diff --git a/src/crl.c b/src/crl.c index e033802e5..fd0ce6f65 100644 --- a/src/crl.c +++ b/src/crl.c @@ -49,8 +49,10 @@ int InitCRL(WOLFSSL_CRL* crl, WOLFSSL_CERT_MANAGER* cm) { WOLFSSL_ENTER("InitCRL"); - - crl->heap = cm->heap; + if(cm != NULL) + crl->heap = cm->heap; + else + crl->heap = NULL; crl->cm = cm; crl->crlList = NULL; crl->monitors[0].path = NULL; @@ -153,7 +155,6 @@ void FreeCRL(WOLFSSL_CRL* crl, int dynamic) CRL_Entry* tmp = crl->crlList; WOLFSSL_ENTER("FreeCRL"); - if (crl->monitors[0].path) XFREE(crl->monitors[0].path, crl->heap, DYNAMIC_TYPE_CRL_MONITOR); @@ -491,6 +492,34 @@ int BufferLoadCRL(WOLFSSL_CRL* crl, const byte* buff, long sz, int type, return ret ? ret : WOLFSSL_SUCCESS; /* convert 0 to WOLFSSL_SUCCESS */ } +#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) +int wolfSSL_X509_STORE_add_crl(WOLFSSL_X509_STORE *store, WOLFSSL_X509_CRL *newcrl) +{ + CRL_Entry *crle; + WOLFSSL_CRL *crl; + + WOLFSSL_ENTER("wolfSSL_X509_STORE_add_crl"); + if (store == NULL || newcrl == NULL) + return BAD_FUNC_ARG; + + crl = store->crl; + crle = newcrl->crlList; + + if (wc_LockMutex(&crl->crlLock) != 0) + { + WOLFSSL_MSG("wc_LockMutex failed"); + return BAD_MUTEX_E; + } + crle->next = crl->crlList; + crl->crlList = crle; + newcrl->crlList = NULL; + wc_UnLockMutex(&crl->crlLock); + + WOLFSSL_LEAVE("wolfSSL_X509_STORE_add_crl", WOLFSSL_SUCCESS); + + return WOLFSSL_SUCCESS; +} +#endif #ifdef HAVE_CRL_MONITOR diff --git a/src/ssl.c b/src/ssl.c index 5c7ba8b8f..30e902a24 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -17840,24 +17840,42 @@ int wolfSSL_X509_STORE_add_cert(WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509) return result; } - WOLFSSL_X509_STORE* wolfSSL_X509_STORE_new(void) { WOLFSSL_X509_STORE* store = NULL; - store = (WOLFSSL_X509_STORE*)XMALLOC(sizeof(WOLFSSL_X509_STORE), NULL, - DYNAMIC_TYPE_X509_STORE); - if (store != NULL) { - store->cm = wolfSSL_CertManagerNew(); - if (store->cm == NULL) { - XFREE(store, NULL, DYNAMIC_TYPE_X509_STORE); - store = NULL; - } - else - store->isDynamic = 1; - } + if((store = (WOLFSSL_X509_STORE*)XMALLOC(sizeof(WOLFSSL_X509_STORE), NULL, + DYNAMIC_TYPE_X509_STORE)) == NULL) + goto err_exit; + + if((store->cm = wolfSSL_CertManagerNew()) == NULL) + goto err_exit; + + store->isDynamic = 1; + +#ifdef HAVE_CRL + store->crl = NULL; + if((store->crl = (WOLFSSL_X509_CRL *)XMALLOC(sizeof(WOLFSSL_X509_CRL), + NULL, DYNAMIC_TYPE_TMP_BUFFER)) == NULL) + goto err_exit; + if(InitCRL(store->crl, NULL) < 0) + goto err_exit; +#endif return store; + +err_exit: + if(store == NULL) + return NULL; + if(store->cm != NULL) + wolfSSL_CertManagerFree(store->cm); +#ifdef HAVE_CRL + if(store->crl != NULL) + wolfSSL_X509_CRL_free(store->crl); +#endif + wolfSSL_X509_STORE_free(store); + + return NULL; } @@ -17865,7 +17883,11 @@ void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE* store) { if (store != NULL && store->isDynamic) { if (store->cm != NULL) - wolfSSL_CertManagerFree(store->cm); + wolfSSL_CertManagerFree(store->cm); +#ifdef HAVE_CRL + if (store->crl != NULL) + wolfSSL_X509_CRL_free(store->crl); +#endif XFREE(store, NULL, DYNAMIC_TYPE_X509_STORE); } } @@ -17994,6 +18016,150 @@ int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx) } #endif /* NO_CERTS */ +#ifndef NO_FILESYSTEM +static void *wolfSSL_d2i_X509_fp_ex(XFILE file, void **x509, int type) +{ + void *newx509 = NULL; + DerBuffer* der = NULL; + byte *fileBuffer = NULL; + + if (file != XBADFILE) + { + long sz = 0; + + XFSEEK(file, 0, XSEEK_END); + sz = XFTELL(file); + XREWIND(file); + + if (sz < 0) + { + WOLFSSL_MSG("Bad tell on FILE"); + return NULL; + } + + fileBuffer = (byte *)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE); + if (fileBuffer != NULL) + { + if((long)XFREAD(fileBuffer, 1, sz, file) != sz) + { + WOLFSSL_MSG("File read failed"); + goto err_exit; + } + if(type == CERT_TYPE) + newx509 = (void *)wolfSSL_X509_d2i(NULL, fileBuffer, (int)sz); + #ifdef HAVE_CRL + else if(type == CRL_TYPE) + newx509 = (void *)wolfSSL_d2i_X509_CRL(NULL, fileBuffer, (int)sz); + #endif + #if !defined(NO_ASN) && !defined(NO_PWDBASED) + else if(type == PKCS12_TYPE){ + if((newx509 = wc_PKCS12_new()) == NULL) + goto err_exit; + if(wc_d2i_PKCS12(fileBuffer, (int)sz, (WC_PKCS12*)newx509) < 0) + goto err_exit; + } + #endif + else goto err_exit; + if(newx509 == NULL) + { + WOLFSSL_MSG("X509 failed"); + goto err_exit; + } + } + } + if (x509 != NULL) + *x509 = newx509; + + goto _exit; + +err_exit: + if(newx509 != NULL){ + if(type == CERT_TYPE) + wolfSSL_X509_free((WOLFSSL_X509*)newx509); + #ifdef HAVE_CRL + else { + if(type == CRL_TYPE) + wolfSSL_X509_CRL_free((WOLFSSL_X509_CRL*)newx509); + } + #endif + } +_exit: + if(der != NULL) + FreeDer(&der); + if(fileBuffer != NULL) + XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE); + return newx509; +} + +WOLFSSL_X509_PKCS12 *wolfSSL_d2i_PKCS12_fp(XFILE fp, WOLFSSL_X509_PKCS12 **pkcs12) +{ + WOLFSSL_ENTER("wolfSSL_d2i_PKCS12_fp"); + return (WOLFSSL_X509_PKCS12 *)wolfSSL_d2i_X509_fp_ex(fp, (void **)pkcs12, PKCS12_TYPE); +} + +WOLFSSL_X509 *wolfSSL_d2i_X509_fp(XFILE fp, WOLFSSL_X509 **x509) +{ + WOLFSSL_ENTER("wolfSSL_d2i_X509_fp"); + return (WOLFSSL_X509 *)wolfSSL_d2i_X509_fp_ex(fp, (void **)x509, CERT_TYPE); +} +#endif /* NO_FILESYSTEM */ + + +#ifdef HAVE_CRL +WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_fp(XFILE fp, WOLFSSL_X509_CRL **crl) +{ + WOLFSSL_ENTER("wolfSSL_d2i_X509_CRL_fp"); + return (WOLFSSL_X509_CRL *)wolfSSL_d2i_X509_fp_ex(fp, (void **)crl, CRL_TYPE); +} + +WOLFSSL_X509_CRL* wolfSSL_d2i_X509_CRL(WOLFSSL_X509_CRL** crl, const unsigned char* in, int len) +{ + WOLFSSL_X509_CRL *newcrl = NULL; + int ret ; + + WOLFSSL_ENTER("wolfSSL_d2i_X509_CRL"); + + if(in == NULL){ + WOLFSSL_MSG("Bad argument value"); + return NULL; + } + + newcrl = (WOLFSSL_X509_CRL*)XMALLOC(sizeof(WOLFSSL_X509_CRL), NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (newcrl == NULL){ + WOLFSSL_MSG("New CRL allocation failed"); + return NULL; + } + if (InitCRL(newcrl, NULL) < 0) { + WOLFSSL_MSG("Init tmp CRL failed"); + goto err_exit; + } + ret = BufferLoadCRL(newcrl, in, len, WOLFSSL_FILETYPE_ASN1, 1); + if (ret != WOLFSSL_SUCCESS){ + WOLFSSL_MSG("Buffer Load CRL failed"); + goto err_exit; + } + if(crl){ + *crl = newcrl; + } + goto _exit; + +err_exit: + if(newcrl != NULL) + wolfSSL_X509_CRL_free(newcrl); + newcrl = NULL; +_exit: + return newcrl; +} + +void wolfSSL_X509_CRL_free(WOLFSSL_X509_CRL *crl) +{ + WOLFSSL_ENTER("wolfSSL_X509_CRL_free"); + + FreeCRL(crl, 1); + return; +} +#endif + #ifndef NO_WOLFSSL_STUB WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_lastUpdate(WOLFSSL_X509_CRL* crl) { @@ -27392,12 +27558,68 @@ int wolfSSL_PEM_write_RSA_PUBKEY(FILE *fp, WOLFSSL_RSA *x) #endif /* OPENSSL_EXTRA */ #if !defined(NO_RSA) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) +WOLFSSL_RSA *wolfSSL_d2i_RSAPublicKey(WOLFSSL_RSA **r, const unsigned char **pp, long len) +{ + WOLFSSL_RSA *rsa = NULL; + + WOLFSSL_ENTER("d2i_RSAPublicKey"); + if(pp == NULL){ + WOLFSSL_MSG("Bad argument"); + return NULL; + } + if((rsa = wolfSSL_RSA_new()) == NULL){ + WOLFSSL_MSG("RSA_new failed"); + return NULL; + } + + if(wolfSSL_RSA_LoadDer_ex(rsa, *pp, (int)len, WOLFSSL_RSA_LOAD_PUBLIC) + != WOLFSSL_SUCCESS){ + WOLFSSL_MSG("RSA_LoadDer failed"); + return NULL; + } + if(r != NULL) + *r = rsa; + return rsa; +} + +#if !defined(HAVE_FAST_RSA) +int wolfSSL_i2d_RSAPublicKey(WOLFSSL_RSA *rsa, const unsigned char **pp) +{ + byte *der; + int derLen; + int ret; + + WOLFSSL_ENTER("i2d_RSAPublicKey"); + if((rsa == NULL) || (pp == NULL)) + return WOLFSSL_FATAL_ERROR; + if((ret = SetRsaInternal(rsa)) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("SetRsaInternal Failed"); + return ret; + } + if((derLen = RsaPublicKeyDerSize((RsaKey *)rsa->internal, 1)) < 0) + return WOLFSSL_FATAL_ERROR; + der = (byte*)XMALLOC(derLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (der == NULL) { + return WOLFSSL_FATAL_ERROR; + } + if((ret = wc_RsaKeyToPublicDer((RsaKey *)rsa->internal, der, derLen)) < 0){ + WOLFSSL_MSG("RsaKeyToPublicDer failed"); + XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return ret; + } + + *pp = der; + return ret; +} +#endif /* #if !defined(HAVE_FAST_RSA) */ + /* return WOLFSSL_SUCCESS if success, WOLFSSL_FATAL_ERROR if error */ int wolfSSL_RSA_LoadDer(WOLFSSL_RSA* rsa, const unsigned char* derBuf, int derSz) { return wolfSSL_RSA_LoadDer_ex(rsa, derBuf, derSz, WOLFSSL_RSA_LOAD_PRIVATE); } + int wolfSSL_RSA_LoadDer_ex(WOLFSSL_RSA* rsa, const unsigned char* derBuf, int derSz, int opt) { @@ -28375,6 +28597,71 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) return x509; } +#if defined(HAVE_CRL) && !defined(NO_FILESYSTEM) + WOLFSSL_API WOLFSSL_X509_CRL* wolfSSL_PEM_read_X509_CRL(FILE *fp, WOLFSSL_X509_CRL **crl, + pem_password_cb *cb, void *u) + { +#if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM) + unsigned char* pem = NULL; + DerBuffer* der = NULL; + int pemSz; + int derSz; + long i = 0, l; + WOLFSSL_X509_CRL* newcrl; + + WOLFSSL_ENTER("wolfSSL_PEM_read_X509_CRL"); + + if (fp == NULL) { + WOLFSSL_LEAVE("wolfSSL_PEM_read_X509_CRL", BAD_FUNC_ARG); + return NULL; + } + /* Read in CRL from file */ + i = XFTELL(fp); + if (i < 0) { + WOLFSSL_LEAVE("wolfSSL_PEM_read_X509_CRL", BAD_FUNC_ARG); + return NULL; + } + + if (XFSEEK(fp, 0, SEEK_END) != 0) + return NULL; + l = XFTELL(fp); + if (l < 0) + return NULL; + if (XFSEEK(fp, i, SEEK_SET) != 0) + return NULL; + pemSz = (int)(l - i); + /* check calculated length */ + if (pemSz < 0) + return NULL; + if((pem = (unsigned char*)XMALLOC(pemSz, 0, DYNAMIC_TYPE_PEM)) == NULL) + return NULL; + + if((int)XFREAD((char *)pem, 1, pemSz, fp) != pemSz) + goto err_exit; + if((PemToDer(pem, pemSz, CRL_TYPE, &der, NULL, NULL, NULL)) < 0) + goto err_exit; + XFREE(pem, 0, DYNAMIC_TYPE_PEM); + + derSz = der->length; + if((newcrl = wolfSSL_d2i_X509_CRL(crl, (const unsigned char *)der->buffer, derSz)) == NULL) + goto err_exit; + FreeDer(&der); + + return newcrl; + + err_exit: + if(pem != NULL) + XFREE(pem, 0, DYNAMIC_TYPE_PEM); + if(der != NULL) + FreeDer(&der); + return NULL; + + (void)cb; + (void)u; + #endif + + } +#endif /* * bp : bio to read X509 from @@ -29105,6 +29392,102 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) } } #endif /* ! NO_SHA256 */ + +#if defined(WOLFSSL_SHA384) && defined(WOLFSSL_SHA512) + /* One shot SHA384 hash of message. + * + * d message to hash + * n size of d buffer + * md buffer to hold digest. Should be WC_SHA256_DIGEST_SIZE. + * + * Note: if md is null then a static buffer of WC_SHA256_DIGEST_SIZE is used. + * When the static buffer is used this function is not thread safe. + * + * Returns a pointer to the message digest on success and NULL on failure. + */ + unsigned char *wolfSSL_SHA384(const unsigned char *d, size_t n, + unsigned char *md) + { + static byte dig[WC_SHA384_DIGEST_SIZE]; + wc_Sha384 sha; + + WOLFSSL_ENTER("wolfSSL_SHA384"); + + if (wc_InitSha384_ex(&sha, NULL, 0) != 0) { + WOLFSSL_MSG("SHA384 Init failed"); + return NULL; + } + + if (wc_Sha384Update(&sha, (const byte*)d, (word32)n) != 0) { + WOLFSSL_MSG("SHA384 Update failed"); + return NULL; + } + + if (wc_Sha384Final(&sha, dig) != 0) { + WOLFSSL_MSG("SHA384 Final failed"); + return NULL; + } + + wc_Sha384Free(&sha); + + if (md != NULL) { + XMEMCPY(md, dig, WC_SHA384_DIGEST_SIZE); + return md; + } + else { + return (unsigned char*)dig; + } + } +#endif /* defined(WOLFSSL_SHA384) && defined(WOLFSSL_SHA512) */ + + +#if defined(WOLFSSL_SHA512) + /* One shot SHA512 hash of message. + * + * d message to hash + * n size of d buffer + * md buffer to hold digest. Should be WC_SHA256_DIGEST_SIZE. + * + * Note: if md is null then a static buffer of WC_SHA256_DIGEST_SIZE is used. + * When the static buffer is used this function is not thread safe. + * + * Returns a pointer to the message digest on success and NULL on failure. + */ + unsigned char *wolfSSL_SHA512(const unsigned char *d, size_t n, + unsigned char *md) + { + static byte dig[WC_SHA512_DIGEST_SIZE]; + wc_Sha512 sha; + + WOLFSSL_ENTER("wolfSSL_SHA512"); + + if (wc_InitSha512_ex(&sha, NULL, 0) != 0) { + WOLFSSL_MSG("SHA512 Init failed"); + return NULL; + } + + if (wc_Sha512Update(&sha, (const byte*)d, (word32)n) != 0) { + WOLFSSL_MSG("SHA512 Update failed"); + return NULL; + } + + if (wc_Sha512Final(&sha, dig) != 0) { + WOLFSSL_MSG("SHA512 Final failed"); + return NULL; + } + + wc_Sha512Free(&sha); + + if (md != NULL) { + XMEMCPY(md, dig, WC_SHA512_DIGEST_SIZE); + return md; + } + else { + return (unsigned char*)dig; + } + } +#endif /* defined(WOLFSSL_SHA512) */ + char wolfSSL_CTX_use_certificate(WOLFSSL_CTX *ctx, WOLFSSL_X509 *x) { int ret; diff --git a/tests/api.c b/tests/api.c index f9f2019f4..b005ff814 100644 --- a/tests/api.c +++ b/tests/api.c @@ -9697,7 +9697,8 @@ static int test_wc_RsaPublicKeyDecodeRaw (void) } /* END test_wc_RsaPublicKeyDecodeRaw */ -#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) +#if (!defined(NO_RSA) || !defined(HAVE_FAST_RSA)) && (defined(WOLFSSL_KEY_GEN) || \ + defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) /* In FIPS builds, wc_MakeRsaKey() will return an error if it cannot find * a probable prime in 5*(modLen/2) attempts. In non-FIPS builds, it keeps * trying until it gets a probable prime. */ @@ -10033,9 +10034,10 @@ static int test_wc_RsaKeyToDer (void) * Testing wc_RsaKeyToPublicDer() */ static int test_wc_RsaKeyToPublicDer (void) -{ +{ int ret = 0; -#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) +#if !defined(NO_RSA) && !defined(HAVE_FAST_RSA) && defined(WOLFSSL_KEY_GEN) &&\ + (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) RsaKey key; WC_RNG rng; byte* der; @@ -16424,6 +16426,33 @@ static void test_wolfSSL_CTX_set_srp_password(void) /* && !NO_SHA256 && !WC_NO_RNG */ } +static void test_wolfSSL_X509_STORE(void) +{ +#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) + X509_STORE *store; + X509_CRL *crl; + X509 *x509; + const char crl_pem[] = "./certs/crl/crl.pem"; + const char svrCert[] = "./certs/server-cert.pem"; + XFILE fp; + + printf(testingFmt, "test_wolfSSL_X509_STORE"); + AssertNotNull(store = (X509_STORE *)X509_STORE_new()); + AssertNotNull((x509 = + wolfSSL_X509_load_certificate_file(svrCert, SSL_FILETYPE_PEM))); + AssertIntEQ(X509_STORE_add_cert(store, x509), SSL_SUCCESS); + X509_free(x509); + AssertNotNull(fp = XFOPEN(crl_pem, "rb")); + AssertNotNull(crl = (X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)NULL, NULL, NULL)); + XFCLOSE(fp); + AssertIntEQ(X509_STORE_add_crl(store, crl), SSL_SUCCESS); + X509_CRL_free(crl); + X509_STORE_free(store); + printf(resultFmt, passed); +#endif + return; +} + static void test_wolfSSL_BN(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_ASN) @@ -17082,6 +17111,9 @@ static void test_wolfSSL_X509(void) X509_STORE_CTX* ctx; X509_STORE* store; + char der[] = "certs/ca-cert.der"; + XFILE fp; + printf(testingFmt, "wolfSSL_X509()"); AssertNotNull(x509 = X509_new()); @@ -17106,6 +17138,18 @@ static void test_wolfSSL_X509(void) X509_STORE_CTX_free(ctx); BIO_free(bio); + /** d2i_X509_fp test **/ + AssertNotNull(fp = XFOPEN(der, "rb")); + AssertNotNull(x509 = (X509 *)d2i_X509_fp(fp, (X509 **)NULL)); + AssertNotNull(x509); + X509_free(x509); + XFCLOSE(fp); + AssertNotNull(fp = XFOPEN(der, "rb")); + AssertNotNull((X509 *)d2i_X509_fp(fp, (X509 **)&x509)); + AssertNotNull(x509); + X509_free(x509); + XFCLOSE(fp); + printf(resultFmt, passed); #endif } @@ -17816,6 +17860,42 @@ static void test_wolfSSL_RSA(void) #endif } +static void test_wolfSSL_RSA_DER(void) +{ +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_FAST_RSA) + + RSA *rsa; + int i; + + struct + { + const unsigned char *der; + int sz; + } tbl[] = { +#ifdef USE_CERT_BUFFERS_1024 + {client_key_der_1024, sizeof_client_key_der_1024}, + {server_key_der_1024, sizeof_server_key_der_1024}, +#endif +#ifdef USE_CERT_BUFFERS_2048 + {client_key_der_2048, sizeof_client_key_der_2048}, + {server_key_der_2048, sizeof_server_key_der_2048}, +#endif + {NULL, 0} + }; + + printf(testingFmt, "test_wolfSSL_RSA_DER()"); + + for (i = 0; tbl[i].der != NULL; i++) + { + AssertNotNull(d2i_RSAPublicKey(&rsa, &tbl[i].der, tbl[i].sz)); + AssertNotNull(rsa); + RSA_free(rsa); + } + printf(resultFmt, passed); + +#endif +} + static void test_wolfSSL_verify_depth(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) @@ -18083,6 +18163,52 @@ static void test_wolfSSL_SHA(void) AssertIntEQ(XMEMCMP(out, expected, WC_SHA_DIGEST_SIZE), 0); } #endif + + #if !defined(NO_SHA256) + { + const unsigned char in[] = "abc"; + unsigned char expected[] = "\xBA\x78\x16\xBF\x8F\x01\xCF\xEA\x41\x41\x40\xDE\x5D\xAE\x22" + "\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00" + "\x15\xAD"; + unsigned char out[WC_SHA256_DIGEST_SIZE]; + + XMEMSET(out, 0, WC_SHA256_DIGEST_SIZE); + AssertNotNull(SHA256(in, XSTRLEN((char*)in), out)); + AssertIntEQ(XMEMCMP(out, expected, WC_SHA256_DIGEST_SIZE), 0); + } + #endif + + #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_SHA512) + { + const unsigned char in[] = "abc"; + unsigned char expected[] = "\xcb\x00\x75\x3f\x45\xa3\x5e\x8b\xb5\xa0\x3d\x69\x9a\xc6\x50" + "\x07\x27\x2c\x32\xab\x0e\xde\xd1\x63\x1a\x8b\x60\x5a\x43\xff" + "\x5b\xed\x80\x86\x07\x2b\xa1\xe7\xcc\x23\x58\xba\xec\xa1\x34" + "\xc8\x25\xa7"; + unsigned char out[WC_SHA384_DIGEST_SIZE]; + + XMEMSET(out, 0, WC_SHA384_DIGEST_SIZE); + AssertNotNull(SHA384(in, XSTRLEN((char*)in), out)); + AssertIntEQ(XMEMCMP(out, expected, WC_SHA384_DIGEST_SIZE), 0); + } + #endif + + #if defined(WOLFSSL_SHA512) + { + const unsigned char in[] = "abc"; + unsigned char expected[] = "\xdd\xaf\x35\xa1\x93\x61\x7a\xba\xcc\x41\x73\x49\xae\x20\x41" + "\x31\x12\xe6\xfa\x4e\x89\xa9\x7e\xa2\x0a\x9e\xee\xe6\x4b\x55" + "\xd3\x9a\x21\x92\x99\x2a\x27\x4f\xc1\xa8\x36\xba\x3c\x23\xa3" + "\xfe\xeb\xbd\x45\x4d\x44\x23\x64\x3c\xe8\x0e\x2a\x9a\xc9\x4f" + "\xa5\x4c\xa4\x9f"; + unsigned char out[WC_SHA512_DIGEST_SIZE]; + + XMEMSET(out, 0, WC_SHA512_DIGEST_SIZE); + AssertNotNull(SHA512(in, XSTRLEN((char*)in), out)); + AssertIntEQ(XMEMCMP(out, expected, WC_SHA512_DIGEST_SIZE), 0); + } + #endif + printf(resultFmt, passed); #endif } @@ -19010,6 +19136,66 @@ static int test_wc_RNG_GenerateBlock() } #endif +static void test_wolfSSL_X509_CRL(void) +{ +#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) + + X509_CRL *crl; + char pem[][100] = { + "./certs/crl/crl.pem", + "./certs/crl/crl2.pem", + "./certs/crl/caEccCrl.pem", + "./certs/crl/eccCliCRL.pem", + "./certs/crl/eccSrvCRL.pem", + "" + }; + +#ifdef HAVE_TEST_d2i_X509_CRL_fp + char der[][100] = { + "./certs/crl/crl.der", + "./certs/crl/crl2.der", + ""}; +#endif + + XFILE fp; + int i; + + printf(testingFmt, "test_wolfSSL_X509_CRL"); + + for (i = 0; pem[i][0] != '\0'; i++) + { + AssertNotNull(fp = XFOPEN(pem[i], "rb")); + AssertNotNull(crl = (X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)NULL, NULL, NULL)); + AssertNotNull(crl); + X509_CRL_free(crl); + XFCLOSE(fp); + AssertNotNull(fp = XFOPEN(pem[i], "rb")); + AssertNotNull((X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)&crl, NULL, NULL)); + AssertNotNull(crl); + X509_CRL_free(crl); + XFCLOSE(fp); + } + +#ifdef HAVE_TEST_d2i_X509_CRL_fp + for(i = 0; der[i][0] != '\0'; i++){ + AssertNotNull(fp = XFOPEN(der[i], "rb")); + AssertNotNull(crl = (X509_CRL *)d2i_X509_CRL_fp((fp, X509_CRL **)NULL)); + AssertNotNull(crl); + X509_CRL_free(crl); + XFCLOSE(fp); + AssertNotNull(fp = XFOPEN(der[i], "rb")); + AssertNotNull((X509_CRL *)d2i_X509_CRL_fp(fp, (X509_CRL **)&crl)); + AssertNotNull(crl); + X509_CRL_free(crl); + XFCLOSE(fp); + } +#endif + + printf(resultFmt, passed); +#endif + return; +} + /*----------------------------------------------------------------------------* | Main *----------------------------------------------------------------------------*/ @@ -19082,6 +19268,7 @@ void ApiTest(void) test_wolfSSL_X509_LOOKUP_load_file(); test_wolfSSL_X509_NID(); test_wolfSSL_X509_STORE_CTX_set_time(); + test_wolfSSL_X509_STORE(); test_wolfSSL_BN(); test_wolfSSL_PEM_read_bio(); test_wolfSSL_BIO(); @@ -19109,6 +19296,7 @@ void ApiTest(void) test_wolfSSL_sk_GENERAL_NAME(); test_wolfSSL_MD4(); test_wolfSSL_RSA(); + test_wolfSSL_RSA_DER(); test_wolfSSL_verify_depth(); test_wolfSSL_HMAC_CTX(); test_wolfSSL_msg_callback(); @@ -19117,6 +19305,7 @@ void ApiTest(void) test_wolfSSL_AES_ecb_encrypt(); test_wolfSSL_SHA256(); test_wolfSSL_X509_get_serialNumber(); + test_wolfSSL_X509_CRL(); /* test the no op functions for compatibility */ test_no_op_functions(); diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 58cbcdf68..b8eb7b864 100755 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -502,7 +502,7 @@ char* GetSigName(int oid) { #if !defined(NO_DSA) || defined(HAVE_ECC) || \ (!defined(NO_RSA) && \ (defined(WOLFSSL_CERT_GEN) || \ - (defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA)))) + ((defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA)) && !defined(HAVE_USER_RSA)))) /* Set the DER/BER encoding of the ASN.1 INTEGER header. * * len Length of data to encode. @@ -526,7 +526,7 @@ static int SetASNInt(int len, byte firstByte, byte* output) #endif #if !defined(NO_DSA) || defined(HAVE_ECC) || defined(WOLFSSL_CERT_GEN) || \ - (defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && !defined(HAVE_USER_RSA)) + ((defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA)) && !defined(NO_RSA) && !defined(HAVE_USER_RSA)) /* Set the DER/BER encoding of the ASN.1 INTEGER element with an mp_int. * The number is assumed to be positive. * @@ -796,10 +796,10 @@ static int CheckBitString(const byte* input, word32* inOutIdx, int* len, /* RSA (with CertGen or KeyGen) OR ECC OR ED25519 (with CertGen or KeyGen) */ #if (!defined(NO_RSA) && !defined(HAVE_USER_RSA) && \ - (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN))) || \ + (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA))) || \ defined(HAVE_ECC) || \ (defined(HAVE_ED25519) && \ - (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN))) + (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA))) /* Set the DER/BER encoding of the ASN.1 BIT_STRING header. * @@ -7314,6 +7314,11 @@ const char* const END_PUB_KEY = "-----END PUBLIC KEY-----"; const char* const BEGIN_EDDSA_PRIV = "-----BEGIN EDDSA PRIVATE KEY-----"; const char* const END_EDDSA_PRIV = "-----END EDDSA PRIVATE KEY-----"; #endif +#ifdef HAVE_CRL + const char *const BEGIN_CRL = "-----BEGIN X509 CRL-----"; + const char* const END_CRL = "-----END X509 CRL-----"; +#endif + int wc_PemGetHeaderFooter(int type, const char** header, const char** footer) @@ -7786,6 +7791,11 @@ int PemToDer(const unsigned char* buff, long longSz, int type, { header = BEGIN_EDDSA_PRIV; footer = END_EDDSA_PRIV; } else +#endif +#ifdef HAVE_CRL + if (type == CRL_TYPE) { + header = BEGIN_CRL; footer = END_CRL; + } else #endif { break; @@ -8246,7 +8256,7 @@ int wc_PemPubKeyToDer(const char* fileName, #if !defined(NO_RSA) && (defined(WOLFSSL_CERT_GEN) || \ - (defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA))) + ((defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA)) && !defined(HAVE_USER_RSA))) /* USER RSA ifdef portions used instead of refactor in consideration for possible fips build */ /* Write a public RSA key to output */ @@ -8386,6 +8396,85 @@ static int SetRsaPublicKey(byte* output, RsaKey* key, return idx; } + +int RsaPublicKeyDerSize(RsaKey* key, int with_header) +{ + byte* dummy = NULL; + byte seq[MAX_SEQ_SZ]; + byte bitString[1 + MAX_LENGTH_SZ + 1]; + int nSz; + int eSz; + int seqSz; + int bitStringSz; + int idx; + + if (key == NULL) + return BAD_FUNC_ARG; + + /* n */ + dummy = (byte*)XMALLOC(MAX_RSA_INT_SZ, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (dummy == NULL) + return MEMORY_E; + +#ifdef HAVE_USER_RSA + nSz = SetASNIntRSA(key->n, dummy); +#else + nSz = SetASNIntMP(&key->n, MAX_RSA_INT_SZ, dummy); +#endif + XFREE(dummy, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (nSz < 0) { + return nSz; + } + + /* e */ + dummy = (byte*)XMALLOC(MAX_RSA_E_SZ, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (dummy == NULL) { + XFREE(dummy, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + return MEMORY_E; + } + +#ifdef HAVE_USER_RSA + eSz = SetASNIntRSA(key->e, dummy); +#else + eSz = SetASNIntMP(&key->e, MAX_RSA_INT_SZ, dummy); +#endif + XFREE(dummy, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (eSz < 0) { + return eSz; + } + + seqSz = SetSequence(nSz + eSz, seq); + + /* headers */ + if (with_header) { + int algoSz; + dummy = (byte*)XMALLOC(MAX_RSA_INT_SZ, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (dummy == NULL) + return MEMORY_E; + + algoSz = SetAlgoID(RSAk, dummy, oidKeyType, 0); + bitStringSz = SetBitString(seqSz + nSz + eSz, 0, bitString); + + idx = SetSequence(nSz + eSz + seqSz + bitStringSz + algoSz, dummy); + XFREE(dummy, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + + /* algo */ + idx += algoSz; + /* bit string */ + idx += bitStringSz; + } + else + idx = 0; + + /* seq */ + idx += seqSz; + /* n */ + idx += nSz; + /* e */ + idx += eSz; + + return idx; +} #endif /* !NO_RSA && (WOLFSSL_CERT_GEN || (WOLFSSL_KEY_GEN && !HAVE_USER_RSA))) */ @@ -8498,8 +8587,9 @@ int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen) return outLen; } +#endif - +#if (defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA)) && !defined(NO_RSA) && !defined(HAVE_USER_RSA) /* Convert Rsa Public key to DER format, write to output (inLen), return bytes written */ int wc_RsaKeyToPublicDer(RsaKey* key, byte* output, word32 inLen) diff --git a/wolfssl/openssl/sha.h b/wolfssl/openssl/sha.h index 86e657bcb..9c098972c 100644 --- a/wolfssl/openssl/sha.h +++ b/wolfssl/openssl/sha.h @@ -148,7 +148,11 @@ typedef WOLFSSL_SHA384_CTX SHA384_CTX; #define SHA384_Init wolfSSL_SHA384_Init #define SHA384_Update wolfSSL_SHA384_Update #define SHA384_Final wolfSSL_SHA384_Final - +#if defined(NO_OLD_SHA256_NAMES) && !defined(HAVE_FIPS) + /* SHA384 is only available in non-fips mode because of SHA256 enum in FIPS + * build. */ + #define SHA384 wolfSSL_SHA384 +#endif #endif /* WOLFSSL_SHA384 */ #ifdef WOLFSSL_SHA512 @@ -173,7 +177,11 @@ typedef WOLFSSL_SHA512_CTX SHA512_CTX; #define SHA512_Init wolfSSL_SHA512_Init #define SHA512_Update wolfSSL_SHA512_Update #define SHA512_Final wolfSSL_SHA512_Final - +#if defined(NO_OLD_SHA256_NAMES) && !defined(HAVE_FIPS) + /* SHA256 is only available in non-fips mode because of SHA256 enum in FIPS + * build. */ + #define SHA512 wolfSSL_SHA512 +#endif #endif /* WOLFSSL_SHA512 */ diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index e90a5213a..3fbbed639 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -322,6 +322,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define X509_STORE_CTX_get_current_cert wolfSSL_X509_STORE_CTX_get_current_cert #define X509_STORE_add_cert wolfSSL_X509_STORE_add_cert +#define X509_STORE_add_crl wolfSSL_X509_STORE_add_crl #define X509_STORE_set_flags wolfSSL_X509_STORE_set_flags #define X509_STORE_CTX_set_verify_cb wolfSSL_X509_STORE_CTX_set_verify_cb #define X509_STORE_CTX_free wolfSSL_X509_STORE_CTX_free @@ -348,7 +349,8 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define X509_LOOKUP_file wolfSSL_X509_LOOKUP_file #define X509_STORE_add_lookup wolfSSL_X509_STORE_add_lookup -#define X509_STORE_new wolfSSL_X509_STORE_new +#define X509_STORE_new wolfSSL_X509_STORE_new +#define X509_STORE_free wolfSSL_X509_STORE_free #define X509_STORE_get_by_subject wolfSSL_X509_STORE_get_by_subject #define X509_STORE_CTX_init wolfSSL_X509_STORE_CTX_init #define X509_STORE_CTX_cleanup wolfSSL_X509_STORE_CTX_cleanup @@ -511,8 +513,16 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define sk_X509_free wolfSSL_sk_X509_free #define i2d_X509_bio wolfSSL_i2d_X509_bio #define d2i_X509_bio wolfSSL_d2i_X509_bio +#define d2i_X509_fp wolfSSL_d2i_X509_fp #define i2d_X509 wolfSSL_i2d_X509 #define d2i_X509 wolfSSL_d2i_X509 +#define d2i_PKCS12_bio wolfSSL_d2i_PKCS12_bio +#define d2i_PKCS12_fp wolfSSL_d2i_PKCS12_fp +#define d2i_RSAPublicKey wolfSSL_d2i_RSAPublicKey +#define i2d_RSAPublicKey wolfSSL_i2d_RSAPublicKey +#define d2i_X509_CRL wolfSSL_d2i_X509_CRL +#define d2i_X509_CRL_fp wolfSSL_d2i_X509_CRL_fp +#define X509_CRL_free wolfSSL_X509_CRL_free #define SSL_CTX_get_ex_data wolfSSL_CTX_get_ex_data #define SSL_CTX_set_ex_data wolfSSL_CTX_set_ex_data @@ -528,6 +538,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define SSL_CTX_get_ex_new_index wolfSSL_CTX_get_ex_new_index #define PEM_read_bio_X509 wolfSSL_PEM_read_bio_X509 #define PEM_read_bio_X509_AUX wolfSSL_PEM_read_bio_X509_AUX +#define PEM_read_X509_CRL wolfSSL_PEM_read_X509_CRL /*#if OPENSSL_API_COMPAT < 0x10100000L*/ #define CONF_modules_free() @@ -549,7 +560,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define X509_NAME_free wolfSSL_X509_NAME_free #define X509_NAME_new wolfSSL_X509_NAME_new -typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; + typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define SSL_CTX_use_certificate wolfSSL_CTX_use_certificate #define SSL_CTX_use_PrivateKey wolfSSL_CTX_use_PrivateKey @@ -568,6 +579,7 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define X509_NAME_ENTRY_get_data wolfSSL_X509_NAME_ENTRY_get_data #define sk_X509_NAME_pop_free wolfSSL_sk_X509_NAME_pop_free #define SHA1 wolfSSL_SHA1 + #define X509_check_private_key wolfSSL_X509_check_private_key #define SSL_dup_CA_list wolfSSL_dup_CA_list diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 1b7d0a0b5..968898585 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -121,6 +121,7 @@ typedef struct WOLFSSL_X509 WOLFSSL_X509; typedef struct WOLFSSL_X509_NAME WOLFSSL_X509_NAME; typedef struct WOLFSSL_X509_NAME_ENTRY WOLFSSL_X509_NAME_ENTRY; typedef struct WOLFSSL_X509_CHAIN WOLFSSL_X509_CHAIN; +typedef struct WC_PKCS12 WOLFSSL_X509_PKCS12; typedef struct WOLFSSL_CERT_MANAGER WOLFSSL_CERT_MANAGER; typedef struct WOLFSSL_SOCKADDR WOLFSSL_SOCKADDR; @@ -164,7 +165,7 @@ typedef struct WOLFSSL_ECDSA_SIG WOLFSSL_ECDSA_SIG; typedef struct WOLFSSL_CIPHER WOLFSSL_CIPHER; typedef struct WOLFSSL_X509_LOOKUP WOLFSSL_X509_LOOKUP; typedef struct WOLFSSL_X509_LOOKUP_METHOD WOLFSSL_X509_LOOKUP_METHOD; -typedef struct WOLFSSL_X509_CRL WOLFSSL_X509_CRL; +typedef struct WOLFSSL_CRL WOLFSSL_X509_CRL; typedef struct WOLFSSL_X509_STORE WOLFSSL_X509_STORE; typedef struct WOLFSSL_X509_VERIFY_PARAM WOLFSSL_X509_VERIFY_PARAM; typedef struct WOLFSSL_BIO WOLFSSL_BIO; @@ -300,6 +301,9 @@ struct WOLFSSL_X509_STORE { #ifdef OPENSSL_EXTRA int isDynamic; #endif +#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) + WOLFSSL_X509_CRL *crl; +#endif }; #ifdef OPENSSL_EXTRA @@ -992,8 +996,10 @@ WOLFSSL_API const char* wolfSSL_state_string_long(const WOLFSSL*); WOLFSSL_API WOLFSSL_RSA* wolfSSL_RSA_generate_key(int, unsigned long, void(*)(int, int, void*), void*); -WOLFSSL_API void wolfSSL_CTX_set_tmp_rsa_callback(WOLFSSL_CTX*, - WOLFSSL_RSA*(*)(WOLFSSL*, int, int)); +WOLFSSL_API WOLFSSL_RSA *wolfSSL_d2i_RSAPublicKey(WOLFSSL_RSA **r, const unsigned char **pp, long len); +WOLFSSL_API int wolfSSL_i2d_RSAPublicKey(WOLFSSL_RSA *r, const unsigned char **pp); +WOLFSSL_API void wolfSSL_CTX_set_tmp_rsa_callback(WOLFSSL_CTX *, + WOLFSSL_RSA *(*)(WOLFSSL *, int, int)); WOLFSSL_API int wolfSSL_PEM_def_callback(char*, int num, int w, void* key); @@ -1518,6 +1524,13 @@ WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509(WOLFSSL_X509** x509, WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_d2i(WOLFSSL_X509** x509, const unsigned char* in, int len); WOLFSSL_API int wolfSSL_i2d_X509(WOLFSSL_X509* x509, unsigned char** out); +WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL(WOLFSSL_X509_CRL **crl, + const unsigned char *in, int len); +#ifndef NO_FILESYSTEM +WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_fp(XFILE file, WOLFSSL_X509_CRL **crl); +#endif +WOLFSSL_API void wolfSSL_X509_CRL_free(WOLFSSL_X509_CRL *crl); + #ifndef NO_FILESYSTEM #ifndef NO_STDIO_FILESYSTEM WOLFSSL_API WOLFSSL_X509* @@ -1547,6 +1560,10 @@ WOLFSSL_API int wolfSSL_connect_cert(WOLFSSL* ssl); typedef struct WC_PKCS12 WC_PKCS12; WOLFSSL_API WC_PKCS12* wolfSSL_d2i_PKCS12_bio(WOLFSSL_BIO* bio, WC_PKCS12** pkcs12); +#ifndef NO_FILESYSTEM +WOLFSSL_API WOLFSSL_X509_PKCS12* wolfSSL_d2i_PKCS12_fp(XFILE fp, + WOLFSSL_X509_PKCS12** pkcs12); +#endif WOLFSSL_API int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, WOLFSSL_EVP_PKEY** pkey, WOLFSSL_X509** cert, WOLF_STACK_OF(WOLFSSL_X509)** ca); @@ -2530,6 +2547,10 @@ WOLFSSL_API int wolfSSL_SESSION_get_master_key_length(const WOLFSSL_SESSION* ses WOLFSSL_API void wolfSSL_CTX_set_cert_store(WOLFSSL_CTX* ctx, WOLFSSL_X509_STORE* str); WOLFSSL_API int wolfSSL_i2d_X509_bio(WOLFSSL_BIO* bio, WOLFSSL_X509* x509); +#if !defined(NO_FILESYSTEM) +WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509_fp(XFILE fp, + WOLFSSL_X509** x509); +#endif WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509_bio(WOLFSSL_BIO* bio, WOLFSSL_X509** x509); WOLFSSL_API WOLFSSL_X509_STORE* wolfSSL_CTX_get_cert_store(WOLFSSL_CTX* ctx); @@ -2543,6 +2564,10 @@ WOLFSSL_API int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *p WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u); WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_AUX (WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u); +#ifndef NO_FILESYSTEM +WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_PEM_read_X509_CRL(FILE *fp, WOLFSSL_X509_CRL **x, + pem_password_cb *cb, void *u); +#endif /*lighttp compatibility */ @@ -2575,6 +2600,8 @@ WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(WOLFSSL_X509_NA WOLFSSL_API void wolfSSL_sk_X509_NAME_pop_free(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk, void f (WOLFSSL_X509_NAME*)); WOLFSSL_API unsigned char *wolfSSL_SHA1(const unsigned char *d, size_t n, unsigned char *md); WOLFSSL_API unsigned char *wolfSSL_SHA256(const unsigned char *d, size_t n, unsigned char *md); +WOLFSSL_API unsigned char *wolfSSL_SHA384(const unsigned char *d, size_t n, unsigned char *md); +WOLFSSL_API unsigned char *wolfSSL_SHA512(const unsigned char *d, size_t n, unsigned char *md); WOLFSSL_API int wolfSSL_X509_check_private_key(WOLFSSL_X509*, WOLFSSL_EVP_PKEY*); WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_dup_CA_list( WOLF_STACK_OF(WOLFSSL_X509_NAME) *sk ); @@ -2875,6 +2902,7 @@ WOLFSSL_API int i2t_ASN1_OBJECT(char *buf, int buf_len, WOLFSSL_ASN1_OBJECT *a); WOLFSSL_API void SSL_CTX_set_tmp_dh_callback(WOLFSSL_CTX *ctx, WOLFSSL_DH *(*dh) (WOLFSSL *ssl, int is_export, int keylength)); WOLFSSL_API WOLF_STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); WOLFSSL_API int X509_STORE_load_locations(WOLFSSL_X509_STORE *ctx, const char *file, const char *dir); +WOLFSSL_API int wolfSSL_X509_STORE_add_crl(WOLFSSL_X509_STORE *ctx, WOLFSSL_X509_CRL *x); WOLFSSL_API int wolfSSL_sk_SSL_CIPHER_num(const void * p); WOLFSSL_API int wolfSSL_sk_SSL_COMP_zero(WOLFSSL_STACK* st); WOLFSSL_API WOLFSSL_CIPHER* wolfSSL_sk_SSL_CIPHER_value(void *ciphers, int idx); diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index da73afe58..35b372355 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -860,6 +860,7 @@ WOLFSSL_LOCAL int GetSerialNumber(const byte* input, word32* inOutIdx, WOLFSSL_LOCAL int GetNameHash(const byte* source, word32* idx, byte* hash, int maxIdx); WOLFSSL_LOCAL int wc_CheckPrivateKey(byte* key, word32 keySz, DecodedCert* der); +WOLFSSL_LOCAL int RsaPublicKeyDerSize(RsaKey* key, int with_header); #ifdef HAVE_ECC /* ASN sig helpers */ diff --git a/wolfssl/wolfcrypt/asn_public.h b/wolfssl/wolfcrypt/asn_public.h index 312332f96..9bd337eff 100644 --- a/wolfssl/wolfcrypt/asn_public.h +++ b/wolfssl/wolfcrypt/asn_public.h @@ -72,7 +72,8 @@ enum CertType { ECC_PUBLICKEY_TYPE, TRUSTED_PEER_TYPE, EDDSA_PRIVATEKEY_TYPE, - ED25519_TYPE + ED25519_TYPE, + PKCS12_TYPE }; diff --git a/wolfssl/wolfcrypt/rsa.h b/wolfssl/wolfcrypt/rsa.h index 5cbc76770..a11b016eb 100644 --- a/wolfssl/wolfcrypt/rsa.h +++ b/wolfssl/wolfcrypt/rsa.h @@ -247,8 +247,9 @@ WOLFSSL_API int wc_RsaExportKey(RsaKey* key, byte* p, word32* pSz, byte* q, word32* qSz); +WOLFSSL_API int wc_RsaKeyToPublicDer(RsaKey*, byte* output, word32 inLen); + #ifdef WOLFSSL_KEY_GEN - WOLFSSL_API int wc_RsaKeyToPublicDer(RsaKey*, byte* output, word32 inLen); WOLFSSL_API int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng); WOLFSSL_API int wc_CheckProbablePrime(const byte* p, word32 pSz, const byte* q, word32 qSz, diff --git a/wolfssl/wolfcrypt/sha.h b/wolfssl/wolfcrypt/sha.h index 8e3519f50..6d08cf5eb 100644 --- a/wolfssl/wolfcrypt/sha.h +++ b/wolfssl/wolfcrypt/sha.h @@ -64,7 +64,9 @@ #ifndef NO_OLD_WC_NAMES #define Sha wc_Sha - #define SHA WC_SHA + #if !defined(OPENSSL_EXTRA) + #define SHA WC_SHA + #endif #define SHA_BLOCK_SIZE WC_SHA_BLOCK_SIZE #define SHA_DIGEST_SIZE WC_SHA_DIGEST_SIZE #define SHA_PAD_SIZE WC_SHA_PAD_SIZE diff --git a/wolfssl/wolfcrypt/sha256.h b/wolfssl/wolfcrypt/sha256.h index a2d387a13..3409b5151 100644 --- a/wolfssl/wolfcrypt/sha256.h +++ b/wolfssl/wolfcrypt/sha256.h @@ -81,9 +81,10 @@ #define SHA256_NOINLINE #endif -#ifndef NO_OLD_SHA256_NAMES +#if !defined(NO_OLD_SHA256_NAMES) #define SHA256 WC_SHA256 #endif + #ifndef NO_OLD_WC_NAMES #define Sha256 wc_Sha256 #define SHA256_BLOCK_SIZE WC_SHA256_BLOCK_SIZE diff --git a/wolfssl/wolfcrypt/sha512.h b/wolfssl/wolfcrypt/sha512.h index ec93e80ef..315f56df0 100644 --- a/wolfssl/wolfcrypt/sha512.h +++ b/wolfssl/wolfcrypt/sha512.h @@ -71,9 +71,8 @@ #define SHA512_NOINLINE #endif -#ifndef NO_OLD_WC_NAMES +#if !defined(NO_OLD_WC_NAMES) #define Sha512 wc_Sha512 - #define SHA512 WC_SHA512 #define SHA512_BLOCK_SIZE WC_SHA512_BLOCK_SIZE #define SHA512_DIGEST_SIZE WC_SHA512_DIGEST_SIZE #define SHA512_PAD_SIZE WC_SHA512_PAD_SIZE @@ -123,9 +122,8 @@ WOLFSSL_API int wc_Sha512Copy(wc_Sha512* src, wc_Sha512* dst); #ifndef HAVE_FIPS /* avoid redefinition of structs */ -#ifndef NO_OLD_WC_NAMES +#if !defined(NO_OLD_SHA_NAMES) #define Sha384 wc_Sha384 - #define SHA384 WC_SHA384 #define SHA384_BLOCK_SIZE WC_SHA384_BLOCK_SIZE #define SHA384_DIGEST_SIZE WC_SHA384_DIGEST_SIZE #define SHA384_PAD_SIZE WC_SHA384_PAD_SIZE