WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

fixup! csrv2multi: pending ca list

pull/7702/head
Marco Oliverio 2024-07-04 10:17:18 +02:00
parent 9222cb1304
commit fe932b893c
9 changed files with 26 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/internal.c
View File

@ -14130,7 +14130,7 @@ PRAGMA_GCC_DIAG_POP
} }
#endif #endif
/* Parse Certificate */ /* Parse Certificate */
ret = ParseCertRelativeEx(args->dCert, certType, verify, SSL_CM(ssl), extraSigners); ret = ParseCertRelative(args->dCert, certType, verify, SSL_CM(ssl), extraSigners);
#if defined(HAVE_RPK) #if defined(HAVE_RPK)
/* if cert type has negotiated with peer, confirm the cert received has /* if cert type has negotiated with peer, confirm the cert received has
@ -14961,6 +14961,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
s = MakeSigner(SSL_CM(ssl)->heap); s = MakeSigner(SSL_CM(ssl)->heap);
if (s == NULL) { if (s == NULL) {
FreeDecodedCert(&dCertAdd); FreeDecodedCert(&dCertAdd);
FreeDer(&derBuffer);
ret = MEMORY_E; ret = MEMORY_E;
goto exit_ppc; goto exit_ppc;
} }
@ -23254,7 +23255,7 @@ static int CreateOcspRequest(WOLFSSL* ssl, OcspRequest* request,
InitDecodedCert(cert, certData, length, ssl->heap); InitDecodedCert(cert, certData, length, ssl->heap);
/* TODO: Setup async support here */ /* TODO: Setup async support here */
ret = ParseCertRelative(cert, CERT_TYPE, VERIFY, SSL_CM(ssl)); ret = ParseCertRelative(cert, CERT_TYPE, VERIFY, SSL_CM(ssl), NULL);
if (ret != 0) { if (ret != 0) {
WOLFSSL_MSG("ParseCert failed"); WOLFSSL_MSG("ParseCert failed");
} }

4
src/ocsp.c
View File

@ -802,7 +802,7 @@ WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_cert_to_id(
InitDecodedCert(cert, subject->derCert->buffer, InitDecodedCert(cert, subject->derCert->buffer,
subject->derCert->length, NULL); subject->derCert->length, NULL);
if (ParseCertRelative(cert, CERT_TYPE, VERIFY_OCSP, cm) != 0) { if (ParseCertRelative(cert, CERT_TYPE, VERIFY_OCSP, cm, NULL) != 0) {
FreeDecodedCert(cert); FreeDecodedCert(cert);
goto out; goto out;
} }
@ -892,7 +892,7 @@ int wolfSSL_OCSP_basic_verify(WOLFSSL_OCSP_BASICRESP *bs,
InitDecodedCert(cert, bs->cert, bs->certSz, NULL); InitDecodedCert(cert, bs->cert, bs->certSz, NULL);
certInit = 1; certInit = 1;
if (ParseCertRelative(cert, CERT_TYPE, VERIFY, st->cm) < 0) if (ParseCertRelative(cert, CERT_TYPE, VERIFY, st->cm, NULL) < 0)
goto out; goto out;
if (!(flags & OCSP_NOCHECKS)) { if (!(flags & OCSP_NOCHECKS)) {

6
src/ssl.c
View File

@ -6211,7 +6211,7 @@ static int check_cert_key(DerBuffer* cert, DerBuffer* key, DerBuffer* altKey,
size = cert->length; size = cert->length;
buff = cert->buffer; buff = cert->buffer;
InitDecodedCert_ex(der, buff, size, heap, devId); InitDecodedCert_ex(der, buff, size, heap, devId);
if (ParseCertRelative(der, CERT_TYPE, NO_VERIFY, NULL) != 0) { if (ParseCertRelative(der, CERT_TYPE, NO_VERIFY, NULL, NULL) != 0) {
FreeDecodedCert(der); FreeDecodedCert(der);
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(der, heap, DYNAMIC_TYPE_DCERT); XFREE(der, heap, DYNAMIC_TYPE_DCERT);
@ -13313,7 +13313,7 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
/* Create a DecodedCert object and copy fields into WOLFSSL_X509 object. /* Create a DecodedCert object and copy fields into WOLFSSL_X509 object.
*/ */
InitDecodedCert(cert, (byte*)in, (word32)len, NULL); InitDecodedCert(cert, (byte*)in, (word32)len, NULL);
if ((ret = ParseCertRelative(cert, CERT_TYPE, 0, NULL)) == 0) { if ((ret = ParseCertRelative(cert, CERT_TYPE, 0, NULL, NULL)) == 0) {
/* Check if x509 was not previously initialized by wolfSSL_X509_new() */ /* Check if x509 was not previously initialized by wolfSSL_X509_new() */
if (x509->dynamicMemory != TRUE) if (x509->dynamicMemory != TRUE)
InitX509(x509, 0, NULL); InitX509(x509, 0, NULL);
@ -17756,7 +17756,7 @@ WOLFSSL_X509* wolfSSL_get_chain_X509(WOLFSSL_X509_CHAIN* chain, int idx)
InitDecodedCert(cert, chain->certs[idx].buffer, InitDecodedCert(cert, chain->certs[idx].buffer,
chain->certs[idx].length, NULL); chain->certs[idx].length, NULL);
if ((ret = ParseCertRelative(cert, CERT_TYPE, 0, NULL)) != 0) { if ((ret = ParseCertRelative(cert, CERT_TYPE, 0, NULL, NULL)) != 0) {
WOLFSSL_MSG("Failed to parse cert"); WOLFSSL_MSG("Failed to parse cert");
} }
else { else {

6
src/ssl_certman.c
View File

@ -698,7 +698,7 @@ int CM_VerifyBuffer_ex(WOLFSSL_CERT_MANAGER* cm, const unsigned char* buff,
/* Parse DER into decoded certificate fields and verify signature /* Parse DER into decoded certificate fields and verify signature
* against a known CA. */ * against a known CA. */
ret = ParseCertRelative(cert, CERT_TYPE, VERIFY, cm); ret = ParseCertRelative(cert, CERT_TYPE, VERIFY, cm, NULL);
} }
#ifdef HAVE_CRL #ifdef HAVE_CRL
@ -1817,7 +1817,7 @@ int wolfSSL_CertManagerCheckCRL(WOLFSSL_CERT_MANAGER* cm,
InitDecodedCert(cert, der, (word32)sz, NULL); InitDecodedCert(cert, der, (word32)sz, NULL);
/* Parse certificate and perform CRL checks. */ /* Parse certificate and perform CRL checks. */
ret = ParseCertRelative(cert, CERT_TYPE, VERIFY_CRL, cm); ret = ParseCertRelative(cert, CERT_TYPE, VERIFY_CRL, cm, NULL);
if (ret != 0) { if (ret != 0) {
WOLFSSL_MSG("ParseCert failed"); WOLFSSL_MSG("ParseCert failed");
} }
@ -2289,7 +2289,7 @@ int wolfSSL_CertManagerCheckOCSP(WOLFSSL_CERT_MANAGER* cm,
InitDecodedCert(cert, der, (word32)sz, NULL); InitDecodedCert(cert, der, (word32)sz, NULL);
/* Parse certificate and perform CRL checks. */ /* Parse certificate and perform CRL checks. */
ret = ParseCertRelative(cert, CERT_TYPE, VERIFY_OCSP, cm); ret = ParseCertRelative(cert, CERT_TYPE, VERIFY_OCSP, cm, NULL);
if (ret != 0) { if (ret != 0) {
WOLFSSL_MSG("ParseCert failed"); WOLFSSL_MSG("ParseCert failed");
} }

4
src/ssl_p7p12.c
View File

@ -1932,7 +1932,7 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
DYNAMIC_TYPE_X509); DYNAMIC_TYPE_X509);
InitX509(x509, 1, heap); InitX509(x509, 1, heap);
InitDecodedCert(DeCert, current->buffer, current->bufferSz, heap); InitDecodedCert(DeCert, current->buffer, current->bufferSz, heap);
if (ParseCertRelative(DeCert, CERT_TYPE, NO_VERIFY, NULL) != 0) { if (ParseCertRelative(DeCert, CERT_TYPE, NO_VERIFY, NULL, NULL) != 0) {
WOLFSSL_MSG("Issue with parsing certificate"); WOLFSSL_MSG("Issue with parsing certificate");
FreeDecodedCert(DeCert); FreeDecodedCert(DeCert);
wolfSSL_X509_free(x509); wolfSSL_X509_free(x509);
@ -2009,7 +2009,7 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
} }
InitX509(*cert, 1, heap); InitX509(*cert, 1, heap);
InitDecodedCert(DeCert, certData, certDataSz, heap); InitDecodedCert(DeCert, certData, certDataSz, heap);
if (ParseCertRelative(DeCert, CERT_TYPE, NO_VERIFY, NULL) != 0) { if (ParseCertRelative(DeCert, CERT_TYPE, NO_VERIFY, NULL, NULL) != 0) {
WOLFSSL_MSG("Issue with parsing certificate"); WOLFSSL_MSG("Issue with parsing certificate");
} }
if (CopyDecodedToX509(*cert, DeCert) != 0) { if (CopyDecodedToX509(*cert, DeCert) != 0) {

10
src/x509.c
View File

@ -3612,7 +3612,7 @@ static WOLFSSL_X509* d2i_X509orX509REQ(WOLFSSL_X509** x509,
#ifdef WOLFSSL_CERT_REQ #ifdef WOLFSSL_CERT_REQ
cert->isCSR = (byte)req; cert->isCSR = (byte)req;
#endif #endif
if (ParseCertRelative(cert, type, 0, NULL) == 0) { if (ParseCertRelative(cert, type, 0, NULL, NULL) == 0) {
newX509 = wolfSSL_X509_new_ex(heap); newX509 = wolfSSL_X509_new_ex(heap);
if (newX509 != NULL) { if (newX509 != NULL) {
if (CopyDecodedToX509(newX509, cert) != 0) { if (CopyDecodedToX509(newX509, cert) != 0) {
@ -5254,7 +5254,7 @@ static WOLFSSL_X509* loadX509orX509REQFromBuffer(
#endif #endif
{ {
InitDecodedCert(cert, der->buffer, der->length, NULL); InitDecodedCert(cert, der->buffer, der->length, NULL);
ret = ParseCertRelative(cert, type, 0, NULL); ret = ParseCertRelative(cert, type, 0, NULL, NULL);
if (ret == 0) { if (ret == 0) {
x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL, x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL,
DYNAMIC_TYPE_X509); DYNAMIC_TYPE_X509);
@ -13403,7 +13403,7 @@ int wolfSSL_X509_check_host(WOLFSSL_X509 *x, const char *chk, size_t chklen,
#endif #endif
InitDecodedCert(dCert, x->derCert->buffer, x->derCert->length, NULL); InitDecodedCert(dCert, x->derCert->buffer, x->derCert->length, NULL);
ret = ParseCertRelative(dCert, CERT_TYPE, 0, NULL); ret = ParseCertRelative(dCert, CERT_TYPE, 0, NULL, NULL);
if (ret != 0) { if (ret != 0) {
goto out; goto out;
} }
@ -13474,7 +13474,7 @@ int wolfSSL_X509_check_ip_asc(WOLFSSL_X509 *x, const char *ipasc,
if (ret == WOLFSSL_SUCCESS) { if (ret == WOLFSSL_SUCCESS) {
InitDecodedCert(dCert, x->derCert->buffer, x->derCert->length, NULL); InitDecodedCert(dCert, x->derCert->buffer, x->derCert->length, NULL);
ret = ParseCertRelative(dCert, CERT_TYPE, 0, NULL); ret = ParseCertRelative(dCert, CERT_TYPE, 0, NULL, NULL);
if (ret != 0) { if (ret != 0) {
ret = WOLFSSL_FAILURE; ret = WOLFSSL_FAILURE;
} }
@ -13613,7 +13613,7 @@ static int x509GetIssuerFromCM(WOLFSSL_X509 **issuer, WOLFSSL_CERT_MANAGER* cm,
/* Use existing CA retrieval APIs that use DecodedCert. */ /* Use existing CA retrieval APIs that use DecodedCert. */
InitDecodedCert(cert, x->derCert->buffer, x->derCert->length, cm->heap); InitDecodedCert(cert, x->derCert->buffer, x->derCert->length, cm->heap);
if (ParseCertRelative(cert, CERT_TYPE, 0, NULL) == 0 if (ParseCertRelative(cert, CERT_TYPE, 0, NULL, NULL) == 0
&& !cert->selfSigned) { && !cert->selfSigned) {
#ifndef NO_SKID #ifndef NO_SKID
if (cert->extAuthKeyIdSet) if (cert->extAuthKeyIdSet)

19
wolfcrypt/src/asn.c
View File

@ -22501,7 +22501,7 @@ int ParseCert(DecodedCert* cert, int type, int verify, void* cm)
char* ptr; char* ptr;
#endif #endif
ret = ParseCertRelative(cert, type, verify, cm); ret = ParseCertRelative(cert, type, verify, cm, NULL);
if (ret < 0) if (ret < 0)
return ret; return ret;
@ -23399,7 +23399,7 @@ Signer* findSignerByName(Signer *list, byte *hash)
return NULL; return NULL;
} }
int ParseCertRelativeEx(DecodedCert* cert, int type, int verify, void* cm, Signer *extraCAList) int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm, Signer *extraCAList)
{ {
int ret = 0; int ret = 0;
#ifndef WOLFSSL_ASN_TEMPLATE #ifndef WOLFSSL_ASN_TEMPLATE
@ -24056,11 +24056,6 @@ exit_pcr:
return ret; return ret;
} }
int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
{
return ParseCertRelativeEx(cert, type, verify, cm, NULL);
}
int FillSigner(Signer* signer, DecodedCert* cert, int type, DerBuffer *der) int FillSigner(Signer* signer, DecodedCert* cert, int type, DerBuffer *der)
{ {
int ret = 0; int ret = 0;
@ -26681,7 +26676,7 @@ static int wc_SetCert_LoadDer(Cert* cert, const byte* der, word32 derSz,
InitDecodedCert_ex((DecodedCert*)cert->decodedCert, der, derSz, InitDecodedCert_ex((DecodedCert*)cert->decodedCert, der, derSz,
cert->heap, devId); cert->heap, devId);
ret = ParseCertRelative((DecodedCert*)cert->decodedCert, ret = ParseCertRelative((DecodedCert*)cert->decodedCert,
CERT_TYPE, 0, NULL); CERT_TYPE, 0, NULL, NULL);
if (ret >= 0) { if (ret >= 0) {
cert->der = (byte*)der; cert->der = (byte*)der;
} }
@ -32425,7 +32420,7 @@ static int SetAltNamesFromCert(Cert* cert, const byte* der, int derSz,
#endif #endif
InitDecodedCert_ex(decoded, der, (word32)derSz, NULL, devId); InitDecodedCert_ex(decoded, der, (word32)derSz, NULL, devId);
ret = ParseCertRelative(decoded, CA_TYPE, NO_VERIFY, 0); ret = ParseCertRelative(decoded, CA_TYPE, NO_VERIFY, 0, NULL);
if (ret < 0) { if (ret < 0) {
WOLFSSL_MSG("ParseCertRelative error"); WOLFSSL_MSG("ParseCertRelative error");
@ -32624,7 +32619,7 @@ static int SetNameFromCert(CertName* cn, const byte* der, int derSz, int devId)
#endif #endif
InitDecodedCert_ex(decoded, der, (word32)derSz, NULL, devId); InitDecodedCert_ex(decoded, der, (word32)derSz, NULL, devId);
ret = ParseCertRelative(decoded, CA_TYPE, NO_VERIFY, 0); ret = ParseCertRelative(decoded, CA_TYPE, NO_VERIFY, 0, NULL);
if (ret < 0) { if (ret < 0) {
WOLFSSL_MSG("ParseCertRelative error"); WOLFSSL_MSG("ParseCertRelative error");
@ -36561,7 +36556,7 @@ static int DecodeBasicOcspResponse(byte* source, word32* ioIndex,
cert_inited = 1; cert_inited = 1;
/* Don't verify if we don't have access to Cert Manager. */ /* Don't verify if we don't have access to Cert Manager. */
ret = ParseCertRelativeEx(cert, CERT_TYPE, ret = ParseCertRelative(cert, CERT_TYPE,
noVerify ? NO_VERIFY : VERIFY_OCSP_CERT, noVerify ? NO_VERIFY : VERIFY_OCSP_CERT,
cm, resp->pendingCAs); cm, resp->pendingCAs);
if (ret < 0) { if (ret < 0) {
@ -36723,7 +36718,7 @@ static int DecodeBasicOcspResponse(byte* source, word32* ioIndex,
certInit = 1; certInit = 1;
/* Parse the certificate and don't verify if we don't have access to /* Parse the certificate and don't verify if we don't have access to
* Cert Manager. */ * Cert Manager. */
ret = ParseCertRelativeEx(cert, CERT_TYPE, noVerify ? NO_VERIFY : VERIFY, ret = ParseCertRelative(cert, CERT_TYPE, noVerify ? NO_VERIFY : VERIFY,
cm, resp->pendingCAs); cm, resp->pendingCAs);
if (ret < 0) { if (ret < 0) {
WOLFSSL_MSG("\tOCSP Responder certificate parsing failed"); WOLFSSL_MSG("\tOCSP Responder certificate parsing failed");

2
wolfcrypt/src/pkcs12.c
View File

@ -1126,7 +1126,7 @@ static WARN_UNUSED_RESULT int freeDecCertList(WC_DerCertList** list,
while (current != NULL) { while (current != NULL) {
InitDecodedCert(DeCert, current->buffer, current->bufferSz, heap); InitDecodedCert(DeCert, current->buffer, current->bufferSz, heap);
if (ParseCertRelative(DeCert, CERT_TYPE, NO_VERIFY, NULL) == 0) { if (ParseCertRelative(DeCert, CERT_TYPE, NO_VERIFY, NULL, NULL) == 0) {
if (wc_CheckPrivateKeyCert(*pkey, *pkeySz, DeCert, 0) == 1) { if (wc_CheckPrivateKeyCert(*pkey, *pkeySz, DeCert, 0) == 1) {
WOLFSSL_MSG("Key Pair found"); WOLFSSL_MSG("Key Pair found");
*cert = current->buffer; *cert = current->buffer;

2
wolfssl/wolfcrypt/asn.h
View File

@ -2187,8 +2187,6 @@ WOLFSSL_LOCAL int CheckCSRSignaturePubKey(const byte* cert, word32 certSz,
WOLFSSL_ASN_API int AddSignature(byte* buf, int bodySz, const byte* sig, int sigSz, WOLFSSL_ASN_API int AddSignature(byte* buf, int bodySz, const byte* sig, int sigSz,
int sigAlgoType); int sigAlgoType);
WOLFSSL_LOCAL int ParseCertRelative(DecodedCert* cert, int type, int verify, WOLFSSL_LOCAL int ParseCertRelative(DecodedCert* cert, int type, int verify,
void* cm);
WOLFSSL_LOCAL int ParseCertRelativeEx(DecodedCert* cert, int type, int verify,
void* cm, Signer *extraCa); void* cm, Signer *extraCa);
WOLFSSL_LOCAL int DecodeToKey(DecodedCert* cert, int verify); WOLFSSL_LOCAL int DecodeToKey(DecodedCert* cert, int verify);
#ifdef WOLFSSL_ASN_TEMPLATE #ifdef WOLFSSL_ASN_TEMPLATE