|
|
|
|||
|
|
@ -802,7 +802,7 @@ WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_cert_to_id(
|
|||
|
||||
InitDecodedCert(cert, subject->derCert->buffer,
|
||||
subject->derCert->length, NULL);
|
||||
if (ParseCertRelative(cert, CERT_TYPE, VERIFY_OCSP, cm) != 0) {
|
||||
if (ParseCertRelative(cert, CERT_TYPE, VERIFY_OCSP, cm, NULL) != 0) {
|
||||
FreeDecodedCert(cert);
|
||||
goto out;
|
||||
}
|
||||
|
|
@ -892,7 +892,7 @@ int wolfSSL_OCSP_basic_verify(WOLFSSL_OCSP_BASICRESP *bs,
|
|||
|
||||
InitDecodedCert(cert, bs->cert, bs->certSz, NULL);
|
||||
certInit = 1;
|
||||
if (ParseCertRelative(cert, CERT_TYPE, VERIFY, st->cm) < 0)
|
||||
if (ParseCertRelative(cert, CERT_TYPE, VERIFY, st->cm, NULL) < 0)
|
||||
goto out;
|
||||
|
||||
if (!(flags & OCSP_NOCHECKS)) {
|
||||
|
|
|
|||
|
|
@ -6211,7 +6211,7 @@ static int check_cert_key(DerBuffer* cert, DerBuffer* key, DerBuffer* altKey,
|
|||
size = cert->length;
|
||||
buff = cert->buffer;
|
||||
InitDecodedCert_ex(der, buff, size, heap, devId);
|
||||
if (ParseCertRelative(der, CERT_TYPE, NO_VERIFY, NULL) != 0) {
|
||||
if (ParseCertRelative(der, CERT_TYPE, NO_VERIFY, NULL, NULL) != 0) {
|
||||
FreeDecodedCert(der);
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(der, heap, DYNAMIC_TYPE_DCERT);
|
||||
|
|
@ -13313,7 +13313,7 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
|
|||
/* Create a DecodedCert object and copy fields into WOLFSSL_X509 object.
|
||||
*/
|
||||
InitDecodedCert(cert, (byte*)in, (word32)len, NULL);
|
||||
if ((ret = ParseCertRelative(cert, CERT_TYPE, 0, NULL)) == 0) {
|
||||
if ((ret = ParseCertRelative(cert, CERT_TYPE, 0, NULL, NULL)) == 0) {
|
||||
/* Check if x509 was not previously initialized by wolfSSL_X509_new() */
|
||||
if (x509->dynamicMemory != TRUE)
|
||||
InitX509(x509, 0, NULL);
|
||||
|
|
@ -17756,7 +17756,7 @@ WOLFSSL_X509* wolfSSL_get_chain_X509(WOLFSSL_X509_CHAIN* chain, int idx)
|
|||
InitDecodedCert(cert, chain->certs[idx].buffer,
|
||||
chain->certs[idx].length, NULL);
|
||||
|
||||
if ((ret = ParseCertRelative(cert, CERT_TYPE, 0, NULL)) != 0) {
|
||||
if ((ret = ParseCertRelative(cert, CERT_TYPE, 0, NULL, NULL)) != 0) {
|
||||
WOLFSSL_MSG("Failed to parse cert");
|
||||
}
|
||||
else {
|
||||
|
|
|
|||
|
|
@ -698,7 +698,7 @@ int CM_VerifyBuffer_ex(WOLFSSL_CERT_MANAGER* cm, const unsigned char* buff,
|
|||
|
||||
/* Parse DER into decoded certificate fields and verify signature
|
||||
* against a known CA. */
|
||||
ret = ParseCertRelative(cert, CERT_TYPE, VERIFY, cm);
|
||||
ret = ParseCertRelative(cert, CERT_TYPE, VERIFY, cm, NULL);
|
||||
}
|
||||
|
||||
#ifdef HAVE_CRL
|
||||
|
|
@ -1817,7 +1817,7 @@ int wolfSSL_CertManagerCheckCRL(WOLFSSL_CERT_MANAGER* cm,
|
|||
InitDecodedCert(cert, der, (word32)sz, NULL);
|
||||
|
||||
/* Parse certificate and perform CRL checks. */
|
||||
ret = ParseCertRelative(cert, CERT_TYPE, VERIFY_CRL, cm);
|
||||
ret = ParseCertRelative(cert, CERT_TYPE, VERIFY_CRL, cm, NULL);
|
||||
if (ret != 0) {
|
||||
WOLFSSL_MSG("ParseCert failed");
|
||||
}
|
||||
|
|
@ -2289,7 +2289,7 @@ int wolfSSL_CertManagerCheckOCSP(WOLFSSL_CERT_MANAGER* cm,
|
|||
InitDecodedCert(cert, der, (word32)sz, NULL);
|
||||
|
||||
/* Parse certificate and perform CRL checks. */
|
||||
ret = ParseCertRelative(cert, CERT_TYPE, VERIFY_OCSP, cm);
|
||||
ret = ParseCertRelative(cert, CERT_TYPE, VERIFY_OCSP, cm, NULL);
|
||||
if (ret != 0) {
|
||||
WOLFSSL_MSG("ParseCert failed");
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1932,7 +1932,7 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
|
|||
DYNAMIC_TYPE_X509);
|
||||
InitX509(x509, 1, heap);
|
||||
InitDecodedCert(DeCert, current->buffer, current->bufferSz, heap);
|
||||
if (ParseCertRelative(DeCert, CERT_TYPE, NO_VERIFY, NULL) != 0) {
|
||||
if (ParseCertRelative(DeCert, CERT_TYPE, NO_VERIFY, NULL, NULL) != 0) {
|
||||
WOLFSSL_MSG("Issue with parsing certificate");
|
||||
FreeDecodedCert(DeCert);
|
||||
wolfSSL_X509_free(x509);
|
||||
|
|
@ -2009,7 +2009,7 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
|
|||
}
|
||||
InitX509(*cert, 1, heap);
|
||||
InitDecodedCert(DeCert, certData, certDataSz, heap);
|
||||
if (ParseCertRelative(DeCert, CERT_TYPE, NO_VERIFY, NULL) != 0) {
|
||||
if (ParseCertRelative(DeCert, CERT_TYPE, NO_VERIFY, NULL, NULL) != 0) {
|
||||
WOLFSSL_MSG("Issue with parsing certificate");
|
||||
}
|
||||
if (CopyDecodedToX509(*cert, DeCert) != 0) {
|
||||
|
|
|
|||
10
src/x509.c
10
src/x509.c
|
|
@ -3612,7 +3612,7 @@ static WOLFSSL_X509* d2i_X509orX509REQ(WOLFSSL_X509** x509,
|
|||
#ifdef WOLFSSL_CERT_REQ
|
||||
cert->isCSR = (byte)req;
|
||||
#endif
|
||||
if (ParseCertRelative(cert, type, 0, NULL) == 0) {
|
||||
if (ParseCertRelative(cert, type, 0, NULL, NULL) == 0) {
|
||||
newX509 = wolfSSL_X509_new_ex(heap);
|
||||
if (newX509 != NULL) {
|
||||
if (CopyDecodedToX509(newX509, cert) != 0) {
|
||||
|
|
@ -5254,7 +5254,7 @@ static WOLFSSL_X509* loadX509orX509REQFromBuffer(
|
|||
#endif
|
||||
{
|
||||
InitDecodedCert(cert, der->buffer, der->length, NULL);
|
||||
ret = ParseCertRelative(cert, type, 0, NULL);
|
||||
ret = ParseCertRelative(cert, type, 0, NULL, NULL);
|
||||
if (ret == 0) {
|
||||
x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL,
|
||||
DYNAMIC_TYPE_X509);
|
||||
|
|
@ -13403,7 +13403,7 @@ int wolfSSL_X509_check_host(WOLFSSL_X509 *x, const char *chk, size_t chklen,
|
|||
#endif
|
||||
|
||||
InitDecodedCert(dCert, x->derCert->buffer, x->derCert->length, NULL);
|
||||
ret = ParseCertRelative(dCert, CERT_TYPE, 0, NULL);
|
||||
ret = ParseCertRelative(dCert, CERT_TYPE, 0, NULL, NULL);
|
||||
if (ret != 0) {
|
||||
goto out;
|
||||
}
|
||||
|
|
@ -13474,7 +13474,7 @@ int wolfSSL_X509_check_ip_asc(WOLFSSL_X509 *x, const char *ipasc,
|
|||
|
||||
if (ret == WOLFSSL_SUCCESS) {
|
||||
InitDecodedCert(dCert, x->derCert->buffer, x->derCert->length, NULL);
|
||||
ret = ParseCertRelative(dCert, CERT_TYPE, 0, NULL);
|
||||
ret = ParseCertRelative(dCert, CERT_TYPE, 0, NULL, NULL);
|
||||
if (ret != 0) {
|
||||
ret = WOLFSSL_FAILURE;
|
||||
}
|
||||
|
|
@ -13613,7 +13613,7 @@ static int x509GetIssuerFromCM(WOLFSSL_X509 **issuer, WOLFSSL_CERT_MANAGER* cm,
|
|||
|
||||
/* Use existing CA retrieval APIs that use DecodedCert. */
|
||||
InitDecodedCert(cert, x->derCert->buffer, x->derCert->length, cm->heap);
|
||||
if (ParseCertRelative(cert, CERT_TYPE, 0, NULL) == 0
|
||||
if (ParseCertRelative(cert, CERT_TYPE, 0, NULL, NULL) == 0
|
||||
&& !cert->selfSigned) {
|
||||
#ifndef NO_SKID
|
||||
if (cert->extAuthKeyIdSet)
|
||||
|
|
|
|||
|
|
@ -22501,7 +22501,7 @@ int ParseCert(DecodedCert* cert, int type, int verify, void* cm)
|
|||
char* ptr;
|
||||
#endif
|
||||
|
||||
ret = ParseCertRelative(cert, type, verify, cm);
|
||||
ret = ParseCertRelative(cert, type, verify, cm, NULL);
|
||||
if (ret < 0)
|
||||
return ret;
|
||||
|
||||
|
|
@ -23399,7 +23399,7 @@ Signer* findSignerByName(Signer *list, byte *hash)
|
|||
return NULL;
|
||||
}
|
||||
|
||||
int ParseCertRelativeEx(DecodedCert* cert, int type, int verify, void* cm, Signer *extraCAList)
|
||||
int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm, Signer *extraCAList)
|
||||
{
|
||||
int ret = 0;
|
||||
#ifndef WOLFSSL_ASN_TEMPLATE
|
||||
|
|
@ -24056,11 +24056,6 @@ exit_pcr:
|
|||
return ret;
|
||||
}
|
||||
|
||||
int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
|
||||
{
|
||||
return ParseCertRelativeEx(cert, type, verify, cm, NULL);
|
||||
}
|
||||
|
||||
int FillSigner(Signer* signer, DecodedCert* cert, int type, DerBuffer *der)
|
||||
{
|
||||
int ret = 0;
|
||||
|
|
@ -26681,7 +26676,7 @@ static int wc_SetCert_LoadDer(Cert* cert, const byte* der, word32 derSz,
|
|||
InitDecodedCert_ex((DecodedCert*)cert->decodedCert, der, derSz,
|
||||
cert->heap, devId);
|
||||
ret = ParseCertRelative((DecodedCert*)cert->decodedCert,
|
||||
CERT_TYPE, 0, NULL);
|
||||
CERT_TYPE, 0, NULL, NULL);
|
||||
if (ret >= 0) {
|
||||
cert->der = (byte*)der;
|
||||
}
|
||||
|
|
@ -32425,7 +32420,7 @@ static int SetAltNamesFromCert(Cert* cert, const byte* der, int derSz,
|
|||
#endif
|
||||
|
||||
InitDecodedCert_ex(decoded, der, (word32)derSz, NULL, devId);
|
||||
ret = ParseCertRelative(decoded, CA_TYPE, NO_VERIFY, 0);
|
||||
ret = ParseCertRelative(decoded, CA_TYPE, NO_VERIFY, 0, NULL);
|
||||
|
||||
if (ret < 0) {
|
||||
WOLFSSL_MSG("ParseCertRelative error");
|
||||
|
|
@ -32624,7 +32619,7 @@ static int SetNameFromCert(CertName* cn, const byte* der, int derSz, int devId)
|
|||
#endif
|
||||
|
||||
InitDecodedCert_ex(decoded, der, (word32)derSz, NULL, devId);
|
||||
ret = ParseCertRelative(decoded, CA_TYPE, NO_VERIFY, 0);
|
||||
ret = ParseCertRelative(decoded, CA_TYPE, NO_VERIFY, 0, NULL);
|
||||
|
||||
if (ret < 0) {
|
||||
WOLFSSL_MSG("ParseCertRelative error");
|
||||
|
|
@ -36561,7 +36556,7 @@ static int DecodeBasicOcspResponse(byte* source, word32* ioIndex,
|
|||
cert_inited = 1;
|
||||
|
||||
/* Don't verify if we don't have access to Cert Manager. */
|
||||
ret = ParseCertRelativeEx(cert, CERT_TYPE,
|
||||
ret = ParseCertRelative(cert, CERT_TYPE,
|
||||
noVerify ? NO_VERIFY : VERIFY_OCSP_CERT,
|
||||
cm, resp->pendingCAs);
|
||||
if (ret < 0) {
|
||||
|
|
@ -36723,7 +36718,7 @@ static int DecodeBasicOcspResponse(byte* source, word32* ioIndex,
|
|||
certInit = 1;
|
||||
/* Parse the certificate and don't verify if we don't have access to
|
||||
* Cert Manager. */
|
||||
ret = ParseCertRelativeEx(cert, CERT_TYPE, noVerify ? NO_VERIFY : VERIFY,
|
||||
ret = ParseCertRelative(cert, CERT_TYPE, noVerify ? NO_VERIFY : VERIFY,
|
||||
cm, resp->pendingCAs);
|
||||
if (ret < 0) {
|
||||
WOLFSSL_MSG("\tOCSP Responder certificate parsing failed");
|
||||
|
|
|
|||
|
|
@ -1126,7 +1126,7 @@ static WARN_UNUSED_RESULT int freeDecCertList(WC_DerCertList** list,
|
|||
while (current != NULL) {
|
||||
|
||||
InitDecodedCert(DeCert, current->buffer, current->bufferSz, heap);
|
||||
if (ParseCertRelative(DeCert, CERT_TYPE, NO_VERIFY, NULL) == 0) {
|
||||
if (ParseCertRelative(DeCert, CERT_TYPE, NO_VERIFY, NULL, NULL) == 0) {
|
||||
if (wc_CheckPrivateKeyCert(*pkey, *pkeySz, DeCert, 0) == 1) {
|
||||
WOLFSSL_MSG("Key Pair found");
|
||||
*cert = current->buffer;
|
||||
|
|
|
|||
|
|
@ -2187,8 +2187,6 @@ WOLFSSL_LOCAL int CheckCSRSignaturePubKey(const byte* cert, word32 certSz,
|
|||
WOLFSSL_ASN_API int AddSignature(byte* buf, int bodySz, const byte* sig, int sigSz,
|
||||
int sigAlgoType);
|
||||
WOLFSSL_LOCAL int ParseCertRelative(DecodedCert* cert, int type, int verify,
|
||||
void* cm);
|
||||
WOLFSSL_LOCAL int ParseCertRelativeEx(DecodedCert* cert, int type, int verify,
|
||||
void* cm, Signer *extraCa);
|
||||
WOLFSSL_LOCAL int DecodeToKey(DecodedCert* cert, int verify);
|
||||
#ifdef WOLFSSL_ASN_TEMPLATE
|
||||
|
|
|
|||
Loading…
Reference in New Issue