diff --git a/src/pk.c b/src/pk.c index 465d0a3b3..fef36acc7 100644 --- a/src/pk.c +++ b/src/pk.c @@ -118,7 +118,9 @@ static int pk_bn_field_print_fp(XFILE fp, int indent, const char* field, } #endif /* !NO_CERTS && XFPRINTF && !NO_FILESYSTEM && !NO_STDIO_FILESYSTEM && * (!NO_DSA || !NO_RSA || HAVE_ECC) */ +#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ +#if defined(OPENSSL_EXTRA) #if defined(XSNPRINTF) && !defined(NO_BIO) && !defined(NO_RSA) && \ !defined(HAVE_FAST_RSA) /* snprintf() must be available */ @@ -7602,7 +7604,7 @@ void wolfSSL_DH_get0_pqg(const WOLFSSL_DH *dh, const WOLFSSL_BIGNUM **p, #ifdef HAVE_ECC -#ifdef OPENSSL_EXTRA +#if defined(OPENSSL_EXTRA) #ifndef NO_CERTS @@ -8808,42 +8810,6 @@ void wolfSSL_EC_GROUP_set_asn1_flag(WOLFSSL_EC_GROUP *group, int flag) } #endif -WOLFSSL_EC_GROUP *wolfSSL_EC_GROUP_new_by_curve_name(int nid) -{ - WOLFSSL_EC_GROUP *g; - int x, eccEnum; - - WOLFSSL_ENTER("wolfSSL_EC_GROUP_new_by_curve_name"); - - /* curve group */ - g = (WOLFSSL_EC_GROUP*)XMALLOC(sizeof(WOLFSSL_EC_GROUP), NULL, - DYNAMIC_TYPE_ECC); - if (g == NULL) { - WOLFSSL_MSG("wolfSSL_EC_GROUP_new_by_curve_name malloc failure"); - return NULL; - } - XMEMSET(g, 0, sizeof(WOLFSSL_EC_GROUP)); - - /* set the nid of the curve */ - g->curve_nid = nid; - g->curve_idx = -1; - - /* If NID passed in is OpenSSL type, convert it to ecc_curve_id enum */ - eccEnum = NIDToEccEnum(nid); - if (eccEnum != -1) { - /* search and set the corresponding internal curve idx */ - for (x = 0; ecc_sets[x].size != 0; x++) { - if (ecc_sets[x].id == eccEnum) { - g->curve_idx = x; - g->curve_oid = ecc_sets[x].oidSum; - break; - } - } - } - - return g; -} - /* return code compliant with OpenSSL : * the curve nid if success, 0 if error */ @@ -8926,6 +8892,44 @@ int wolfSSL_EC_GROUP_get_degree(const WOLFSSL_EC_GROUP *group) return 0; } } +#endif /* OPENSSL_EXTRA */ + +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) +WOLFSSL_EC_GROUP *wolfSSL_EC_GROUP_new_by_curve_name(int nid) +{ + WOLFSSL_EC_GROUP *g; + int x, eccEnum; + + WOLFSSL_ENTER("wolfSSL_EC_GROUP_new_by_curve_name"); + + /* curve group */ + g = (WOLFSSL_EC_GROUP*)XMALLOC(sizeof(WOLFSSL_EC_GROUP), NULL, + DYNAMIC_TYPE_ECC); + if (g == NULL) { + WOLFSSL_MSG("wolfSSL_EC_GROUP_new_by_curve_name malloc failure"); + return NULL; + } + XMEMSET(g, 0, sizeof(WOLFSSL_EC_GROUP)); + + /* set the nid of the curve */ + g->curve_nid = nid; + g->curve_idx = -1; + + /* If NID passed in is OpenSSL type, convert it to ecc_curve_id enum */ + eccEnum = NIDToEccEnum(nid); + if (eccEnum != -1) { + /* search and set the corresponding internal curve idx */ + for (x = 0; ecc_sets[x].size != 0; x++) { + if (ecc_sets[x].id == eccEnum) { + g->curve_idx = x; + g->curve_oid = ecc_sets[x].oidSum; + break; + } + } + } + + return g; +} /* Converts OpenSSL NID value of ECC curves to the associated enum values in ecc_curve_id, used by ecc_sets[].*/ @@ -8994,6 +8998,30 @@ int NIDToEccEnum(int n) } } +int wolfSSL_EC_GROUP_order_bits(const WOLFSSL_EC_GROUP *group) +{ + int ret; + mp_int order; + + if (group == NULL || group->curve_idx < 0) { + WOLFSSL_MSG("wolfSSL_EC_GROUP_order_bits NULL error"); + return 0; + } + + ret = mp_init(&order); + if (ret == 0) { + ret = mp_read_radix(&order, ecc_sets[group->curve_idx].order, + MP_RADIX_HEX); + if (ret == 0) + ret = mp_count_bits(&order); + mp_clear(&order); + } + + return ret; +} +#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ + +#if defined(OPENSSL_EXTRA) /* return code compliant with OpenSSL : * 1 if success, 0 if error */ @@ -9022,28 +9050,6 @@ int wolfSSL_EC_GROUP_get_order(const WOLFSSL_EC_GROUP *group, return 1; } -int wolfSSL_EC_GROUP_order_bits(const WOLFSSL_EC_GROUP *group) -{ - int ret; - mp_int order; - - if (group == NULL || group->curve_idx < 0) { - WOLFSSL_MSG("wolfSSL_EC_GROUP_order_bits NULL error"); - return 0; - } - - ret = mp_init(&order); - if (ret == 0) { - ret = mp_read_radix(&order, ecc_sets[group->curve_idx].order, - MP_RADIX_HEX); - if (ret == 0) - ret = mp_count_bits(&order); - mp_clear(&order); - } - - return ret; -} - /* End EC_GROUP */ /* Start EC_POINT */ @@ -11045,7 +11051,7 @@ int wolfSSL_EC_KEY_LoadDer_ex(WOLFSSL_EC_KEY* key, const unsigned char* derBuf, return 1; } -#endif /* OPENSSL_EXTRA */ +#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL*/ #endif /* HAVE_ECC */ diff --git a/src/ssl.c b/src/ssl.c index 9399072b6..b53b42435 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -8469,158 +8469,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_CTX_get0_privatekey(const WOLFSSL_CTX* ctx) } #endif -#ifdef OPENSSL_EXTRA - -WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY( - WOLFSSL_PKCS8_PRIV_KEY_INFO** pkey, const unsigned char** keyBuf, long keyLen) -{ - WOLFSSL_PKCS8_PRIV_KEY_INFO* pkcs8 = NULL; -#ifdef WOLFSSL_PEM_TO_DER - int ret; - DerBuffer* der = NULL; - - if (keyBuf == NULL || *keyBuf == NULL || keyLen <= 0) { - WOLFSSL_MSG("Bad key PEM/DER args"); - return NULL; - } - - ret = PemToDer(*keyBuf, keyLen, PRIVATEKEY_TYPE, &der, NULL, NULL, NULL); - if (ret < 0) { - WOLFSSL_MSG("Not PEM format"); - ret = AllocDer(&der, (word32)keyLen, PRIVATEKEY_TYPE, NULL); - if (ret == 0) { - XMEMCPY(der->buffer, *keyBuf, keyLen); - } - } - - if (ret == 0) { - /* Verify this is PKCS8 Key */ - word32 inOutIdx = 0; - word32 algId; - ret = ToTraditionalInline_ex(der->buffer, &inOutIdx, der->length, &algId); - if (ret >= 0) { - ret = 0; /* good DER */ - } - } - - if (ret == 0) { - pkcs8 = wolfSSL_EVP_PKEY_new(); - if (pkcs8 == NULL) - ret = MEMORY_E; - } - if (ret == 0) { - pkcs8->pkey.ptr = (char*)XMALLOC(der->length, NULL, - DYNAMIC_TYPE_PUBLIC_KEY); - if (pkcs8->pkey.ptr == NULL) - ret = MEMORY_E; - } - if (ret == 0) { - XMEMCPY(pkcs8->pkey.ptr, der->buffer, der->length); - pkcs8->pkey_sz = der->length; - } - - FreeDer(&der); - if (ret != 0) { - wolfSSL_EVP_PKEY_free(pkcs8); - pkcs8 = NULL; - } - if (pkey != NULL) { - *pkey = pkcs8; - } - -#else - (void)bio; - (void)pkey; -#endif /* WOLFSSL_PEM_TO_DER */ - - return pkcs8; -} - - -#ifndef NO_BIO -/* put SSL type in extra for now, not very common */ - -/* Converts a DER format key read from "bio" to a PKCS8 structure. - * - * bio input bio to read DER from - * pkey If not NULL then this pointer will be overwritten with a new PKCS8 - * structure. - * - * returns a WOLFSSL_PKCS8_PRIV_KEY_INFO pointer on success and NULL in fail - * case. - */ -WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY_bio(WOLFSSL_BIO* bio, - WOLFSSL_PKCS8_PRIV_KEY_INFO** pkey) -{ - WOLFSSL_PKCS8_PRIV_KEY_INFO* pkcs8 = NULL; -#ifdef WOLFSSL_PEM_TO_DER - unsigned char* mem = NULL; - int memSz; - - WOLFSSL_ENTER("wolfSSL_d2i_PKCS8_PKEY_bio"); - - if (bio == NULL) { - return NULL; - } - - if ((memSz = wolfSSL_BIO_get_mem_data(bio, &mem)) < 0) { - return NULL; - } - - pkcs8 = wolfSSL_d2i_PKCS8_PKEY(pkey, (const unsigned char**)&mem, memSz); -#else - (void)bio; - (void)pkey; -#endif /* WOLFSSL_PEM_TO_DER */ - - return pkcs8; -} - - -/* expecting DER format public key - * - * bio input bio to read DER from - * out If not NULL then this pointer will be overwritten with a new - * WOLFSSL_EVP_PKEY pointer - * - * returns a WOLFSSL_EVP_PKEY pointer on success and NULL in fail case. - */ -WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY_bio(WOLFSSL_BIO* bio, - WOLFSSL_EVP_PKEY** out) -{ - unsigned char* mem; - long memSz; - WOLFSSL_EVP_PKEY* pkey = NULL; - - WOLFSSL_ENTER("wolfSSL_d2i_PUBKEY_bio()"); - - if (bio == NULL) { - return NULL; - } - (void)out; - - memSz = wolfSSL_BIO_get_len(bio); - if (memSz <= 0) { - return NULL; - } - - mem = (unsigned char*)XMALLOC(memSz, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (mem == NULL) { - return NULL; - } - - if (wolfSSL_BIO_read(bio, mem, (int)memSz) == memSz) { - pkey = wolfSSL_d2i_PUBKEY(NULL, (const unsigned char**)&mem, memSz); - if (out != NULL && pkey != NULL) { - *out = pkey; - } - } - - XFREE(mem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); - return pkey; -} - -#endif /* !NO_BIO */ +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) static WOLFSSL_EVP_PKEY* d2iGenericKey(WOLFSSL_EVP_PKEY** out, const unsigned char** in, long inSz, int priv) @@ -8704,7 +8553,7 @@ static WOLFSSL_EVP_PKEY* d2iGenericKey(WOLFSSL_EVP_PKEY** out, } #endif /* NO_RSA */ - #ifdef HAVE_ECC + #if defined(HAVE_ECC) && defined(OPENSSL_EXTRA) { word32 keyIdx = 0; int isEccKey; @@ -8767,7 +8616,7 @@ static WOLFSSL_EVP_PKEY* d2iGenericKey(WOLFSSL_EVP_PKEY** out, } } } - #endif /* HAVE_ECC */ + #endif /* HAVE_ECC && OPENSSL_EXTRA */ #if !defined(NO_DSA) { @@ -9043,6 +8892,160 @@ static WOLFSSL_EVP_PKEY* d2iGenericKey(WOLFSSL_EVP_PKEY** out, return pkey; } +#endif /* OPENSSL_EXTRA || WPA_SMALL */ + +#ifdef OPENSSL_EXTRA + +WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY( + WOLFSSL_PKCS8_PRIV_KEY_INFO** pkey, const unsigned char** keyBuf, long keyLen) +{ + WOLFSSL_PKCS8_PRIV_KEY_INFO* pkcs8 = NULL; +#ifdef WOLFSSL_PEM_TO_DER + int ret; + DerBuffer* der = NULL; + + if (keyBuf == NULL || *keyBuf == NULL || keyLen <= 0) { + WOLFSSL_MSG("Bad key PEM/DER args"); + return NULL; + } + + ret = PemToDer(*keyBuf, keyLen, PRIVATEKEY_TYPE, &der, NULL, NULL, NULL); + if (ret < 0) { + WOLFSSL_MSG("Not PEM format"); + ret = AllocDer(&der, (word32)keyLen, PRIVATEKEY_TYPE, NULL); + if (ret == 0) { + XMEMCPY(der->buffer, *keyBuf, keyLen); + } + } + + if (ret == 0) { + /* Verify this is PKCS8 Key */ + word32 inOutIdx = 0; + word32 algId; + ret = ToTraditionalInline_ex(der->buffer, &inOutIdx, der->length, &algId); + if (ret >= 0) { + ret = 0; /* good DER */ + } + } + + if (ret == 0) { + pkcs8 = wolfSSL_EVP_PKEY_new(); + if (pkcs8 == NULL) + ret = MEMORY_E; + } + if (ret == 0) { + pkcs8->pkey.ptr = (char*)XMALLOC(der->length, NULL, + DYNAMIC_TYPE_PUBLIC_KEY); + if (pkcs8->pkey.ptr == NULL) + ret = MEMORY_E; + } + if (ret == 0) { + XMEMCPY(pkcs8->pkey.ptr, der->buffer, der->length); + pkcs8->pkey_sz = der->length; + } + + FreeDer(&der); + if (ret != 0) { + wolfSSL_EVP_PKEY_free(pkcs8); + pkcs8 = NULL; + } + if (pkey != NULL) { + *pkey = pkcs8; + } + +#else + (void)bio; + (void)pkey; +#endif /* WOLFSSL_PEM_TO_DER */ + + return pkcs8; +} + + +#ifndef NO_BIO +/* put SSL type in extra for now, not very common */ + +/* Converts a DER format key read from "bio" to a PKCS8 structure. + * + * bio input bio to read DER from + * pkey If not NULL then this pointer will be overwritten with a new PKCS8 + * structure. + * + * returns a WOLFSSL_PKCS8_PRIV_KEY_INFO pointer on success and NULL in fail + * case. + */ +WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY_bio(WOLFSSL_BIO* bio, + WOLFSSL_PKCS8_PRIV_KEY_INFO** pkey) +{ + WOLFSSL_PKCS8_PRIV_KEY_INFO* pkcs8 = NULL; +#ifdef WOLFSSL_PEM_TO_DER + unsigned char* mem = NULL; + int memSz; + + WOLFSSL_ENTER("wolfSSL_d2i_PKCS8_PKEY_bio"); + + if (bio == NULL) { + return NULL; + } + + if ((memSz = wolfSSL_BIO_get_mem_data(bio, &mem)) < 0) { + return NULL; + } + + pkcs8 = wolfSSL_d2i_PKCS8_PKEY(pkey, (const unsigned char**)&mem, memSz); +#else + (void)bio; + (void)pkey; +#endif /* WOLFSSL_PEM_TO_DER */ + + return pkcs8; +} + + +/* expecting DER format public key + * + * bio input bio to read DER from + * out If not NULL then this pointer will be overwritten with a new + * WOLFSSL_EVP_PKEY pointer + * + * returns a WOLFSSL_EVP_PKEY pointer on success and NULL in fail case. + */ +WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY_bio(WOLFSSL_BIO* bio, + WOLFSSL_EVP_PKEY** out) +{ + unsigned char* mem; + long memSz; + WOLFSSL_EVP_PKEY* pkey = NULL; + + WOLFSSL_ENTER("wolfSSL_d2i_PUBKEY_bio()"); + + if (bio == NULL) { + return NULL; + } + (void)out; + + memSz = wolfSSL_BIO_get_len(bio); + if (memSz <= 0) { + return NULL; + } + + mem = (unsigned char*)XMALLOC(memSz, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (mem == NULL) { + return NULL; + } + + if (wolfSSL_BIO_read(bio, mem, (int)memSz) == memSz) { + pkey = wolfSSL_d2i_PUBKEY(NULL, (const unsigned char**)&mem, memSz); + if (out != NULL && pkey != NULL) { + *out = pkey; + } + } + + XFREE(mem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + return pkey; +} + +#endif /* !NO_BIO */ /* Converts a DER encoded public key to a WOLFSSL_EVP_PKEY structure. @@ -15975,7 +15978,7 @@ cleanup: int wolfSSL_set1_verify_cert_store(WOLFSSL *ssl, WOLFSSL_X509_STORE* str) { - WOLFSSL_ENTER("wolfSSL_set0_verify_cert_store"); + WOLFSSL_ENTER("wolfSSL_set1_verify_cert_store"); if (ssl == NULL || str == NULL) { WOLFSSL_MSG("Bad parameter"); @@ -24555,7 +24558,11 @@ void* wolfSSL_sk_value(const WOLFSSL_STACK* sk, int i) case STACK_TYPE_X509_NAME_ENTRY: return (void*)sk->data.name_entry; case STACK_TYPE_CONF_VALUE: + #ifdef OPENSSL_EXTRA return (void*)sk->data.conf; + #else + return NULL; + #endif case STACK_TYPE_X509_INFO: return (void*)sk->data.info; case STACK_TYPE_BY_DIR_entry: @@ -24708,9 +24715,6 @@ void wolfSSL_sk_GENERIC_free(WOLFSSL_STACK* sk) { wolfSSL_sk_free(sk); } -#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ - -#ifdef OPENSSL_EXTRA /* Free all nodes in a stack including the pushed objects */ void wolfSSL_sk_pop_free(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk, @@ -24751,17 +24755,19 @@ void wolfSSL_sk_pop_free(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk, func = (wolfSSL_sk_freefunc)wolfSSL_ASN1_OBJECT_free; break; case STACK_TYPE_DIST_POINT: + #ifdef OPENSSL_EXTRA func = (wolfSSL_sk_freefunc)wolfSSL_DIST_POINT_free; + #endif break; case STACK_TYPE_GEN_NAME: func = (wolfSSL_sk_freefunc)wolfSSL_GENERAL_NAME_free; break; + case STACK_TYPE_STRING: #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \ defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) - case STACK_TYPE_STRING: func = (wolfSSL_sk_freefunc)wolfSSL_WOLFSSL_STRING_free; - break; #endif + break; case STACK_TYPE_X509_NAME: #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) \ && !defined(WOLFCRYPT_ONLY) @@ -24786,7 +24792,7 @@ void wolfSSL_sk_pop_free(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk, #endif break; case STACK_TYPE_CONF_VALUE: - #ifdef OPENSSL_ALL + #if defined(OPENSSL_ALL) func = (wolfSSL_sk_freefunc)wolfSSL_X509V3_conf_free; #endif break; @@ -24796,7 +24802,7 @@ void wolfSSL_sk_pop_free(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk, #endif break; case STACK_TYPE_BIO: -#if !defined(NO_BIO) +#if !defined(NO_BIO) && defined(OPENSSL_EXTRA) func = (wolfSSL_sk_freefunc)wolfSSL_BIO_vfree; #endif break; @@ -24833,9 +24839,7 @@ void wolfSSL_sk_pop_free(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk, sk = next; } } -#endif /* OPENSSL_EXTRA */ -#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) /* Creates and returns a new null stack. */ WOLFSSL_STACK* wolfSSL_sk_new_null(void) { @@ -29273,8 +29277,29 @@ int wolfSSL_ASN1_STRING_canon(WOLFSSL_ASN1_STRING* asn_out, #if defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) || \ defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(HAVE_STUNNEL) || \ defined(WOLFSSL_NGINX) || defined(HAVE_POCO_LIB) || \ - defined(WOLFSSL_HAPROXY) + defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_WPAS_SMALL) + /* Returns the long name that corresponds with an ASN1_OBJECT nid value. + * n : NID value of ASN1_OBJECT to search */ + const char* wolfSSL_OBJ_nid2ln(int n) + { + const WOLFSSL_ObjectInfo *obj_info = wolfssl_object_info; + size_t i; + WOLFSSL_ENTER("wolfSSL_OBJ_nid2ln"); + for (i = 0; i < WOLFSSL_OBJECT_INFO_SZ; i++, obj_info++) { + if (obj_info->nid == n) { + return obj_info->lName; + } + } + WOLFSSL_MSG("NID not found in table"); + return NULL; + } +#endif /* OPENSSL_EXTRA, HAVE_LIGHTY, WOLFSSL_MYSQL_COMPATIBLE, HAVE_STUNNEL, + WOLFSSL_NGINX, HAVE_POCO_LIB, WOLFSSL_HAPROXY, WOLFSSL_WPAS_SMALL */ +#if defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) || \ + defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(HAVE_STUNNEL) || \ + defined(WOLFSSL_NGINX) || defined(HAVE_POCO_LIB) || \ + defined(WOLFSSL_HAPROXY) char wolfSSL_CTX_use_certificate(WOLFSSL_CTX *ctx, WOLFSSL_X509 *x) { int ret; @@ -29632,22 +29657,6 @@ int wolfSSL_ASN1_STRING_canon(WOLFSSL_ASN1_STRING* asn_out, return oid2nid(oid, o->grp); } - /* Returns the long name that corresponds with an ASN1_OBJECT nid value. - * n : NID value of ASN1_OBJECT to search */ - const char* wolfSSL_OBJ_nid2ln(int n) - { - const WOLFSSL_ObjectInfo *obj_info = wolfssl_object_info; - size_t i; - WOLFSSL_ENTER("wolfSSL_OBJ_nid2ln"); - for (i = 0; i < WOLFSSL_OBJECT_INFO_SZ; i++, obj_info++) { - if (obj_info->nid == n) { - return obj_info->lName; - } - } - WOLFSSL_MSG("NID not found in table"); - return NULL; - } - /* Return the corresponding NID for the long name * or NID_undef if NID can't be found. */ diff --git a/src/x509.c b/src/x509.c index cc0412732..cff25bf11 100644 --- a/src/x509.c +++ b/src/x509.c @@ -1803,7 +1803,9 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c, WOLFSSL_STACK* sk = NULL; WOLFSSL_ASN1_OBJECT* obj = NULL; WOLFSSL_GENERAL_NAME* gn = NULL; +#ifdef OPENSSL_EXTRA WOLFSSL_DIST_POINT* dp = NULL; +#endif WOLFSSL_BASIC_CONSTRAINTS* bc = NULL; WOLFSSL_ENTER("wolfSSL_X509_get_ext_d2i"); @@ -1930,6 +1932,7 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c, } case CRL_DIST_OID: + #if defined(OPENSSL_EXTRA) if (x509->CRLdistSet && x509->CRLInfo != NULL) { if (c != NULL) { *c = x509->CRLdistCrit; @@ -1986,7 +1989,7 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c, else { WOLFSSL_MSG("No CRL dist set"); } - + #endif /* OPENSSL_EXTRA */ break; case AUTH_INFO_OID: @@ -2250,9 +2253,11 @@ err: if (gn) { wolfSSL_GENERAL_NAME_free(gn); } + #ifdef OPENSSL_EXTRA if (dp) { wolfSSL_DIST_POINT_free(dp); } + #endif if (sk) { wolfSSL_sk_free(sk); } @@ -3968,7 +3973,6 @@ void wolfSSL_sk_GENERAL_NAME_free(WOLFSSL_STACK* sk) #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ #ifdef OPENSSL_EXTRA - static void wolfSSL_DIST_POINT_NAME_free(WOLFSSL_DIST_POINT_NAME* dpn) { if (dpn != NULL) { @@ -4222,7 +4226,7 @@ void wolfSSL_GENERAL_NAME_free(WOLFSSL_GENERAL_NAME* name) XFREE(name, NULL, DYNAMIC_TYPE_OPENSSL); } } -#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ +#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL*/ #ifdef OPENSSL_EXTRA void wolfSSL_GENERAL_NAMES_free(WOLFSSL_GENERAL_NAMES *gens) @@ -4922,7 +4926,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509) key->ecc->inSet = 1; } - #endif /* HAVE_ECC */ + #endif /* HAVE_ECC && OPENSSL_EXTRA */ #ifndef NO_DSA if (key->type == EVP_PKEY_DSA) { @@ -9125,7 +9129,8 @@ cleanup: #endif /* WOLFSSL_CERT_GEN */ -#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) +#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL) || defined(WOLFSSL_WPAS_SMALL) /* Converts from NID_* value to wolfSSL value if needed. * * @param [in] nid Numeric Id of a domain name component. @@ -9154,7 +9159,10 @@ static int ConvertNIDToWolfSSL(int nid) return -1; } } +#endif /* OPENSSL_ALL || OPENSSL_EXTRA || + OPENSSL_EXTRA_X509_SMALL || WOLFSSL_WPAS_SMALL*/ +#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) /* This is to convert the x509 name structure into canonical DER format */ /* , which has the following rules: */ /* convert to UTF8 */ @@ -9271,7 +9279,7 @@ int wolfSSL_i2d_X509_NAME_canon(WOLFSSL_X509_NAME* name, unsigned char** out) } return totalBytes; } -#endif /* OPENSSL_ALL || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL*/ +#endif /* OPENSSL_ALL || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ #ifdef WOLFSSL_CERT_GEN /* Guarded by either @@ -9415,7 +9423,8 @@ int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* name, unsigned char** out) #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ #endif /* WOLFSSL_CERT_GEN */ -#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) || \ + defined (WOLFSSL_WPAS_SMALL) WOLFSSL_X509_NAME *wolfSSL_d2i_X509_NAME(WOLFSSL_X509_NAME **name, unsigned char **in, long length) @@ -9473,8 +9482,11 @@ cleanup: #endif return tmp; } +#endif /* OPENSSL_EXTRA || OPENSSL_ALL || WOLFSSL_WPAS_SMALL */ +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) + /* Compares the two X509 names. If the size of x is larger then y then a * positive value is returned if x is smaller a negative value is returned. * In the case that the sizes are equal a the value of strcmp between the diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 8103dbc04..b3cf753dd 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -4987,7 +4987,7 @@ static const byte server[SIZEOF_SENDER+1] = { 0x53, 0x52, 0x56, 0x52, 0x00 }; /* static const byte tls_client[FINISHED_LABEL_SZ + 1] = "client finished"; static const byte tls_server[FINISHED_LABEL_SZ + 1] = "server finished"; -#ifdef OPENSSL_EXTRA +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) typedef struct { int name_len; const char *name; @@ -5002,7 +5002,7 @@ extern const WOLF_EC_NIST_NAME kNistCurves[]; #else #define kNistCurves_MAX_NAME_LEN 7 #endif -#endif +#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ /* internal functions */ WOLFSSL_LOCAL int SendChangeCipher(WOLFSSL* ssl); @@ -5060,7 +5060,7 @@ WOLFSSL_LOCAL IOTSAFE *wolfSSL_get_iotsafe_ctx(WOLFSSL *ssl); WOLFSSL_LOCAL int wolfSSL_set_iotsafe_ctx(WOLFSSL *ssl, IOTSAFE *iotsafe); #endif -#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) +#if (defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)) && defined(HAVE_ECC) WOLFSSL_LOCAL int SetECKeyInternal(WOLFSSL_EC_KEY* eckey); WOLFSSL_LOCAL int SetECKeyExternal(WOLFSSL_EC_KEY* eckey); #endif