diff --git a/src/ssl.c b/src/ssl.c index 688fc41fe..8d54d8812 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -8567,6 +8567,111 @@ int wolfSSL_check_private_key(const WOLFSSL* ssl) } #if defined(OPENSSL_ALL) +unsigned int wolfSSL_X509_get_extension_flags(WOLFSSL_X509* x509) +{ + unsigned int flags = 0; + + WOLFSSL_ENTER("wolfSSL_X509_get_extension_flags"); + + if (x509 != NULL) { + if (x509->keyUsageSet) { + flags |= EXFLAG_KUSAGE; + } + if (x509->extKeyUsageSrc != NULL) { + flags |= EXFLAG_XKUSAGE; + } + } + + WOLFSSL_LEAVE("wolfSSL_X509_get_extension_flags", flags); + + return flags; +} + +unsigned int wolfSSL_X509_get_key_usage(WOLFSSL_X509* x509) +{ + unsigned int ret = 0; + + WOLFSSL_ENTER("wolfSSL_X509_get_key_usage"); + + if (x509 == NULL) { + WOLFSSL_MSG("x509 is NULL"); + } + else { + if (x509->keyUsageSet) { + ret = wolfSSL_X509_get_keyUsage(x509); + } + else { + ret = (unsigned int)-1; + } + } + + WOLFSSL_LEAVE("wolfSSL_X509_get_key_usage", ret); + + return ret; +} + +unsigned int wolfSSL_X509_get_extended_key_usage(WOLFSSL_X509* x509) +{ + int ret = 0; + int rc; + word32 idx = 0; + word32 oid; + + WOLFSSL_ENTER("wolfSSL_X509_get_extended_key_usage"); + + if (x509 == NULL) { + WOLFSSL_MSG("x509 is NULL"); + } + else if (x509->extKeyUsageSrc != NULL) { + while (idx < x509->extKeyUsageSz) { + rc = GetObjectId(x509->extKeyUsageSrc, &idx, &oid, + oidCertKeyUseType, x509->extKeyUsageSz); + if (rc == ASN_UNKNOWN_OID_E) { + continue; + } + else if (rc < 0) { + WOLFSSL_MSG("GetObjectId failed"); + ret = -1; + break; + } + + switch (oid) { + case EKU_ANY_OID: + ret |= XKU_ANYEKU; + break; + case EKU_SERVER_AUTH_OID: + ret |= XKU_SSL_SERVER; + break; + case EKU_CLIENT_AUTH_OID: + ret |= XKU_SSL_CLIENT; + break; + case EKU_CODESIGNING_OID: + ret |= XKU_CODE_SIGN; + break; + case EKU_EMAILPROTECT_OID: + ret |= XKU_SMIME; + break; + case EKU_TIMESTAMP_OID: + ret |= XKU_TIMESTAMP; + break; + case EKU_OCSP_SIGN_OID: + ret |= XKU_OCSP_SIGN; + break; + default: + break; + } + } + } + else { + WOLFSSL_MSG("x509->extKeyUsageSrc is NULL"); + ret = -1; + } + + WOLFSSL_LEAVE("wolfSSL_X509_get_extended_key_usage", ret); + + return (unsigned int)ret; +} + /* Returns the number of X509V3 extensions in X509 object, or 0 on failure */ int wolfSSL_X509_get_ext_count(const WOLFSSL_X509* passedCert) { @@ -26297,14 +26402,97 @@ int wolfSSL_X509_cmp_current_time(const WOLFSSL_ASN1_TIME* asnTime) return wolfSSL_X509_cmp_time(asnTime, NULL); } +/* Converts a WOLFSSL_ASN1_TIME to a struct tm. Returns WOLFSSL_SUCCESS on + * success and WOLFSSL_FAILURE on failure. */ +static int Asn1TimeToTm(WOLFSSL_ASN1_TIME* asnTime, struct tm* tm) +{ + unsigned char* asn1TimeBuf; + int asn1TimeBufLen; + int i = 0; + int bytesNeeded = 10; + + if (asnTime == NULL) { + WOLFSSL_MSG("asnTime is NULL"); + return WOLFSSL_FAILURE; + } + if (tm == NULL) { + WOLFSSL_MSG("tm is NULL"); + return WOLFSSL_FAILURE; + } + + asn1TimeBuf = wolfSSL_ASN1_TIME_get_data(asnTime); + if (asn1TimeBuf == NULL) { + WOLFSSL_MSG("Failed to get WOLFSSL_ASN1_TIME buffer."); + return WOLFSSL_FAILURE; + } + asn1TimeBufLen = wolfSSL_ASN1_TIME_get_length(asnTime); + if (asn1TimeBufLen <= 0) { + WOLFSSL_MSG("Failed to get WOLFSSL_ASN1_TIME buffer length."); + return WOLFSSL_FAILURE; + } + XMEMSET(tm, 0, sizeof(struct tm)); + + /* Convert ASN1_time to struct tm */ + /* Check type */ + if (asnTime->type == ASN_UTC_TIME) { + /* 2-digit year */ + bytesNeeded += 2; + if (bytesNeeded > asn1TimeBufLen) { + WOLFSSL_MSG("WOLFSSL_ASN1_TIME buffer length is invalid."); + return WOLFSSL_FAILURE; + } + + tm->tm_year = (asn1TimeBuf[i] - '0') * 10; i++; + tm->tm_year += asn1TimeBuf[i] - '0'; i++; + if (tm->tm_year < 70) { + tm->tm_year += 100; + } + } + else if (asnTime->type == ASN_GENERALIZED_TIME) { + /* 4-digit year */ + bytesNeeded += 4; + if (bytesNeeded > asn1TimeBufLen) { + WOLFSSL_MSG("WOLFSSL_ASN1_TIME buffer length is invalid."); + return WOLFSSL_FAILURE; + } + + tm->tm_year = (asn1TimeBuf[i] - '0') * 1000; i++; + tm->tm_year += (asn1TimeBuf[i] - '0') * 100; i++; + tm->tm_year += (asn1TimeBuf[i] - '0') * 10; i++; + tm->tm_year += asn1TimeBuf[i] - '0'; i++; + tm->tm_year -= 1900; + } + else { + WOLFSSL_MSG("asnTime->type is invalid."); + return WOLFSSL_FAILURE; + } + + tm->tm_mon = (asn1TimeBuf[i] - '0') * 10; i++; + tm->tm_mon += (asn1TimeBuf[i] - '0') - 1; i++; /* January is 0 not 1 */ + tm->tm_mday = (asn1TimeBuf[i] - '0') * 10; i++; + tm->tm_mday += (asn1TimeBuf[i] - '0'); i++; + tm->tm_hour = (asn1TimeBuf[i] - '0') * 10; i++; + tm->tm_hour += (asn1TimeBuf[i] - '0'); i++; + tm->tm_min = (asn1TimeBuf[i] - '0') * 10; i++; + tm->tm_min += (asn1TimeBuf[i] - '0'); i++; + tm->tm_sec = (asn1TimeBuf[i] - '0') * 10; i++; + tm->tm_sec += (asn1TimeBuf[i] - '0'); + +#ifdef XMKTIME + /* Call XMKTIME on tm to get the tm_wday and tm_yday fields populated. */ + XMKTIME(tm); +#endif + + return WOLFSSL_SUCCESS; +} + /* return -1 if asnTime is earlier than or equal to cmpTime, and 1 otherwise * return 0 on error */ int wolfSSL_X509_cmp_time(const WOLFSSL_ASN1_TIME* asnTime, time_t* cmpTime) { - int ret = WOLFSSL_FAILURE, i = 0; + int ret = WOLFSSL_FAILURE; time_t tmpTime, *pTime = &tmpTime; - byte data_ptr[MAX_TIME_STRING_SZ], inv = 0; struct tm ts, *tmpTs, *ct; #if defined(NEED_TMP_TIME) /* for use with gmtime_r */ @@ -26328,54 +26516,19 @@ int wolfSSL_X509_cmp_time(const WOLFSSL_ASN1_TIME* asnTime, time_t* cmpTime) pTime = cmpTime; } - /* Convert ASN1_time to time_t */ - XMEMSET(&ts, 0, sizeof(struct tm)); - - /* Check type */ - if (asnTime->type == ASN_UTC_TIME) { - /* 2-digit year */ - XMEMCPY(data_ptr, &asnTime->data[i], ASN_UTC_TIME_SIZE); - ts.tm_year = (data_ptr[i] - '0') * 10; i++; - ts.tm_year += data_ptr[i] - '0'; i++; - if (ts.tm_year < 70) { - ts.tm_year += 100; - } - } - else if (asnTime->type == ASN_GENERALIZED_TIME) { - /* 4-digit year */ - XMEMCPY(data_ptr, &asnTime->data[i], ASN_GENERALIZED_TIME_SIZE); - ts.tm_year = (data_ptr[i] - '0') * 1000; i++; - ts.tm_year += (data_ptr[i] - '0') * 100; i++; - ts.tm_year += (data_ptr[i] - '0') * 10; i++; - ts.tm_year += data_ptr[i] - '0'; i++; - ts.tm_year -= 1900; - } - else { - /* Invalid type */ - inv = 1; + if (Asn1TimeToTm((WOLFSSL_ASN1_TIME*)asnTime, &ts) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("Failed to convert WOLFSSL_ASN1_TIME to struct tm."); + return WOLFSSL_FAILURE; } - if (inv != 1) { - ts.tm_mon = (data_ptr[i] - '0') * 10; i++; - ts.tm_mon += (data_ptr[i] - '0') - 1; i++; /* January is 0 not 1 */ - ts.tm_mday = (data_ptr[i] - '0') * 10; i++; - ts.tm_mday += (data_ptr[i] - '0'); i++; - ts.tm_hour = (data_ptr[i] - '0') * 10; i++; - ts.tm_hour += (data_ptr[i] - '0'); i++; - ts.tm_min = (data_ptr[i] - '0') * 10; i++; - ts.tm_min += (data_ptr[i] - '0'); i++; - ts.tm_sec = (data_ptr[i] - '0') * 10; i++; - ts.tm_sec += (data_ptr[i] - '0'); + /* Convert to time struct*/ + ct = XGMTIME(pTime, tmpTs); - /* Convert to time struct*/ - ct = XGMTIME(pTime, tmpTs); + if (ct == NULL) + return GETTIME_ERROR; - if (ct == NULL) - return GETTIME_ERROR; - - /* DateGreaterThan returns 1 for >; 0 for <= */ - ret = DateGreaterThan(&ts, ct) ? 1 : -1; - } + /* DateGreaterThan returns 1 for >; 0 for <= */ + ret = DateGreaterThan(&ts, ct) ? 1 : -1; return ret; } @@ -26675,6 +26828,40 @@ char* wolfSSL_ASN1_TIME_to_string(WOLFSSL_ASN1_TIME* t, char* buf, int len) return buf; } + +int wolfSSL_ASN1_TIME_to_tm(const WOLFSSL_ASN1_TIME* asnTime, struct tm* tm) +{ + time_t currentTime; + + WOLFSSL_ENTER("wolfSSL_ASN1_TIME_to_tm"); + + /* If asnTime is NULL, then the current time is converted. */ + if (asnTime == NULL) { + if (tm == NULL) { + WOLFSSL_MSG("asnTime and tm are both NULL"); + return WOLFSSL_FAILURE; + } + + currentTime = XTIME(0); + if (currentTime < 0) { + WOLFSSL_MSG("Failed to get current time."); + return WOLFSSL_FAILURE; + } + if (XGMTIME(¤tTime, tm) == NULL) { + WOLFSSL_MSG("Failed to convert current time to UTC."); + return WOLFSSL_FAILURE; + } + + return WOLFSSL_SUCCESS; + } + + /* If tm is NULL this function performs a format check on asnTime only. */ + if (tm == NULL) { + return wolfSSL_ASN1_TIME_check(asnTime); + } + + return Asn1TimeToTm((WOLFSSL_ASN1_TIME*)asnTime, tm); +} #endif /* !NO_ASN_TIME */ #endif /* WOLFSSL_MYSQL_COMPATIBLE || WOLFSSL_NGINX || WOLFSSL_HAPROXY || OPENSSL_EXTRA*/ @@ -29323,38 +29510,86 @@ int wolfSSL_ASN1_UTCTIME_print(WOLFSSL_BIO* bio, const WOLFSSL_ASN1_UTCTIME* a) * returns WOLFSSL_SUCCESS (1) if correct otherwise WOLFSSL_FAILURE (0) */ int wolfSSL_ASN1_TIME_check(const WOLFSSL_ASN1_TIME* a) { -#ifndef NO_ASN_TIME char buf[MAX_TIME_STRING_SZ]; -#endif WOLFSSL_ENTER("wolfSSL_ASN1_TIME_check"); -#ifndef NO_ASN_TIME /* if can parse the WOLFSSL_ASN1_TIME passed in then consider syntax good */ if (wolfSSL_ASN1_TIME_to_string((WOLFSSL_ASN1_TIME*)a, buf, MAX_TIME_STRING_SZ) == NULL) { return WOLFSSL_FAILURE; } + return WOLFSSL_SUCCESS; +} + +int wolfSSL_ASN1_TIME_diff(int *days, int *secs, const WOLFSSL_ASN1_TIME *from, + const WOLFSSL_ASN1_TIME *to) +{ +#if defined(XMKTIME) && defined(XDIFFTIME) + const int SECS_PER_DAY = 24 * 60 * 60; + struct tm fromTm; + struct tm toTm; + time_t fromSecs; + time_t toSecs; + double diffSecs; + + WOLFSSL_ENTER("wolfSSL_ASN1_TIME_diff"); + + if (days == NULL) { + WOLFSSL_MSG("days is NULL"); + return WOLFSSL_FAILURE; + } + if (secs == NULL) { + WOLFSSL_MSG("secs is NULL"); + return WOLFSSL_FAILURE; + } + + if (from == NULL && to == NULL) { + *days = 0; + *secs = 0; + return WOLFSSL_SUCCESS; + } + + if (from == NULL) { + fromSecs = XTIME(0); + XGMTIME(&fromSecs, &fromTm); + } + else if (wolfSSL_ASN1_TIME_to_tm(from, &fromTm) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("Failed to convert from time to struct tm."); + return WOLFSSL_FAILURE; + } + fromSecs = XMKTIME(&fromTm); + if (fromSecs < 0) { + WOLFSSL_MSG("XMKTIME for from time failed."); + return WOLFSSL_FAILURE; + } + + if (to == NULL) { + toSecs = XTIME(0); + XGMTIME(&toSecs, &toTm); + } + else if (wolfSSL_ASN1_TIME_to_tm(to, &toTm) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("Failed to convert to time to struct tm."); + return WOLFSSL_FAILURE; + } + toSecs = XMKTIME(&toTm); + if (toSecs < 0) { + WOLFSSL_MSG("XMKTIME for to time failed."); + return WOLFSSL_FAILURE; + } + + diffSecs = XDIFFTIME(toSecs, fromSecs); + *days = (int) (diffSecs / SECS_PER_DAY); + *secs = (int) (diffSecs - (*days * SECS_PER_DAY)); + return WOLFSSL_SUCCESS; #else - (void)a; return WOLFSSL_FAILURE; -#endif +#endif /* XMKTIME && XDIFFTIME */ } #endif /* !NO_ASN_TIME */ #ifndef NO_WOLFSSL_STUB -int wolfSSL_ASN1_TIME_diff(int *pday, int *psec, - const WOLFSSL_ASN1_TIME *from, const WOLFSSL_ASN1_TIME *to) -{ - WOLFSSL_STUB("wolfSSL_ASN1_TIME_diff"); - (void)pday; - (void)psec; - (void)from; - (void)to; - return 0; -} - WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_set(WOLFSSL_ASN1_TIME *s, time_t t) { WOLFSSL_STUB("wolfSSL_ASN1_TIME_set"); @@ -41903,18 +42138,57 @@ cleanup: WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, - pem_password_cb *cb, void *u) + pem_password_cb *cb, void *u) { return loadX509orX509REQFromPemBio(bp, x, cb, u, CERT_TYPE); } #ifdef WOLFSSL_CERT_REQ WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_REQ(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, - pem_password_cb *cb, void *u) + pem_password_cb *cb, void *u) { return loadX509orX509REQFromPemBio(bp, x, cb, u, CERTREQ_TYPE); } -#endif + +#ifndef NO_FILESYSTEM + WOLFSSL_X509* wolfSSL_PEM_read_X509_REQ(XFILE fp, WOLFSSL_X509** x, + pem_password_cb* cb, void* u) + { + int err = 0; + WOLFSSL_X509* ret = NULL; + WOLFSSL_BIO* bio = NULL; + + WOLFSSL_ENTER("wolfSSL_PEM_read_X509_REQ"); + + if (fp == XBADFILE) { + WOLFSSL_MSG("Invalid file."); + err = 1; + } + + if (err == 0) { + bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file()); + if (bio == NULL) { + WOLFSSL_MSG("Failed to create new BIO with input file."); + err = 1; + } + } + if (err == 0 && wolfSSL_BIO_set_fp(bio, fp, BIO_CLOSE) + != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("Failed to set BIO file pointer."); + err = 1; + } + if (err == 0) { + ret = wolfSSL_PEM_read_bio_X509_REQ(bio, x, cb, u); + } + + if (bio != NULL) { + wolfSSL_BIO_free(bio); + } + + return ret; + } +#endif /* !NO_FILESYSTEM */ +#endif /* WOLFSSL_CERT_REQ */ WOLFSSL_X509_CRL *wolfSSL_PEM_read_bio_X509_CRL(WOLFSSL_BIO *bp, WOLFSSL_X509_CRL **x, pem_password_cb *cb, void *u) @@ -45901,6 +46175,11 @@ int wolfSSL_DH_generate_parameters_ex(WOLFSSL_DH* dh, int prime_len, int generat } #endif /* WOLFSSL_KEY_GEN && !HAVE_SELFTEST */ +int wolfSSL_ERR_load_ERR_strings(void) +{ + return WOLFSSL_SUCCESS; +} + void wolfSSL_ERR_load_crypto_strings(void) { WOLFSSL_ENTER("wolfSSL_ERR_load_crypto_strings"); @@ -56505,6 +56784,14 @@ int wolfSSL_CONF_cmd(WOLFSSL_CONF_CTX* cctx, const char* cmd, const char* value) return WOLFSSL_FAILURE; } + while (b != NULL && b->type != WOLFSSL_BIO_SOCKET) { + b = b->next; + } + if (b == NULL) { + WOLFSSL_MSG("Failed to find socket BIO in chain."); + return WOLFSSL_FAILURE; + } + b->port = (word16)p; return WOLFSSL_SUCCESS; } @@ -56627,6 +56914,38 @@ int wolfSSL_CONF_cmd(WOLFSSL_CONF_CTX* cctx, const char* cmd, const char* value) } } + void wolfSSL_BIO_ssl_shutdown(WOLFSSL_BIO* b) + { + int rc; + + WOLFSSL_ENTER("wolfSSL_BIO_ssl_shutdown"); + + if (b == NULL) { + WOLFSSL_MSG("BIO is null."); + return; + } + + while (b != NULL && b->type != WOLFSSL_BIO_SSL) { + b = b->next; + } + if (b == NULL) { + WOLFSSL_MSG("Failed to find SSL BIO in chain."); + return; + } + + if (b->ptr != NULL) { + rc = wolfSSL_shutdown((WOLFSSL*)b->ptr); + if (rc == SSL_SHUTDOWN_NOT_DONE) { + /* In this case, call again to give us a chance to read the + * close notify alert from the other end. */ + wolfSSL_shutdown((WOLFSSL*)b->ptr); + } + } + else { + WOLFSSL_MSG("BIO has no SSL pointer set."); + } + } + long wolfSSL_BIO_set_ssl(WOLFSSL_BIO* b, WOLFSSL* ssl, int closeF) { long ret = WOLFSSL_FAILURE; @@ -56645,6 +56964,128 @@ int wolfSSL_CONF_cmd(WOLFSSL_CONF_CTX* cctx, const char* cmd, const char* value) return ret; } + long wolfSSL_BIO_get_ssl(WOLFSSL_BIO* bio, WOLFSSL** ssl) + { + WOLFSSL_ENTER("wolfSSL_BIO_get_ssl"); + + if (bio == NULL) { + WOLFSSL_MSG("bio is null."); + return WOLFSSL_FAILURE; + } + if (ssl == NULL) { + WOLFSSL_MSG("ssl is null."); + return WOLFSSL_FAILURE; + } + if (bio->type != WOLFSSL_BIO_SSL) { + WOLFSSL_MSG("bio type is not WOLFSSL_BIO_SSL."); + return WOLFSSL_FAILURE; + } + + *ssl = (WOLFSSL*)bio->ptr; + + return WOLFSSL_SUCCESS; + } + + WOLFSSL_BIO* wolfSSL_BIO_new_ssl_connect(WOLFSSL_CTX* ctx) + { + WOLFSSL* ssl = NULL; + WOLFSSL_BIO* sslBio = NULL; + WOLFSSL_BIO* connBio = NULL; + int err = 0; + + WOLFSSL_ENTER("wolfSSL_BIO_new_ssl_connect"); + + if (ctx == NULL) { + WOLFSSL_MSG("ctx is NULL."); + err = 1; + } + + if (err == 0) { + ssl = wolfSSL_new(ctx); + if (ssl == NULL) { + WOLFSSL_MSG("Failed to create SSL object from ctx."); + err = 1; + } + } + if (err == 0) { + sslBio = wolfSSL_BIO_new(wolfSSL_BIO_f_ssl()); + if (sslBio == NULL) { + WOLFSSL_MSG("Failed to create SSL BIO."); + err = 1; + } + } + if (err == 0 && wolfSSL_BIO_set_ssl(sslBio, ssl, BIO_CLOSE) != + WOLFSSL_SUCCESS) { + WOLFSSL_MSG("Failed to set SSL pointer in BIO."); + err = 1; + } + if (err == 0) { + connBio = wolfSSL_BIO_new(wolfSSL_BIO_s_socket()); + if (connBio == NULL) { + WOLFSSL_MSG("Failed to create connect BIO."); + err = 1; + } + else { + wolfSSL_BIO_push(sslBio, connBio); + } + } + + if (err == 1) { + wolfSSL_free(ssl); + wolfSSL_BIO_free(sslBio); + wolfSSL_BIO_free(connBio); + } + + return sslBio; + } + + long wolfSSL_BIO_set_conn_hostname(WOLFSSL_BIO* b, char* name) + { + size_t currLen = 0; + size_t newLen = 0; + + WOLFSSL_ENTER("wolfSSL_BIO_set_conn_hostname"); + + if (name == NULL) { + WOLFSSL_MSG("Hostname is NULL."); + return WOLFSSL_FAILURE; + } + + while (b != NULL && b->type != WOLFSSL_BIO_SOCKET) { + b = b->next; + } + if (b == NULL) { + WOLFSSL_MSG("Failed to find socket BIO in chain."); + return WOLFSSL_FAILURE; + } + + newLen = XSTRLEN(name); + if (b->ip == NULL) { + /* +1 for null char */ + b->ip = (char*)XMALLOC(newLen + 1, b->heap, DYNAMIC_TYPE_OPENSSL); + if (b->ip == NULL) { + WOLFSSL_MSG("Hostname malloc failed."); + return WOLFSSL_FAILURE; + } + } + else { + currLen = XSTRLEN(b->ip); + if (currLen != newLen) { + b->ip = (char*)XREALLOC(b->ip, newLen + 1, b->heap, + DYNAMIC_TYPE_OPENSSL); + if (b->ip == NULL) { + WOLFSSL_MSG("Hostname realloc failed."); + return WOLFSSL_FAILURE; + } + } + } + + XMEMCPY(b->ip, name, newLen); + b->ip[newLen] = '\0'; + + return WOLFSSL_SUCCESS; + } + #ifndef NO_FILESYSTEM long wolfSSL_BIO_set_fd(WOLFSSL_BIO* b, int fd, int closeF) { diff --git a/tests/api.c b/tests/api.c index 352b7cbfc..1ec407ff4 100644 --- a/tests/api.c +++ b/tests/api.c @@ -29176,6 +29176,33 @@ static void test_wolfSSL_ASN1_UTCTIME_print(void) #endif /* OPENSSL_EXTRA && !NO_ASN_TIME && !NO_BIO */ } +static void test_wolfSSL_ASN1_TIME_diff(void) +{ +#if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) + ASN1_TIME* fromTime; + ASN1_TIME* toTime; + int daysDiff; + int secsDiff; + + printf(testingFmt, "test_wolfSSL_ASN1_TIME_diff"); + + AssertNotNull((fromTime = ASN1_TIME_new())); + /* Feb 22, 2003, 21:15:15 */ + AssertIntEQ(ASN1_TIME_set_string(fromTime, "030222211515Z"), 1); + AssertNotNull((toTime = ASN1_TIME_new())); + /* Dec 19, 2010, 18:10:11 */ + AssertIntEQ(ASN1_TIME_set_string(toTime, "101219181011Z"), 1); + AssertIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, fromTime, toTime), 1); + + AssertIntEQ(daysDiff, 2856); + AssertIntEQ(secsDiff, 75296); + + ASN1_TIME_free(fromTime); + ASN1_TIME_free(toTime); + + printf(resultFmt, passed); +#endif +} static void test_wolfSSL_ASN1_GENERALIZEDTIME_free(void) { @@ -34110,6 +34137,36 @@ static void test_wolfSSL_ASN1_TIME_adj(void) } +static void test_wolfSSL_ASN1_TIME_to_tm(void) +{ +#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || \ + defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) \ + && !defined(NO_ASN_TIME) + ASN1_TIME asnTime; + struct tm tm; + + printf(testingFmt, "wolfSSL_ASN1_TIME_to_tm()"); + + XMEMSET(&asnTime, 0, sizeof(ASN1_TIME)); + AssertIntEQ(ASN1_TIME_set_string(&asnTime, "000222211515Z"), 1); + AssertIntEQ(ASN1_TIME_to_tm(&asnTime, &tm), 1); + + AssertIntEQ(tm.tm_sec, 15); + AssertIntEQ(tm.tm_min, 15); + AssertIntEQ(tm.tm_hour, 21); + AssertIntEQ(tm.tm_mday, 22); + AssertIntEQ(tm.tm_mon, 1); + AssertIntEQ(tm.tm_year, 100); + AssertIntEQ(tm.tm_isdst, 0); +#ifdef XMKTIME + AssertIntEQ(tm.tm_wday, 2); + AssertIntEQ(tm.tm_yday, 52); +#endif + + printf(resultFmt, passed); +#endif +} + static void test_wolfSSL_X509_cmp_time(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) \ @@ -36608,10 +36665,11 @@ static void test_wolfSSL_BIO_connect(void) tcp_ready ready; func_args server_args; THREAD_TYPE serverThread; - BIO *tcp_bio; - BIO *ssl_bio; + BIO *tcpBio; + BIO *sslBio; SSL_CTX* ctx; SSL *ssl; + SSL *sslPtr; char msg[] = "hello wolfssl!"; char reply[30]; char buff[10] = {0}; @@ -36633,8 +36691,8 @@ static void test_wolfSSL_BIO_connect(void) /* Start the test proper */ /* Setup the TCP BIO */ - AssertNotNull(tcp_bio = BIO_new_connect(wolfSSLIP)); - AssertIntEQ(BIO_set_conn_port(tcp_bio, buff), 1); + AssertNotNull(tcpBio = BIO_new_connect(wolfSSLIP)); + AssertIntEQ(BIO_set_conn_port(tcpBio, buff), 1); /* Setup the SSL object */ AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); AssertIntEQ(WOLFSSL_SUCCESS, @@ -36646,27 +36704,58 @@ static void test_wolfSSL_BIO_connect(void) AssertNotNull(ssl = SSL_new(ctx)); SSL_set_connect_state(ssl); /* Setup the SSL BIO */ - AssertNotNull(ssl_bio = BIO_new(BIO_f_ssl())); - AssertIntEQ(BIO_set_ssl(ssl_bio, ssl, BIO_CLOSE), 1); - /* Link BIO's so that ssl_bio uses tcp_bio for IO */ - AssertPtrEq(BIO_push(ssl_bio, tcp_bio), ssl_bio); + AssertNotNull(sslBio = BIO_new(BIO_f_ssl())); + AssertIntEQ(BIO_set_ssl(sslBio, ssl, BIO_CLOSE), 1); + /* Verify that BIO_get_ssl works. */ + AssertIntEQ(BIO_get_ssl(sslBio, &sslPtr), 1); + AssertPtrEq(ssl, sslPtr); + /* Link BIO's so that sslBio uses tcpBio for IO */ + AssertPtrEq(BIO_push(sslBio, tcpBio), sslBio); /* Do TCP connect */ - AssertIntEQ(BIO_do_connect(ssl_bio), 1); + AssertIntEQ(BIO_do_connect(sslBio), 1); /* Do TLS handshake */ - AssertIntEQ(BIO_do_handshake(ssl_bio), 1); + AssertIntEQ(BIO_do_handshake(sslBio), 1); /* Test writing */ - AssertIntEQ(BIO_write(ssl_bio, msg, sizeof(msg)), sizeof(msg)); + AssertIntEQ(BIO_write(sslBio, msg, sizeof(msg)), sizeof(msg)); /* Expect length of default wolfSSL reply */ - AssertIntEQ(BIO_read(ssl_bio, reply, sizeof(reply)), 23); + AssertIntEQ(BIO_read(sslBio, reply, sizeof(reply)), 23); /* Clean it all up */ - BIO_free_all(ssl_bio); - SSL_CTX_free(ctx); - + BIO_free_all(sslBio); /* Server clean up */ join_thread(serverThread); FreeTcpReady(&ready); + /* Run the same test, but use BIO_new_ssl_connect and set the IP and port + * after. */ + XMEMSET(&server_args, 0, sizeof(func_args)); + StartTCP(); + InitTcpReady(&ready); +#if defined(USE_WINDOWS_API) + /* use RNG to get random port if using windows */ + ready.port = GetRandomPort(); +#endif + server_args.signal = &ready; + start_thread(test_server_nofail, &server_args, &serverThread); + wait_tcp_ready(&server_args); + AssertIntGT(XSPRINTF(buff, "%d", ready.port), 0); + + AssertNotNull(sslBio = BIO_new_ssl_connect(ctx)); + AssertIntEQ(BIO_set_conn_hostname(sslBio, (char*)wolfSSLIP), 1); + AssertIntEQ(BIO_set_conn_port(sslBio, buff), 1); + AssertIntEQ(BIO_do_connect(sslBio), 1); + AssertIntEQ(BIO_do_handshake(sslBio), 1); + AssertIntEQ(BIO_write(sslBio, msg, sizeof(msg)), sizeof(msg)); + AssertIntEQ(BIO_read(sslBio, reply, sizeof(reply)), 23); + /* Attempt to close the TLS connection gracefully. */ + BIO_ssl_shutdown(sslBio); + + BIO_free_all(sslBio); + join_thread(serverThread); + FreeTcpReady(&ready); + + SSL_CTX_free(ctx); + #if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS) wc_ecc_fp_free(); /* free per thread cache */ #endif @@ -42247,6 +42336,53 @@ static void test_wolfSSL_X509V3_EXT(void) { #endif } +static void test_wolfSSL_X509_get_extension_flags(void) +{ +#ifdef OPENSSL_ALL + XFILE f; + X509* x509; + unsigned int extFlags; + unsigned int keyUsageFlags; + unsigned int extKeyUsageFlags; + + printf(testingFmt, "test_wolfSSL_X509_get_extension_flags"); + + /* client-int-cert.pem has the following extension flags. */ + extFlags = EXFLAG_KUSAGE | EXFLAG_XKUSAGE; + /* and the following key usage flags. */ + keyUsageFlags = KU_DIGITAL_SIGNATURE + | KU_NON_REPUDIATION + | KU_KEY_ENCIPHERMENT; + /* and the following extended key usage flags. */ + extKeyUsageFlags = XKU_SSL_CLIENT | XKU_SMIME; + + f = XFOPEN("./certs/intermediate/client-int-cert.pem", "rb"); + AssertTrue(f != XBADFILE); + AssertNotNull(x509 = PEM_read_X509(f, NULL, NULL, NULL)); + XFCLOSE(f); + AssertIntEQ(X509_get_extension_flags(x509), extFlags); + AssertIntEQ(X509_get_key_usage(x509), keyUsageFlags); + AssertIntEQ(X509_get_extended_key_usage(x509), extKeyUsageFlags); + X509_free(x509); + + /* client-cert-ext.pem has the following extension flags. */ + extFlags = EXFLAG_KUSAGE; + /* and the following key usage flags. */ + keyUsageFlags = KU_DIGITAL_SIGNATURE + | KU_KEY_CERT_SIGN + | KU_CRL_SIGN; + + AssertNotNull(f = fopen("./certs/client-cert-ext.pem", "rb")); + AssertNotNull(x509 = PEM_read_X509(f, NULL, NULL, NULL)); + XFCLOSE(f); + AssertIntEQ(X509_get_extension_flags(x509), extFlags); + AssertIntEQ(X509_get_key_usage(x509), keyUsageFlags); + X509_free(x509); + + printf(resultFmt, passed); +#endif /* OPENSSL_ALL */ +} + static void test_wolfSSL_X509_get_ext(void){ #if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA) int ret = 0; @@ -45756,6 +45892,7 @@ static void test_wolfSSL_d2i_X509_REQ(void) */ #if !defined(NO_DSA) && !defined(HAVE_SELFTEST) const char* csrDsaFile = "./certs/csr.dsa.pem"; + XFILE f; #endif BIO* bio = NULL; X509* req = NULL; @@ -45873,6 +46010,14 @@ static void test_wolfSSL_d2i_X509_REQ(void) X509_free(req); BIO_free(bio); + + /* Run the same test, but with a file pointer instead of a BIO. + * (PEM_read_X509_REQ)*/ + AssertTrue((f = XFOPEN(csrDsaFile, "rb")) != XBADFILE); + AssertNotNull(PEM_read_X509_REQ(f, &req, NULL, NULL)); + AssertIntEQ(X509_REQ_verify(req, pub_key), 1); + + X509_free(req); EVP_PKEY_free(pub_key); } #endif /* !NO_DSA && !HAVE_SELFTEST */ @@ -49001,6 +49146,7 @@ void ApiTest(void) test_wolfSSL_X509_check_private_key(); test_wolfSSL_ASN1_TIME_print(); test_wolfSSL_ASN1_UTCTIME_print(); + test_wolfSSL_ASN1_TIME_diff(); test_wolfSSL_ASN1_GENERALIZEDTIME_free(); test_wolfSSL_private_keys(); test_wolfSSL_PEM_read_PrivateKey(); @@ -49092,6 +49238,7 @@ void ApiTest(void) test_wolfSSL_BUF(); test_wolfSSL_set_tlsext_status_type(); test_wolfSSL_ASN1_TIME_adj(); + test_wolfSSL_ASN1_TIME_to_tm(); test_wolfSSL_X509_cmp_time(); test_wolfSSL_X509_time_adj(); test_wolfSSL_CTX_set_client_CA_list(); @@ -49286,6 +49433,7 @@ void ApiTest(void) test_wolfSSL_X509V3_EXT_get(); test_wolfSSL_X509V3_EXT_nconf(); test_wolfSSL_X509V3_EXT(); + test_wolfSSL_X509_get_extension_flags(); test_wolfSSL_X509_get_ext(); test_wolfSSL_X509_get_ext_by_NID(); test_wolfSSL_X509_get_ext_subj_alt_name(); diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 191b85c1f..7842e397e 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -3949,6 +3949,7 @@ static const byte extExtKeyUsageOcspSignOid[] = {43, 6, 1, 5, 5, 7, 3, 9}; #ifdef WOLFSSL_CERT_REQ /* csrAttrType */ +static const byte attrUnstructuredNameOid[] = {42, 134, 72, 134, 247, 13, 1, 9, 2}; static const byte attrChallengePasswordOid[] = {42, 134, 72, 134, 247, 13, 1, 9, 7}; static const byte attrExtensionRequestOid[] = {42, 134, 72, 134, 247, 13, 1, 9, 14}; static const byte attrSerialNumberOid[] = {85, 4, 5}; @@ -4735,6 +4736,10 @@ const byte* OidFromId(word32 id, word32 type, word32* oidSz) #ifdef WOLFSSL_CERT_REQ case oidCsrAttrType: switch (id) { + case UNSTRUCTURED_NAME_OID: + oid = attrUnstructuredNameOid; + *oidSz = sizeof(attrUnstructuredNameOid); + break; case CHALLENGE_PASSWORD_OID: oid = attrChallengePasswordOid; *oidSz = sizeof(attrChallengePasswordOid); diff --git a/wolfssl/openssl/err.h b/wolfssl/openssl/err.h index 319b1872e..2a480b4f3 100644 --- a/wolfssl/openssl/err.h +++ b/wolfssl/openssl/err.h @@ -25,6 +25,7 @@ #include /* err.h for openssl */ +#define ERR_load_ERR_strings wolfSSL_ERR_load_ERR_strings #define ERR_load_crypto_strings wolfSSL_ERR_load_crypto_strings #define ERR_load_CRYPTO_strings wolfSSL_ERR_load_crypto_strings #define ERR_peek_last_error wolfSSL_ERR_peek_last_error diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 5db30e76d..31f0e62b1 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -237,7 +237,8 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define TLSv1_3_client_method wolfTLSv1_3_client_method #define TLS_method wolfSSLv23_method -#define X509_FILETYPE_ASN1 SSL_FILETYPE_ASN1 +#define X509_FILETYPE_ASN1 WOLFSSL_FILETYPE_ASN1 +#define X509_FILETYPE_DEFAULT WOLFSSL_FILETYPE_DEFAULT #define X509_F_X509_CHECK_PRIVATE_KEY 128 @@ -404,6 +405,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define d2i_X509 wolfSSL_d2i_X509 #define PEM_read_bio_X509 wolfSSL_PEM_read_bio_X509 #define PEM_read_bio_X509_REQ wolfSSL_PEM_read_bio_X509_REQ +#define PEM_read_X509_REQ wolfSSL_PEM_read_X509_REQ #define PEM_read_bio_X509_CRL wolfSSL_PEM_read_bio_X509_CRL #define PEM_read_bio_X509_AUX wolfSSL_PEM_read_bio_X509_AUX #define PEM_read_X509 wolfSSL_PEM_read_X509 @@ -437,6 +439,9 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define X509_load_certificate_file wolfSSL_X509_load_certificate_file #define X509_digest wolfSSL_X509_digest #define X509_pubkey_digest wolfSSL_X509_pubkey_digest +#define X509_get_extension_flags wolfSSL_X509_get_extension_flags +#define X509_get_key_usage wolfSSL_X509_get_key_usage +#define X509_get_extended_key_usage wolfSSL_X509_get_extended_key_usage #define X509_get_ext_count wolfSSL_X509_get_ext_count #define X509_get_ext_d2i wolfSSL_X509_get_ext_d2i #define X509V3_EXT_i2d wolfSSL_X509V3_EXT_i2d @@ -729,8 +734,12 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define BIO_do_connect wolfSSL_BIO_do_connect #define BIO_do_accept wolfSSL_BIO_do_accept #define BIO_do_handshake wolfSSL_BIO_do_handshake +#define BIO_ssl_shutdown wolfSSL_BIO_ssl_shutdown #define SSL_set_bio wolfSSL_set_bio #define BIO_set_ssl wolfSSL_BIO_set_ssl +#define BIO_get_ssl wolfSSL_BIO_get_ssl +#define BIO_new_ssl_connect wolfSSL_BIO_new_ssl_connect +#define BIO_set_conn_hostname wolfSSL_BIO_set_conn_hostname #define BIO_eof wolfSSL_BIO_eof #define BIO_set_ss wolfSSL_BIO_set_ss @@ -781,6 +790,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define ASN1_TIME_set wolfSSL_ASN1_TIME_set #define ASN1_TIME_set_string wolfSSL_ASN1_TIME_set_string #define ASN1_TIME_to_string wolfSSL_ASN1_TIME_to_string +#define ASN1_TIME_to_tm wolfSSL_ASN1_TIME_to_tm #define ASN1_GENERALIZEDTIME_print wolfSSL_ASN1_GENERALIZEDTIME_print #define ASN1_GENERALIZEDTIME_free wolfSSL_ASN1_GENERALIZEDTIME_free diff --git a/wolfssl/openssl/x509v3.h b/wolfssl/openssl/x509v3.h index 299685237..fa30dcc1b 100644 --- a/wolfssl/openssl/x509v3.h +++ b/wolfssl/openssl/x509v3.h @@ -31,6 +31,29 @@ extern "C" { #endif +#define EXFLAG_KUSAGE 0x2 +#define EXFLAG_XKUSAGE 0x4 + +#define KU_DIGITAL_SIGNATURE KEYUSE_DIGITAL_SIG +#define KU_NON_REPUDIATION KEYUSE_CONTENT_COMMIT +#define KU_KEY_ENCIPHERMENT KEYUSE_KEY_ENCIPHER +#define KU_DATA_ENCIPHERMENT KEYUSE_DATA_ENCIPHER +#define KU_KEY_AGREEMENT KEYUSE_KEY_AGREE +#define KU_KEY_CERT_SIGN KEYUSE_KEY_CERT_SIGN +#define KU_CRL_SIGN KEYUSE_CRL_SIGN +#define KU_ENCIPHER_ONLY KEYUSE_ENCIPHER_ONLY +#define KU_DECIPHER_ONLY KEYUSE_DECIPHER_ONLY + +#define XKU_SSL_SERVER 0x1 +#define XKU_SSL_CLIENT 0x2 +#define XKU_SMIME 0x4 +#define XKU_CODE_SIGN 0x8 +#define XKU_SGC 0x10 +#define XKU_OCSP_SIGN 0x20 +#define XKU_TIMESTAMP 0x40 +#define XKU_DVCS 0x80 +#define XKU_ANYEKU 0x100 + #define X509_PURPOSE_SSL_CLIENT 0 #define X509_PURPOSE_SSL_SERVER 1 diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index c523c8b67..9a8127242 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1503,6 +1503,7 @@ WOLFSSL_API int wolfSSL_BIO_meth_set_destroy(WOLFSSL_BIO_METHOD*, wolfSSL_BIO_me WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_mem_buf(const void* buf, int len); WOLFSSL_API long wolfSSL_BIO_set_ssl(WOLFSSL_BIO*, WOLFSSL*, int flag); +WOLFSSL_API long wolfSSL_BIO_get_ssl(WOLFSSL_BIO*, WOLFSSL**); #ifndef NO_FILESYSTEM WOLFSSL_API long wolfSSL_BIO_set_fd(WOLFSSL_BIO* b, int fd, int flag); #endif @@ -1519,11 +1520,14 @@ WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_socket(void); WOLFSSL_API WOLFSSL_BIO *wolfSSL_BIO_new_connect(const char *str); WOLFSSL_API WOLFSSL_BIO *wolfSSL_BIO_new_accept(const char *port); +WOLFSSL_API long wolfSSL_BIO_set_conn_hostname(WOLFSSL_BIO*, char*); WOLFSSL_API long wolfSSL_BIO_set_conn_port(WOLFSSL_BIO *b, char* port); WOLFSSL_API long wolfSSL_BIO_do_connect(WOLFSSL_BIO *b); WOLFSSL_API int wolfSSL_BIO_do_accept(WOLFSSL_BIO *b); +WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_ssl_connect(WOLFSSL_CTX*); WOLFSSL_API long wolfSSL_BIO_do_handshake(WOLFSSL_BIO *b); +WOLFSSL_API void wolfSSL_BIO_ssl_shutdown(WOLFSSL_BIO*); WOLFSSL_API long wolfSSL_BIO_ctrl(WOLFSSL_BIO *bp, int cmd, long larg, void *parg); WOLFSSL_API long wolfSSL_BIO_int_ctrl(WOLFSSL_BIO *bp, int cmd, long larg, int iarg); @@ -1797,6 +1801,7 @@ WOLFSSL_API int wolfSSL_ASN1_TIME_print(WOLFSSL_BIO*, const WOLFSSL_ASN1_TIME*); WOLFSSL_API char* wolfSSL_ASN1_TIME_to_string(WOLFSSL_ASN1_TIME* t, char* buf, int len); +WOLFSSL_API int wolfSSL_ASN1_TIME_to_tm(const WOLFSSL_ASN1_TIME*, struct tm*); WOLFSSL_API int wolfSSL_ASN1_INTEGER_cmp(const WOLFSSL_ASN1_INTEGER*, const WOLFSSL_ASN1_INTEGER*); WOLFSSL_API long wolfSSL_ASN1_INTEGER_get(const WOLFSSL_ASN1_INTEGER*); @@ -2137,6 +2142,15 @@ enum { X509_V_ERR_NO_EXPLICIT_POLICY, X509_V_ERR_UNNESTED_RESOURCE, X509_V_ERR_APPLICATION_VERIFICATION, + X509_V_ERR_CRL_PATH_VALIDATION_ERROR, + X509_V_ERR_DIFFERENT_CRL_SCOPE, + X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE, + X509_V_ERR_PERMITTED_VIOLATION, + X509_V_ERR_EXCLUDED_VIOLATION, + X509_V_ERR_SUBTREE_MINMAX, + X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE, + X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX, + X509_V_ERR_UNSUPPORTED_NAME_SYNTAX, X509_R_CERT_ALREADY_IN_HASH_TABLE, @@ -2440,8 +2454,8 @@ WOLFSSL_API int wolfSSL_ASN1_GENERALIZEDTIME_print(WOLFSSL_BIO*, const WOLFSSL_ASN1_GENERALIZEDTIME*); WOLFSSL_API void wolfSSL_ASN1_GENERALIZEDTIME_free(WOLFSSL_ASN1_GENERALIZEDTIME*); WOLFSSL_API int wolfSSL_ASN1_TIME_check(const WOLFSSL_ASN1_TIME*); -WOLFSSL_API int wolfSSL_ASN1_TIME_diff(int *pday, int *psec, - const WOLFSSL_ASN1_TIME *from, const WOLFSSL_ASN1_TIME *to); +WOLFSSL_API int wolfSSL_ASN1_TIME_diff(int*, int*, const WOLFSSL_ASN1_TIME*, + const WOLFSSL_ASN1_TIME*); #ifdef OPENSSL_EXTRA WOLFSSL_API WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_set(WOLFSSL_ASN1_TIME *s, time_t t); WOLFSSL_API int wolfSSL_ASN1_TIME_set_string(WOLFSSL_ASN1_TIME *s, const char *str); @@ -3841,6 +3855,9 @@ WOLFSSL_API void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, #if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) #ifndef NO_CERTS +WOLFSSL_API unsigned int wolfSSL_X509_get_extension_flags(WOLFSSL_X509*); +WOLFSSL_API unsigned int wolfSSL_X509_get_key_usage(WOLFSSL_X509*); +WOLFSSL_API unsigned int wolfSSL_X509_get_extended_key_usage(WOLFSSL_X509*); WOLFSSL_API int wolfSSL_X509_get_ext_count(const WOLFSSL_X509* passedCert); WOLFSSL_API int wolfSSL_X509_get_ext_by_NID(const WOLFSSL_X509 *x, int nid, int lastpos); WOLFSSL_API int wolfSSL_X509_add_ext(WOLFSSL_X509 *x, WOLFSSL_X509_EXTENSION *ex, int loc); @@ -3953,10 +3970,17 @@ WOLFSSL_API int wolfSSL_set_min_proto_version(WOLFSSL*, int); WOLFSSL_API int wolfSSL_set_max_proto_version(WOLFSSL*, int); WOLFSSL_API int wolfSSL_CTX_get_min_proto_version(WOLFSSL_CTX*); -WOLFSSL_API int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey); -WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u); +WOLFSSL_API int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, + WOLFSSL_EVP_PKEY *pkey); +WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509(WOLFSSL_BIO *bp, + WOLFSSL_X509 **x, pem_password_cb *cb, void *u); #ifdef WOLFSSL_CERT_REQ -WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_REQ(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u); +WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_REQ(WOLFSSL_BIO *bp, + WOLFSSL_X509 **x, pem_password_cb *cb, void *u); +#ifndef NO_FILESYSTEM +WOLFSSL_API WOLFSSL_X509* wolfSSL_PEM_read_X509_REQ(XFILE, WOLFSSL_X509**, + pem_password_cb*, void*); +#endif #endif WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_PEM_read_bio_X509_CRL(WOLFSSL_BIO *bp, WOLFSSL_X509_CRL **x, pem_password_cb *cb, void *u); @@ -4134,8 +4158,8 @@ WOLFSSL_API WOLFSSL_DH *wolfSSL_DH_generate_parameters(int prime_len, int genera WOLFSSL_API int wolfSSL_DH_generate_parameters_ex(WOLFSSL_DH*, int, int, void (*callback) (int, int, void *)); +WOLFSSL_API int wolfSSL_ERR_load_ERR_strings(void); WOLFSSL_API void wolfSSL_ERR_load_crypto_strings(void); - WOLFSSL_API unsigned long wolfSSL_ERR_peek_last_error(void); WOLFSSL_API int wolfSSL_FIPS_mode(void); diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 606661303..32fda9d22 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -677,6 +677,7 @@ enum NID_sha512 = 674, NID_sha512_224 = 1094, NID_sha512_256 = 1095, + NID_pkcs9_unstructuredName = 49, NID_pkcs9_challengePassword = 54, NID_hw_name_oid = 73, NID_id_pkix_OCSP_basic = 74, @@ -1095,6 +1096,7 @@ enum KeyIdType { #ifdef WOLFSSL_CERT_REQ enum CsrAttrType { + UNSTRUCTURED_NAME_OID = 654, CHALLENGE_PASSWORD_OID = 659, SERIAL_NUMBER_OID = 94, EXTENSION_REQUEST_OID = 666, diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h index 9f5683b63..751711130 100644 --- a/wolfssl/wolfcrypt/wc_port.h +++ b/wolfssl/wolfcrypt/wc_port.h @@ -1429,6 +1429,9 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); #ifdef __PPC__ #define TIME_T_NOT_64BIT #endif + + #define XMKTIME(tm) mktime(tm) + #define XDIFFTIME(to, from) difftime(to, from) #endif #ifdef SIZEOF_TIME_T