feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #1569 from kojo1/openSSL-Compat-CRL-STORE

Browse Source 
openSSL compatibility APIs: X509_CRL, STORE
This commit is contained in:
Chris Conlon
2018-05-29 09:47:22 -06:00
committed by GitHub
parent af471a360d c60b60c50c
commit 16738f1449
13 changed files with 783 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
src/crl.c
View File

@@ -49,8 +49,10 @@
int InitCRL(WOLFSSL_CRL* crl, WOLFSSL_CERT_MANAGER* cm)
{
WOLFSSL_ENTER("InitCRL");
crl->heap = cm->heap;
if(cm != NULL)
crl->heap = cm->heap;
else
crl->heap = NULL;
crl->cm = cm;
crl->crlList = NULL;
crl->monitors[0].path = NULL;
@@ -153,7 +155,6 @@ void FreeCRL(WOLFSSL_CRL* crl, int dynamic)
CRL_Entry* tmp = crl->crlList;
WOLFSSL_ENTER("FreeCRL");
if (crl->monitors[0].path)
XFREE(crl->monitors[0].path, crl->heap, DYNAMIC_TYPE_CRL_MONITOR);
@@ -491,6 +492,34 @@ int BufferLoadCRL(WOLFSSL_CRL* crl, const byte* buff, long sz, int type,
return ret ? ret : WOLFSSL_SUCCESS; /* convert 0 to WOLFSSL_SUCCESS */
}
#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL)
int wolfSSL_X509_STORE_add_crl(WOLFSSL_X509_STORE *store, WOLFSSL_X509_CRL *newcrl)
{
CRL_Entry *crle;
WOLFSSL_CRL *crl;
WOLFSSL_ENTER("wolfSSL_X509_STORE_add_crl");
if (store == NULL || newcrl == NULL)
return BAD_FUNC_ARG;
crl = store->crl;
crle = newcrl->crlList;
if (wc_LockMutex(&crl->crlLock) != 0)
{
WOLFSSL_MSG("wc_LockMutex failed");
return BAD_MUTEX_E;
}
crle->next = crl->crlList;
crl->crlList = crle;
newcrl->crlList = NULL;
wc_UnLockMutex(&crl->crlLock);
WOLFSSL_LEAVE("wolfSSL_X509_STORE_add_crl", WOLFSSL_SUCCESS);
return WOLFSSL_SUCCESS;
}
#endif
#ifdef HAVE_CRL_MONITOR

409
src/ssl.c
View File

@@ -17840,24 +17840,42 @@ int wolfSSL_X509_STORE_add_cert(WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509)
return result;
}
WOLFSSL_X509_STORE* wolfSSL_X509_STORE_new(void)
{
WOLFSSL_X509_STORE* store = NULL;
store = (WOLFSSL_X509_STORE*)XMALLOC(sizeof(WOLFSSL_X509_STORE), NULL,
DYNAMIC_TYPE_X509_STORE);
if (store != NULL) {
store->cm = wolfSSL_CertManagerNew();
if (store->cm == NULL) {
XFREE(store, NULL, DYNAMIC_TYPE_X509_STORE);
store = NULL;
}
else
store->isDynamic = 1;
}
if((store = (WOLFSSL_X509_STORE*)XMALLOC(sizeof(WOLFSSL_X509_STORE), NULL,
DYNAMIC_TYPE_X509_STORE)) == NULL)
goto err_exit;
if((store->cm = wolfSSL_CertManagerNew()) == NULL)
goto err_exit;
store->isDynamic = 1;
#ifdef HAVE_CRL
store->crl = NULL;
if((store->crl = (WOLFSSL_X509_CRL *)XMALLOC(sizeof(WOLFSSL_X509_CRL),
NULL, DYNAMIC_TYPE_TMP_BUFFER)) == NULL)
goto err_exit;
if(InitCRL(store->crl, NULL) < 0)
goto err_exit;
#endif
return store;
err_exit:
if(store == NULL)
return NULL;
if(store->cm != NULL)
wolfSSL_CertManagerFree(store->cm);
#ifdef HAVE_CRL
if(store->crl != NULL)
wolfSSL_X509_CRL_free(store->crl);
#endif
wolfSSL_X509_STORE_free(store);
return NULL;
}
@@ -17865,7 +17883,11 @@ void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE* store)
{
if (store != NULL && store->isDynamic) {
if (store->cm != NULL)
wolfSSL_CertManagerFree(store->cm);
wolfSSL_CertManagerFree(store->cm);
#ifdef HAVE_CRL
if (store->crl != NULL)
wolfSSL_X509_CRL_free(store->crl);
#endif
XFREE(store, NULL, DYNAMIC_TYPE_X509_STORE);
}
}
@@ -17994,6 +18016,150 @@ int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx)
}
#endif /* NO_CERTS */
#ifndef NO_FILESYSTEM
static void *wolfSSL_d2i_X509_fp_ex(XFILE file, void **x509, int type)
{
void *newx509 = NULL;
DerBuffer* der = NULL;
byte *fileBuffer = NULL;
if (file != XBADFILE)
{
long sz = 0;
XFSEEK(file, 0, XSEEK_END);
sz = XFTELL(file);
XREWIND(file);
if (sz < 0)
{
WOLFSSL_MSG("Bad tell on FILE");
return NULL;
}
fileBuffer = (byte *)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE);
if (fileBuffer != NULL)
{
if((long)XFREAD(fileBuffer, 1, sz, file) != sz)
{
WOLFSSL_MSG("File read failed");
goto err_exit;
}
if(type == CERT_TYPE)
newx509 = (void *)wolfSSL_X509_d2i(NULL, fileBuffer, (int)sz);
#ifdef HAVE_CRL
else if(type == CRL_TYPE)
newx509 = (void *)wolfSSL_d2i_X509_CRL(NULL, fileBuffer, (int)sz);
#endif
#if !defined(NO_ASN) && !defined(NO_PWDBASED)
else if(type == PKCS12_TYPE){
if((newx509 = wc_PKCS12_new()) == NULL)
goto err_exit;
if(wc_d2i_PKCS12(fileBuffer, (int)sz, (WC_PKCS12*)newx509) < 0)
goto err_exit;
}
#endif
else goto err_exit;
if(newx509 == NULL)
{
WOLFSSL_MSG("X509 failed");
goto err_exit;
}
}
}
if (x509 != NULL)
*x509 = newx509;
goto _exit;
err_exit:
if(newx509 != NULL){
if(type == CERT_TYPE)
wolfSSL_X509_free((WOLFSSL_X509*)newx509);
#ifdef HAVE_CRL
else {
if(type == CRL_TYPE)
wolfSSL_X509_CRL_free((WOLFSSL_X509_CRL*)newx509);
}
#endif
}
_exit:
if(der != NULL)
FreeDer(&der);
if(fileBuffer != NULL)
XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE);
return newx509;
}
WOLFSSL_X509_PKCS12 *wolfSSL_d2i_PKCS12_fp(XFILE fp, WOLFSSL_X509_PKCS12 **pkcs12)
{
WOLFSSL_ENTER("wolfSSL_d2i_PKCS12_fp");
return (WOLFSSL_X509_PKCS12 *)wolfSSL_d2i_X509_fp_ex(fp, (void **)pkcs12, PKCS12_TYPE);
}
WOLFSSL_X509 *wolfSSL_d2i_X509_fp(XFILE fp, WOLFSSL_X509 **x509)
{
WOLFSSL_ENTER("wolfSSL_d2i_X509_fp");
return (WOLFSSL_X509 *)wolfSSL_d2i_X509_fp_ex(fp, (void **)x509, CERT_TYPE);
}
#endif /* NO_FILESYSTEM */
#ifdef HAVE_CRL
WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_fp(XFILE fp, WOLFSSL_X509_CRL **crl)
{
WOLFSSL_ENTER("wolfSSL_d2i_X509_CRL_fp");
return (WOLFSSL_X509_CRL *)wolfSSL_d2i_X509_fp_ex(fp, (void **)crl, CRL_TYPE);
}
WOLFSSL_X509_CRL* wolfSSL_d2i_X509_CRL(WOLFSSL_X509_CRL** crl, const unsigned char* in, int len)
{
WOLFSSL_X509_CRL *newcrl = NULL;
int ret ;
WOLFSSL_ENTER("wolfSSL_d2i_X509_CRL");
if(in == NULL){
WOLFSSL_MSG("Bad argument value");
return NULL;
}
newcrl = (WOLFSSL_X509_CRL*)XMALLOC(sizeof(WOLFSSL_X509_CRL), NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (newcrl == NULL){
WOLFSSL_MSG("New CRL allocation failed");
return NULL;
}
if (InitCRL(newcrl, NULL) < 0) {
WOLFSSL_MSG("Init tmp CRL failed");
goto err_exit;
}
ret = BufferLoadCRL(newcrl, in, len, WOLFSSL_FILETYPE_ASN1, 1);
if (ret != WOLFSSL_SUCCESS){
WOLFSSL_MSG("Buffer Load CRL failed");
goto err_exit;
}
if(crl){
*crl = newcrl;
}
goto _exit;
err_exit:
if(newcrl != NULL)
wolfSSL_X509_CRL_free(newcrl);
newcrl = NULL;
_exit:
return newcrl;
}
void wolfSSL_X509_CRL_free(WOLFSSL_X509_CRL *crl)
{
WOLFSSL_ENTER("wolfSSL_X509_CRL_free");
FreeCRL(crl, 1);
return;
}
#endif
#ifndef NO_WOLFSSL_STUB
WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_lastUpdate(WOLFSSL_X509_CRL* crl)
{
@@ -27392,12 +27558,68 @@ int wolfSSL_PEM_write_RSA_PUBKEY(FILE *fp, WOLFSSL_RSA *x)
#endif /* OPENSSL_EXTRA */
#if !defined(NO_RSA) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
WOLFSSL_RSA *wolfSSL_d2i_RSAPublicKey(WOLFSSL_RSA **r, const unsigned char **pp, long len)
{
WOLFSSL_RSA *rsa = NULL;
WOLFSSL_ENTER("d2i_RSAPublicKey");
if(pp == NULL){
WOLFSSL_MSG("Bad argument");
return NULL;
}
if((rsa = wolfSSL_RSA_new()) == NULL){
WOLFSSL_MSG("RSA_new failed");
return NULL;
}
if(wolfSSL_RSA_LoadDer_ex(rsa, *pp, (int)len, WOLFSSL_RSA_LOAD_PUBLIC)
!= WOLFSSL_SUCCESS){
WOLFSSL_MSG("RSA_LoadDer failed");
return NULL;
}
if(r != NULL)
*r = rsa;
return rsa;
}
#if !defined(HAVE_FAST_RSA)
int wolfSSL_i2d_RSAPublicKey(WOLFSSL_RSA *rsa, const unsigned char **pp)
{
byte *der;
int derLen;
int ret;
WOLFSSL_ENTER("i2d_RSAPublicKey");
if((rsa == NULL) || (pp == NULL))
return WOLFSSL_FATAL_ERROR;
if((ret = SetRsaInternal(rsa)) != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("SetRsaInternal Failed");
return ret;
}
if((derLen = RsaPublicKeyDerSize((RsaKey *)rsa->internal, 1)) < 0)
return WOLFSSL_FATAL_ERROR;
der = (byte*)XMALLOC(derLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (der == NULL) {
return WOLFSSL_FATAL_ERROR;
}
if((ret = wc_RsaKeyToPublicDer((RsaKey *)rsa->internal, der, derLen)) < 0){
WOLFSSL_MSG("RsaKeyToPublicDer failed");
XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return ret;
}
*pp = der;
return ret;
}
#endif /* #if !defined(HAVE_FAST_RSA) */
/* return WOLFSSL_SUCCESS if success, WOLFSSL_FATAL_ERROR if error */
int wolfSSL_RSA_LoadDer(WOLFSSL_RSA* rsa, const unsigned char* derBuf, int derSz)
{
return wolfSSL_RSA_LoadDer_ex(rsa, derBuf, derSz, WOLFSSL_RSA_LOAD_PRIVATE);
}
int wolfSSL_RSA_LoadDer_ex(WOLFSSL_RSA* rsa, const unsigned char* derBuf,
int derSz, int opt)
{
@@ -28375,6 +28597,71 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
return x509;
}
#if defined(HAVE_CRL) && !defined(NO_FILESYSTEM)
WOLFSSL_API WOLFSSL_X509_CRL* wolfSSL_PEM_read_X509_CRL(FILE *fp, WOLFSSL_X509_CRL **crl,
pem_password_cb *cb, void *u)
{
#if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM)
unsigned char* pem = NULL;
DerBuffer* der = NULL;
int pemSz;
int derSz;
long i = 0, l;
WOLFSSL_X509_CRL* newcrl;
WOLFSSL_ENTER("wolfSSL_PEM_read_X509_CRL");
if (fp == NULL) {
WOLFSSL_LEAVE("wolfSSL_PEM_read_X509_CRL", BAD_FUNC_ARG);
return NULL;
}
/* Read in CRL from file */
i = XFTELL(fp);
if (i < 0) {
WOLFSSL_LEAVE("wolfSSL_PEM_read_X509_CRL", BAD_FUNC_ARG);
return NULL;
}
if (XFSEEK(fp, 0, SEEK_END) != 0)
return NULL;
l = XFTELL(fp);
if (l < 0)
return NULL;
if (XFSEEK(fp, i, SEEK_SET) != 0)
return NULL;
pemSz = (int)(l - i);
/* check calculated length */
if (pemSz < 0)
return NULL;
if((pem = (unsigned char*)XMALLOC(pemSz, 0, DYNAMIC_TYPE_PEM)) == NULL)
return NULL;
if((int)XFREAD((char *)pem, 1, pemSz, fp) != pemSz)
goto err_exit;
if((PemToDer(pem, pemSz, CRL_TYPE, &der, NULL, NULL, NULL)) < 0)
goto err_exit;
XFREE(pem, 0, DYNAMIC_TYPE_PEM);
derSz = der->length;
if((newcrl = wolfSSL_d2i_X509_CRL(crl, (const unsigned char *)der->buffer, derSz)) == NULL)
goto err_exit;
FreeDer(&der);
return newcrl;
err_exit:
if(pem != NULL)
XFREE(pem, 0, DYNAMIC_TYPE_PEM);
if(der != NULL)
FreeDer(&der);
return NULL;
(void)cb;
(void)u;
#endif
}
#endif
/*
* bp : bio to read X509 from
@@ -29105,6 +29392,102 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
}
}
#endif /* ! NO_SHA256 */
#if defined(WOLFSSL_SHA384) && defined(WOLFSSL_SHA512)
/* One shot SHA384 hash of message.
*
* d message to hash
* n size of d buffer
* md buffer to hold digest. Should be WC_SHA256_DIGEST_SIZE.
*
* Note: if md is null then a static buffer of WC_SHA256_DIGEST_SIZE is used.
* When the static buffer is used this function is not thread safe.
*
* Returns a pointer to the message digest on success and NULL on failure.
*/
unsigned char *wolfSSL_SHA384(const unsigned char *d, size_t n,
unsigned char *md)
{
static byte dig[WC_SHA384_DIGEST_SIZE];
wc_Sha384 sha;
WOLFSSL_ENTER("wolfSSL_SHA384");
if (wc_InitSha384_ex(&sha, NULL, 0) != 0) {
WOLFSSL_MSG("SHA384 Init failed");
return NULL;
}
if (wc_Sha384Update(&sha, (const byte*)d, (word32)n) != 0) {
WOLFSSL_MSG("SHA384 Update failed");
return NULL;
}
if (wc_Sha384Final(&sha, dig) != 0) {
WOLFSSL_MSG("SHA384 Final failed");
return NULL;
}
wc_Sha384Free(&sha);
if (md != NULL) {
XMEMCPY(md, dig, WC_SHA384_DIGEST_SIZE);
return md;
}
else {
return (unsigned char*)dig;
}
}
#endif /* defined(WOLFSSL_SHA384) && defined(WOLFSSL_SHA512) */
#if defined(WOLFSSL_SHA512)
/* One shot SHA512 hash of message.
*
* d message to hash
* n size of d buffer
* md buffer to hold digest. Should be WC_SHA256_DIGEST_SIZE.
*
* Note: if md is null then a static buffer of WC_SHA256_DIGEST_SIZE is used.
* When the static buffer is used this function is not thread safe.
*
* Returns a pointer to the message digest on success and NULL on failure.
*/
unsigned char *wolfSSL_SHA512(const unsigned char *d, size_t n,
unsigned char *md)
{
static byte dig[WC_SHA512_DIGEST_SIZE];
wc_Sha512 sha;
WOLFSSL_ENTER("wolfSSL_SHA512");
if (wc_InitSha512_ex(&sha, NULL, 0) != 0) {
WOLFSSL_MSG("SHA512 Init failed");
return NULL;
}
if (wc_Sha512Update(&sha, (const byte*)d, (word32)n) != 0) {
WOLFSSL_MSG("SHA512 Update failed");
return NULL;
}
if (wc_Sha512Final(&sha, dig) != 0) {
WOLFSSL_MSG("SHA512 Final failed");
return NULL;
}
wc_Sha512Free(&sha);
if (md != NULL) {
XMEMCPY(md, dig, WC_SHA512_DIGEST_SIZE);
return md;
}
else {
return (unsigned char*)dig;
}
}
#endif /* defined(WOLFSSL_SHA512) */
char wolfSSL_CTX_use_certificate(WOLFSSL_CTX *ctx, WOLFSSL_X509 *x)
{
int ret;

195
tests/api.c
View File

@@ -9697,7 +9697,8 @@ static int test_wc_RsaPublicKeyDecodeRaw (void)
} /* END test_wc_RsaPublicKeyDecodeRaw */
#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
#if (!defined(NO_RSA) || !defined(HAVE_FAST_RSA)) && (defined(WOLFSSL_KEY_GEN) || \
defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
/* In FIPS builds, wc_MakeRsaKey() will return an error if it cannot find
* a probable prime in 5*(modLen/2) attempts. In non-FIPS builds, it keeps
* trying until it gets a probable prime. */
@@ -10033,9 +10034,10 @@ static int test_wc_RsaKeyToDer (void)
* Testing wc_RsaKeyToPublicDer()
*/
static int test_wc_RsaKeyToPublicDer (void)
{
{
int ret = 0;
#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
#if !defined(NO_RSA) && !defined(HAVE_FAST_RSA) && defined(WOLFSSL_KEY_GEN) &&\
(defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
RsaKey key;
WC_RNG rng;
byte* der;
@@ -16424,6 +16426,33 @@ static void test_wolfSSL_CTX_set_srp_password(void)
/* && !NO_SHA256 && !WC_NO_RNG */
}
static void test_wolfSSL_X509_STORE(void)
{
#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL)
X509_STORE *store;
X509_CRL *crl;
X509 *x509;
const char crl_pem[] = "./certs/crl/crl.pem";
const char svrCert[] = "./certs/server-cert.pem";
XFILE fp;
printf(testingFmt, "test_wolfSSL_X509_STORE");
AssertNotNull(store = (X509_STORE *)X509_STORE_new());
AssertNotNull((x509 =
wolfSSL_X509_load_certificate_file(svrCert, SSL_FILETYPE_PEM)));
AssertIntEQ(X509_STORE_add_cert(store, x509), SSL_SUCCESS);
X509_free(x509);
AssertNotNull(fp = XFOPEN(crl_pem, "rb"));
AssertNotNull(crl = (X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)NULL, NULL, NULL));
XFCLOSE(fp);
AssertIntEQ(X509_STORE_add_crl(store, crl), SSL_SUCCESS);
X509_CRL_free(crl);
X509_STORE_free(store);
printf(resultFmt, passed);
#endif
return;
}
static void test_wolfSSL_BN(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_ASN)
@@ -17082,6 +17111,9 @@ static void test_wolfSSL_X509(void)
X509_STORE_CTX* ctx;
X509_STORE* store;
char der[] = "certs/ca-cert.der";
XFILE fp;
printf(testingFmt, "wolfSSL_X509()");
AssertNotNull(x509 = X509_new());
@@ -17106,6 +17138,18 @@ static void test_wolfSSL_X509(void)
X509_STORE_CTX_free(ctx);
BIO_free(bio);
/** d2i_X509_fp test **/
AssertNotNull(fp = XFOPEN(der, "rb"));
AssertNotNull(x509 = (X509 *)d2i_X509_fp(fp, (X509 **)NULL));
AssertNotNull(x509);
X509_free(x509);
XFCLOSE(fp);
AssertNotNull(fp = XFOPEN(der, "rb"));
AssertNotNull((X509 *)d2i_X509_fp(fp, (X509 **)&x509));
AssertNotNull(x509);
X509_free(x509);
XFCLOSE(fp);
printf(resultFmt, passed);
#endif
}
@@ -17816,6 +17860,42 @@ static void test_wolfSSL_RSA(void)
#endif
}
static void test_wolfSSL_RSA_DER(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_FAST_RSA)
RSA *rsa;
int i;
struct
{
const unsigned char *der;
int sz;
} tbl[] = {
#ifdef USE_CERT_BUFFERS_1024
{client_key_der_1024, sizeof_client_key_der_1024},
{server_key_der_1024, sizeof_server_key_der_1024},
#endif
#ifdef USE_CERT_BUFFERS_2048
{client_key_der_2048, sizeof_client_key_der_2048},
{server_key_der_2048, sizeof_server_key_der_2048},
#endif
{NULL, 0}
};
printf(testingFmt, "test_wolfSSL_RSA_DER()");
for (i = 0; tbl[i].der != NULL; i++)
{
AssertNotNull(d2i_RSAPublicKey(&rsa, &tbl[i].der, tbl[i].sz));
AssertNotNull(rsa);
RSA_free(rsa);
}
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_verify_depth(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
@@ -18083,6 +18163,52 @@ static void test_wolfSSL_SHA(void)
AssertIntEQ(XMEMCMP(out, expected, WC_SHA_DIGEST_SIZE), 0);
}
#endif
#if !defined(NO_SHA256)
{
const unsigned char in[] = "abc";
unsigned char expected[] = "\xBA\x78\x16\xBF\x8F\x01\xCF\xEA\x41\x41\x40\xDE\x5D\xAE\x22"
"\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00"
"\x15\xAD";
unsigned char out[WC_SHA256_DIGEST_SIZE];
XMEMSET(out, 0, WC_SHA256_DIGEST_SIZE);
AssertNotNull(SHA256(in, XSTRLEN((char*)in), out));
AssertIntEQ(XMEMCMP(out, expected, WC_SHA256_DIGEST_SIZE), 0);
}
#endif
#if defined(WOLFSSL_SHA384) && defined(WOLFSSL_SHA512)
{
const unsigned char in[] = "abc";
unsigned char expected[] = "\xcb\x00\x75\x3f\x45\xa3\x5e\x8b\xb5\xa0\x3d\x69\x9a\xc6\x50"
"\x07\x27\x2c\x32\xab\x0e\xde\xd1\x63\x1a\x8b\x60\x5a\x43\xff"
"\x5b\xed\x80\x86\x07\x2b\xa1\xe7\xcc\x23\x58\xba\xec\xa1\x34"
"\xc8\x25\xa7";
unsigned char out[WC_SHA384_DIGEST_SIZE];
XMEMSET(out, 0, WC_SHA384_DIGEST_SIZE);
AssertNotNull(SHA384(in, XSTRLEN((char*)in), out));
AssertIntEQ(XMEMCMP(out, expected, WC_SHA384_DIGEST_SIZE), 0);
}
#endif
#if defined(WOLFSSL_SHA512)
{
const unsigned char in[] = "abc";
unsigned char expected[] = "\xdd\xaf\x35\xa1\x93\x61\x7a\xba\xcc\x41\x73\x49\xae\x20\x41"
"\x31\x12\xe6\xfa\x4e\x89\xa9\x7e\xa2\x0a\x9e\xee\xe6\x4b\x55"
"\xd3\x9a\x21\x92\x99\x2a\x27\x4f\xc1\xa8\x36\xba\x3c\x23\xa3"
"\xfe\xeb\xbd\x45\x4d\x44\x23\x64\x3c\xe8\x0e\x2a\x9a\xc9\x4f"
"\xa5\x4c\xa4\x9f";
unsigned char out[WC_SHA512_DIGEST_SIZE];
XMEMSET(out, 0, WC_SHA512_DIGEST_SIZE);
AssertNotNull(SHA512(in, XSTRLEN((char*)in), out));
AssertIntEQ(XMEMCMP(out, expected, WC_SHA512_DIGEST_SIZE), 0);
}
#endif
printf(resultFmt, passed);
#endif
}
@@ -19010,6 +19136,66 @@ static int test_wc_RNG_GenerateBlock()
}
#endif
static void test_wolfSSL_X509_CRL(void)
{
#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL)
X509_CRL *crl;
char pem[][100] = {
"./certs/crl/crl.pem",
"./certs/crl/crl2.pem",
"./certs/crl/caEccCrl.pem",
"./certs/crl/eccCliCRL.pem",
"./certs/crl/eccSrvCRL.pem",
""
};
#ifdef HAVE_TEST_d2i_X509_CRL_fp
char der[][100] = {
"./certs/crl/crl.der",
"./certs/crl/crl2.der",
""};
#endif
XFILE fp;
int i;
printf(testingFmt, "test_wolfSSL_X509_CRL");
for (i = 0; pem[i][0] != '\0'; i++)
{
AssertNotNull(fp = XFOPEN(pem[i], "rb"));
AssertNotNull(crl = (X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)NULL, NULL, NULL));
AssertNotNull(crl);
X509_CRL_free(crl);
XFCLOSE(fp);
AssertNotNull(fp = XFOPEN(pem[i], "rb"));
AssertNotNull((X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)&crl, NULL, NULL));
AssertNotNull(crl);
X509_CRL_free(crl);
XFCLOSE(fp);
}
#ifdef HAVE_TEST_d2i_X509_CRL_fp
for(i = 0; der[i][0] != '\0'; i++){
AssertNotNull(fp = XFOPEN(der[i], "rb"));
AssertNotNull(crl = (X509_CRL *)d2i_X509_CRL_fp((fp, X509_CRL **)NULL));
AssertNotNull(crl);
X509_CRL_free(crl);
XFCLOSE(fp);
AssertNotNull(fp = XFOPEN(der[i], "rb"));
AssertNotNull((X509_CRL *)d2i_X509_CRL_fp(fp, (X509_CRL **)&crl));
AssertNotNull(crl);
X509_CRL_free(crl);
XFCLOSE(fp);
}
#endif
printf(resultFmt, passed);
#endif
return;
}
/*----------------------------------------------------------------------------*
| Main
*----------------------------------------------------------------------------*/
@@ -19082,6 +19268,7 @@ void ApiTest(void)
test_wolfSSL_X509_LOOKUP_load_file();
test_wolfSSL_X509_NID();
test_wolfSSL_X509_STORE_CTX_set_time();
test_wolfSSL_X509_STORE();
test_wolfSSL_BN();
test_wolfSSL_PEM_read_bio();
test_wolfSSL_BIO();
@@ -19109,6 +19296,7 @@ void ApiTest(void)
test_wolfSSL_sk_GENERAL_NAME();
test_wolfSSL_MD4();
test_wolfSSL_RSA();
test_wolfSSL_RSA_DER();
test_wolfSSL_verify_depth();
test_wolfSSL_HMAC_CTX();
test_wolfSSL_msg_callback();
@@ -19117,6 +19305,7 @@ void ApiTest(void)
test_wolfSSL_AES_ecb_encrypt();
test_wolfSSL_SHA256();
test_wolfSSL_X509_get_serialNumber();
test_wolfSSL_X509_CRL();
/* test the no op functions for compatibility */
test_no_op_functions();

102
wolfcrypt/src/asn.c
View File

@@ -502,7 +502,7 @@ char* GetSigName(int oid) {
#if !defined(NO_DSA) || defined(HAVE_ECC) || \
(!defined(NO_RSA) && \
(defined(WOLFSSL_CERT_GEN) || \
(defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA))))
((defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA)) && !defined(HAVE_USER_RSA))))
/* Set the DER/BER encoding of the ASN.1 INTEGER header.
*
* len Length of data to encode.
@@ -526,7 +526,7 @@ static int SetASNInt(int len, byte firstByte, byte* output)
#endif
#if !defined(NO_DSA) || defined(HAVE_ECC) || defined(WOLFSSL_CERT_GEN) || \
(defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && !defined(HAVE_USER_RSA))
((defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA)) && !defined(NO_RSA) && !defined(HAVE_USER_RSA))
/* Set the DER/BER encoding of the ASN.1 INTEGER element with an mp_int.
* The number is assumed to be positive.
*
@@ -796,10 +796,10 @@ static int CheckBitString(const byte* input, word32* inOutIdx, int* len,
/* RSA (with CertGen or KeyGen) OR ECC OR ED25519 (with CertGen or KeyGen) */
#if (!defined(NO_RSA) && !defined(HAVE_USER_RSA) && \
(defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN))) || \
(defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA))) || \
defined(HAVE_ECC) || \
(defined(HAVE_ED25519) && \
(defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN)))
(defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA)))
/* Set the DER/BER encoding of the ASN.1 BIT_STRING header.
*
@@ -7314,6 +7314,11 @@ const char* const END_PUB_KEY = "-----END PUBLIC KEY-----";
const char* const BEGIN_EDDSA_PRIV = "-----BEGIN EDDSA PRIVATE KEY-----";
const char* const END_EDDSA_PRIV = "-----END EDDSA PRIVATE KEY-----";
#endif
#ifdef HAVE_CRL
const char *const BEGIN_CRL = "-----BEGIN X509 CRL-----";
const char* const END_CRL = "-----END X509 CRL-----";
#endif
int wc_PemGetHeaderFooter(int type, const char** header, const char** footer)
@@ -7786,6 +7791,11 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
{
header = BEGIN_EDDSA_PRIV; footer = END_EDDSA_PRIV;
} else
#endif
#ifdef HAVE_CRL
if (type == CRL_TYPE) {
header = BEGIN_CRL; footer = END_CRL;
} else
#endif
{
break;
@@ -8246,7 +8256,7 @@ int wc_PemPubKeyToDer(const char* fileName,
#if !defined(NO_RSA) && (defined(WOLFSSL_CERT_GEN) || \
(defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA)))
((defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA)) && !defined(HAVE_USER_RSA)))
/* USER RSA ifdef portions used instead of refactor in consideration for
possible fips build */
/* Write a public RSA key to output */
@@ -8386,6 +8396,85 @@ static int SetRsaPublicKey(byte* output, RsaKey* key,
return idx;
}
int RsaPublicKeyDerSize(RsaKey* key, int with_header)
{
byte* dummy = NULL;
byte seq[MAX_SEQ_SZ];
byte bitString[1 + MAX_LENGTH_SZ + 1];
int nSz;
int eSz;
int seqSz;
int bitStringSz;
int idx;
if (key == NULL)
return BAD_FUNC_ARG;
/* n */
dummy = (byte*)XMALLOC(MAX_RSA_INT_SZ, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (dummy == NULL)
return MEMORY_E;
#ifdef HAVE_USER_RSA
nSz = SetASNIntRSA(key->n, dummy);
#else
nSz = SetASNIntMP(&key->n, MAX_RSA_INT_SZ, dummy);
#endif
XFREE(dummy, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (nSz < 0) {
return nSz;
}
/* e */
dummy = (byte*)XMALLOC(MAX_RSA_E_SZ, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (dummy == NULL) {
XFREE(dummy, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
return MEMORY_E;
}
#ifdef HAVE_USER_RSA
eSz = SetASNIntRSA(key->e, dummy);
#else
eSz = SetASNIntMP(&key->e, MAX_RSA_INT_SZ, dummy);
#endif
XFREE(dummy, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (eSz < 0) {
return eSz;
}
seqSz = SetSequence(nSz + eSz, seq);
/* headers */
if (with_header) {
int algoSz;
dummy = (byte*)XMALLOC(MAX_RSA_INT_SZ, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (dummy == NULL)
return MEMORY_E;
algoSz = SetAlgoID(RSAk, dummy, oidKeyType, 0);
bitStringSz = SetBitString(seqSz + nSz + eSz, 0, bitString);
idx = SetSequence(nSz + eSz + seqSz + bitStringSz + algoSz, dummy);
XFREE(dummy, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
/* algo */
idx += algoSz;
/* bit string */
idx += bitStringSz;
}
else
idx = 0;
/* seq */
idx += seqSz;
/* n */
idx += nSz;
/* e */
idx += eSz;
return idx;
}
#endif /* !NO_RSA && (WOLFSSL_CERT_GEN || (WOLFSSL_KEY_GEN &&
!HAVE_USER_RSA))) */
@@ -8498,8 +8587,9 @@ int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen)
return outLen;
}
#endif
#if (defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA)) && !defined(NO_RSA) && !defined(HAVE_USER_RSA)
/* Convert Rsa Public key to DER format, write to output (inLen), return bytes
written */
int wc_RsaKeyToPublicDer(RsaKey* key, byte* output, word32 inLen)

12
wolfssl/openssl/sha.h
View File

@@ -148,7 +148,11 @@ typedef WOLFSSL_SHA384_CTX SHA384_CTX;
#define SHA384_Init wolfSSL_SHA384_Init
#define SHA384_Update wolfSSL_SHA384_Update
#define SHA384_Final wolfSSL_SHA384_Final
#if defined(NO_OLD_SHA256_NAMES) && !defined(HAVE_FIPS)
/* SHA384 is only available in non-fips mode because of SHA256 enum in FIPS
* build. */
#define SHA384 wolfSSL_SHA384
#endif
#endif /* WOLFSSL_SHA384 */
#ifdef WOLFSSL_SHA512
@@ -173,7 +177,11 @@ typedef WOLFSSL_SHA512_CTX SHA512_CTX;
#define SHA512_Init wolfSSL_SHA512_Init
#define SHA512_Update wolfSSL_SHA512_Update
#define SHA512_Final wolfSSL_SHA512_Final
#if defined(NO_OLD_SHA256_NAMES) && !defined(HAVE_FIPS)
/* SHA256 is only available in non-fips mode because of SHA256 enum in FIPS
* build. */
#define SHA512 wolfSSL_SHA512
#endif
#endif /* WOLFSSL_SHA512 */

16
wolfssl/openssl/ssl.h
View File

@@ -322,6 +322,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
#define X509_STORE_CTX_get_current_cert wolfSSL_X509_STORE_CTX_get_current_cert
#define X509_STORE_add_cert wolfSSL_X509_STORE_add_cert
#define X509_STORE_add_crl wolfSSL_X509_STORE_add_crl
#define X509_STORE_set_flags wolfSSL_X509_STORE_set_flags
#define X509_STORE_CTX_set_verify_cb wolfSSL_X509_STORE_CTX_set_verify_cb
#define X509_STORE_CTX_free wolfSSL_X509_STORE_CTX_free
@@ -348,7 +349,8 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
#define X509_LOOKUP_file wolfSSL_X509_LOOKUP_file
#define X509_STORE_add_lookup wolfSSL_X509_STORE_add_lookup
#define X509_STORE_new wolfSSL_X509_STORE_new
#define X509_STORE_new wolfSSL_X509_STORE_new
#define X509_STORE_free wolfSSL_X509_STORE_free
#define X509_STORE_get_by_subject wolfSSL_X509_STORE_get_by_subject
#define X509_STORE_CTX_init wolfSSL_X509_STORE_CTX_init
#define X509_STORE_CTX_cleanup wolfSSL_X509_STORE_CTX_cleanup
@@ -511,8 +513,16 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
#define sk_X509_free wolfSSL_sk_X509_free
#define i2d_X509_bio wolfSSL_i2d_X509_bio
#define d2i_X509_bio wolfSSL_d2i_X509_bio
#define d2i_X509_fp wolfSSL_d2i_X509_fp
#define i2d_X509 wolfSSL_i2d_X509
#define d2i_X509 wolfSSL_d2i_X509
#define d2i_PKCS12_bio wolfSSL_d2i_PKCS12_bio
#define d2i_PKCS12_fp wolfSSL_d2i_PKCS12_fp
#define d2i_RSAPublicKey wolfSSL_d2i_RSAPublicKey
#define i2d_RSAPublicKey wolfSSL_i2d_RSAPublicKey
#define d2i_X509_CRL wolfSSL_d2i_X509_CRL
#define d2i_X509_CRL_fp wolfSSL_d2i_X509_CRL_fp
#define X509_CRL_free wolfSSL_X509_CRL_free
#define SSL_CTX_get_ex_data wolfSSL_CTX_get_ex_data
#define SSL_CTX_set_ex_data wolfSSL_CTX_set_ex_data
@@ -528,6 +538,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
#define SSL_CTX_get_ex_new_index wolfSSL_CTX_get_ex_new_index
#define PEM_read_bio_X509 wolfSSL_PEM_read_bio_X509
#define PEM_read_bio_X509_AUX wolfSSL_PEM_read_bio_X509_AUX
#define PEM_read_X509_CRL wolfSSL_PEM_read_X509_CRL
/*#if OPENSSL_API_COMPAT < 0x10100000L*/
#define CONF_modules_free()
@@ -549,7 +560,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
#define X509_NAME_free wolfSSL_X509_NAME_free
#define X509_NAME_new wolfSSL_X509_NAME_new
typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY;
typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY;
#define SSL_CTX_use_certificate wolfSSL_CTX_use_certificate
#define SSL_CTX_use_PrivateKey wolfSSL_CTX_use_PrivateKey
@@ -568,6 +579,7 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY;
#define X509_NAME_ENTRY_get_data wolfSSL_X509_NAME_ENTRY_get_data
#define sk_X509_NAME_pop_free wolfSSL_sk_X509_NAME_pop_free
#define SHA1 wolfSSL_SHA1
#define X509_check_private_key wolfSSL_X509_check_private_key
#define SSL_dup_CA_list wolfSSL_dup_CA_list

34
wolfssl/ssl.h
View File

@@ -121,6 +121,7 @@ typedef struct WOLFSSL_X509 WOLFSSL_X509;
typedef struct WOLFSSL_X509_NAME WOLFSSL_X509_NAME;
typedef struct WOLFSSL_X509_NAME_ENTRY WOLFSSL_X509_NAME_ENTRY;
typedef struct WOLFSSL_X509_CHAIN WOLFSSL_X509_CHAIN;
typedef struct WC_PKCS12 WOLFSSL_X509_PKCS12;
typedef struct WOLFSSL_CERT_MANAGER WOLFSSL_CERT_MANAGER;
typedef struct WOLFSSL_SOCKADDR WOLFSSL_SOCKADDR;
@@ -164,7 +165,7 @@ typedef struct WOLFSSL_ECDSA_SIG WOLFSSL_ECDSA_SIG;
typedef struct WOLFSSL_CIPHER WOLFSSL_CIPHER;
typedef struct WOLFSSL_X509_LOOKUP WOLFSSL_X509_LOOKUP;
typedef struct WOLFSSL_X509_LOOKUP_METHOD WOLFSSL_X509_LOOKUP_METHOD;
typedef struct WOLFSSL_X509_CRL WOLFSSL_X509_CRL;
typedef struct WOLFSSL_CRL WOLFSSL_X509_CRL;
typedef struct WOLFSSL_X509_STORE WOLFSSL_X509_STORE;
typedef struct WOLFSSL_X509_VERIFY_PARAM WOLFSSL_X509_VERIFY_PARAM;
typedef struct WOLFSSL_BIO WOLFSSL_BIO;
@@ -300,6 +301,9 @@ struct WOLFSSL_X509_STORE {
#ifdef OPENSSL_EXTRA
int isDynamic;
#endif
#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL)
WOLFSSL_X509_CRL *crl;
#endif
};
#ifdef OPENSSL_EXTRA
@@ -992,8 +996,10 @@ WOLFSSL_API const char* wolfSSL_state_string_long(const WOLFSSL*);
WOLFSSL_API WOLFSSL_RSA* wolfSSL_RSA_generate_key(int, unsigned long,
void(*)(int, int, void*), void*);
WOLFSSL_API void wolfSSL_CTX_set_tmp_rsa_callback(WOLFSSL_CTX*,
WOLFSSL_RSA*(*)(WOLFSSL*, int, int));
WOLFSSL_API WOLFSSL_RSA *wolfSSL_d2i_RSAPublicKey(WOLFSSL_RSA **r, const unsigned char **pp, long len);
WOLFSSL_API int wolfSSL_i2d_RSAPublicKey(WOLFSSL_RSA *r, const unsigned char **pp);
WOLFSSL_API void wolfSSL_CTX_set_tmp_rsa_callback(WOLFSSL_CTX *,
WOLFSSL_RSA *(*)(WOLFSSL *, int, int));
WOLFSSL_API int wolfSSL_PEM_def_callback(char*, int num, int w, void* key);
@@ -1518,6 +1524,13 @@ WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509(WOLFSSL_X509** x509,
WOLFSSL_API WOLFSSL_X509*
wolfSSL_X509_d2i(WOLFSSL_X509** x509, const unsigned char* in, int len);
WOLFSSL_API int wolfSSL_i2d_X509(WOLFSSL_X509* x509, unsigned char** out);
WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL(WOLFSSL_X509_CRL **crl,
const unsigned char *in, int len);
#ifndef NO_FILESYSTEM
WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_fp(XFILE file, WOLFSSL_X509_CRL **crl);
#endif
WOLFSSL_API void wolfSSL_X509_CRL_free(WOLFSSL_X509_CRL *crl);
#ifndef NO_FILESYSTEM
#ifndef NO_STDIO_FILESYSTEM
WOLFSSL_API WOLFSSL_X509*
@@ -1547,6 +1560,10 @@ WOLFSSL_API int wolfSSL_connect_cert(WOLFSSL* ssl);
typedef struct WC_PKCS12 WC_PKCS12;
WOLFSSL_API WC_PKCS12* wolfSSL_d2i_PKCS12_bio(WOLFSSL_BIO* bio,
WC_PKCS12** pkcs12);
#ifndef NO_FILESYSTEM
WOLFSSL_API WOLFSSL_X509_PKCS12* wolfSSL_d2i_PKCS12_fp(XFILE fp,
WOLFSSL_X509_PKCS12** pkcs12);
#endif
WOLFSSL_API int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
WOLFSSL_EVP_PKEY** pkey, WOLFSSL_X509** cert,
WOLF_STACK_OF(WOLFSSL_X509)** ca);
@@ -2530,6 +2547,10 @@ WOLFSSL_API int wolfSSL_SESSION_get_master_key_length(const WOLFSSL_SESSION* ses
WOLFSSL_API void wolfSSL_CTX_set_cert_store(WOLFSSL_CTX* ctx,
WOLFSSL_X509_STORE* str);
WOLFSSL_API int wolfSSL_i2d_X509_bio(WOLFSSL_BIO* bio, WOLFSSL_X509* x509);
#if !defined(NO_FILESYSTEM)
WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509_fp(XFILE fp,
WOLFSSL_X509** x509);
#endif
WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509_bio(WOLFSSL_BIO* bio,
WOLFSSL_X509** x509);
WOLFSSL_API WOLFSSL_X509_STORE* wolfSSL_CTX_get_cert_store(WOLFSSL_CTX* ctx);
@@ -2543,6 +2564,10 @@ WOLFSSL_API int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *p
WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u);
WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_AUX
(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u);
#ifndef NO_FILESYSTEM
WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_PEM_read_X509_CRL(FILE *fp, WOLFSSL_X509_CRL **x,
pem_password_cb *cb, void *u);
#endif
/*lighttp compatibility */
@@ -2575,6 +2600,8 @@ WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(WOLFSSL_X509_NA
WOLFSSL_API void wolfSSL_sk_X509_NAME_pop_free(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk, void f (WOLFSSL_X509_NAME*));
WOLFSSL_API unsigned char *wolfSSL_SHA1(const unsigned char *d, size_t n, unsigned char *md);
WOLFSSL_API unsigned char *wolfSSL_SHA256(const unsigned char *d, size_t n, unsigned char *md);
WOLFSSL_API unsigned char *wolfSSL_SHA384(const unsigned char *d, size_t n, unsigned char *md);
WOLFSSL_API unsigned char *wolfSSL_SHA512(const unsigned char *d, size_t n, unsigned char *md);
WOLFSSL_API int wolfSSL_X509_check_private_key(WOLFSSL_X509*, WOLFSSL_EVP_PKEY*);
WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_dup_CA_list( WOLF_STACK_OF(WOLFSSL_X509_NAME) *sk );
@@ -2875,6 +2902,7 @@ WOLFSSL_API int i2t_ASN1_OBJECT(char *buf, int buf_len, WOLFSSL_ASN1_OBJECT *a);
WOLFSSL_API void SSL_CTX_set_tmp_dh_callback(WOLFSSL_CTX *ctx, WOLFSSL_DH *(*dh) (WOLFSSL *ssl, int is_export, int keylength));
WOLFSSL_API WOLF_STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
WOLFSSL_API int X509_STORE_load_locations(WOLFSSL_X509_STORE *ctx, const char *file, const char *dir);
WOLFSSL_API int wolfSSL_X509_STORE_add_crl(WOLFSSL_X509_STORE *ctx, WOLFSSL_X509_CRL *x);
WOLFSSL_API int wolfSSL_sk_SSL_CIPHER_num(const void * p);
WOLFSSL_API int wolfSSL_sk_SSL_COMP_zero(WOLFSSL_STACK* st);
WOLFSSL_API WOLFSSL_CIPHER* wolfSSL_sk_SSL_CIPHER_value(void *ciphers, int idx);

1
wolfssl/wolfcrypt/asn.h
View File

@@ -860,6 +860,7 @@ WOLFSSL_LOCAL int GetSerialNumber(const byte* input, word32* inOutIdx,
WOLFSSL_LOCAL int GetNameHash(const byte* source, word32* idx, byte* hash,
int maxIdx);
WOLFSSL_LOCAL int wc_CheckPrivateKey(byte* key, word32 keySz, DecodedCert* der);
WOLFSSL_LOCAL int RsaPublicKeyDerSize(RsaKey* key, int with_header);
#ifdef HAVE_ECC
/* ASN sig helpers */

3
wolfssl/wolfcrypt/asn_public.h
View File

@@ -72,7 +72,8 @@ enum CertType {
ECC_PUBLICKEY_TYPE,
TRUSTED_PEER_TYPE,
EDDSA_PRIVATEKEY_TYPE,
ED25519_TYPE
ED25519_TYPE,
PKCS12_TYPE
};

3
wolfssl/wolfcrypt/rsa.h
View File

@@ -247,8 +247,9 @@ WOLFSSL_API int wc_RsaExportKey(RsaKey* key,
byte* p, word32* pSz,
byte* q, word32* qSz);
WOLFSSL_API int wc_RsaKeyToPublicDer(RsaKey*, byte* output, word32 inLen);
#ifdef WOLFSSL_KEY_GEN
WOLFSSL_API int wc_RsaKeyToPublicDer(RsaKey*, byte* output, word32 inLen);
WOLFSSL_API int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng);
WOLFSSL_API int wc_CheckProbablePrime(const byte* p, word32 pSz,
const byte* q, word32 qSz,

4
wolfssl/wolfcrypt/sha.h
View File

@@ -64,7 +64,9 @@
#ifndef NO_OLD_WC_NAMES
#define Sha wc_Sha
#define SHA WC_SHA
#if !defined(OPENSSL_EXTRA)
#define SHA WC_SHA
#endif
#define SHA_BLOCK_SIZE WC_SHA_BLOCK_SIZE
#define SHA_DIGEST_SIZE WC_SHA_DIGEST_SIZE
#define SHA_PAD_SIZE WC_SHA_PAD_SIZE

3
wolfssl/wolfcrypt/sha256.h
View File

@@ -81,9 +81,10 @@
#define SHA256_NOINLINE
#endif
#ifndef NO_OLD_SHA256_NAMES
#if !defined(NO_OLD_SHA256_NAMES)
#define SHA256 WC_SHA256
#endif
#ifndef NO_OLD_WC_NAMES
#define Sha256 wc_Sha256
#define SHA256_BLOCK_SIZE WC_SHA256_BLOCK_SIZE

6
wolfssl/wolfcrypt/sha512.h
View File

@@ -71,9 +71,8 @@
#define SHA512_NOINLINE
#endif
#ifndef NO_OLD_WC_NAMES
#if !defined(NO_OLD_WC_NAMES)
#define Sha512 wc_Sha512
#define SHA512 WC_SHA512
#define SHA512_BLOCK_SIZE WC_SHA512_BLOCK_SIZE
#define SHA512_DIGEST_SIZE WC_SHA512_DIGEST_SIZE
#define SHA512_PAD_SIZE WC_SHA512_PAD_SIZE
@@ -123,9 +122,8 @@ WOLFSSL_API int wc_Sha512Copy(wc_Sha512* src, wc_Sha512* dst);
#ifndef HAVE_FIPS /* avoid redefinition of structs */
#ifndef NO_OLD_WC_NAMES
#if !defined(NO_OLD_SHA_NAMES)
#define Sha384 wc_Sha384
#define SHA384 WC_SHA384
#define SHA384_BLOCK_SIZE WC_SHA384_BLOCK_SIZE
#define SHA384_DIGEST_SIZE WC_SHA384_DIGEST_SIZE
#define SHA384_PAD_SIZE WC_SHA384_PAD_SIZE