feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Add to the OpenSSL compatibility layer. (#4404)

Browse Source 
- X509_get_extension_flags
- X509_get_key_usage
- X509_get_extended_key_usage
- ASN1_TIME_to_tm
- ASN1_TIME_diff
- PEM_read_X509_REQ
- ERR_load_ERR_strings
- BIO_ssl_shutdown
- BIO_get_ssl
- BIO_new_ssl_connect
- BIO_set_conn_hostname
This commit is contained in:
Hayden Roche
2021-09-23 21:26:53 -05:00
committed by GitHub
parent 33cb823148
commit 24e2eded1e
9 changed files with 744 additions and 87 deletions
Download Patch File Download Diff File Expand all files Collapse all files

557
src/ssl.c
View File

@@ -8567,6 +8567,111 @@ int wolfSSL_check_private_key(const WOLFSSL* ssl)
}
#if defined(OPENSSL_ALL)
unsigned int wolfSSL_X509_get_extension_flags(WOLFSSL_X509* x509)
{
unsigned int flags = 0;
WOLFSSL_ENTER("wolfSSL_X509_get_extension_flags");
if (x509 != NULL) {
if (x509->keyUsageSet) {
flags |= EXFLAG_KUSAGE;
}
if (x509->extKeyUsageSrc != NULL) {
flags |= EXFLAG_XKUSAGE;
}
}
WOLFSSL_LEAVE("wolfSSL_X509_get_extension_flags", flags);
return flags;
}
unsigned int wolfSSL_X509_get_key_usage(WOLFSSL_X509* x509)
{
unsigned int ret = 0;
WOLFSSL_ENTER("wolfSSL_X509_get_key_usage");
if (x509 == NULL) {
WOLFSSL_MSG("x509 is NULL");
}
else {
if (x509->keyUsageSet) {
ret = wolfSSL_X509_get_keyUsage(x509);
}
else {
ret = (unsigned int)-1;
}
}
WOLFSSL_LEAVE("wolfSSL_X509_get_key_usage", ret);
return ret;
}
unsigned int wolfSSL_X509_get_extended_key_usage(WOLFSSL_X509* x509)
{
int ret = 0;
int rc;
word32 idx = 0;
word32 oid;
WOLFSSL_ENTER("wolfSSL_X509_get_extended_key_usage");
if (x509 == NULL) {
WOLFSSL_MSG("x509 is NULL");
}
else if (x509->extKeyUsageSrc != NULL) {
while (idx < x509->extKeyUsageSz) {
rc = GetObjectId(x509->extKeyUsageSrc, &idx, &oid,
oidCertKeyUseType, x509->extKeyUsageSz);
if (rc == ASN_UNKNOWN_OID_E) {
continue;
}
else if (rc < 0) {
WOLFSSL_MSG("GetObjectId failed");
ret = -1;
break;
}
switch (oid) {
case EKU_ANY_OID:
ret |= XKU_ANYEKU;
break;
case EKU_SERVER_AUTH_OID:
ret |= XKU_SSL_SERVER;
break;
case EKU_CLIENT_AUTH_OID:
ret |= XKU_SSL_CLIENT;
break;
case EKU_CODESIGNING_OID:
ret |= XKU_CODE_SIGN;
break;
case EKU_EMAILPROTECT_OID:
ret |= XKU_SMIME;
break;
case EKU_TIMESTAMP_OID:
ret |= XKU_TIMESTAMP;
break;
case EKU_OCSP_SIGN_OID:
ret |= XKU_OCSP_SIGN;
break;
default:
break;
}
}
}
else {
WOLFSSL_MSG("x509->extKeyUsageSrc is NULL");
ret = -1;
}
WOLFSSL_LEAVE("wolfSSL_X509_get_extended_key_usage", ret);
return (unsigned int)ret;
}
/* Returns the number of X509V3 extensions in X509 object, or 0 on failure */
int wolfSSL_X509_get_ext_count(const WOLFSSL_X509* passedCert)
{
@@ -26297,14 +26402,97 @@ int wolfSSL_X509_cmp_current_time(const WOLFSSL_ASN1_TIME* asnTime)
return wolfSSL_X509_cmp_time(asnTime, NULL);
}
/* Converts a WOLFSSL_ASN1_TIME to a struct tm. Returns WOLFSSL_SUCCESS on
* success and WOLFSSL_FAILURE on failure. */
static int Asn1TimeToTm(WOLFSSL_ASN1_TIME* asnTime, struct tm* tm)
{
unsigned char* asn1TimeBuf;
int asn1TimeBufLen;
int i = 0;
int bytesNeeded = 10;
if (asnTime == NULL) {
WOLFSSL_MSG("asnTime is NULL");
return WOLFSSL_FAILURE;
}
if (tm == NULL) {
WOLFSSL_MSG("tm is NULL");
return WOLFSSL_FAILURE;
}
asn1TimeBuf = wolfSSL_ASN1_TIME_get_data(asnTime);
if (asn1TimeBuf == NULL) {
WOLFSSL_MSG("Failed to get WOLFSSL_ASN1_TIME buffer.");
return WOLFSSL_FAILURE;
}
asn1TimeBufLen = wolfSSL_ASN1_TIME_get_length(asnTime);
if (asn1TimeBufLen <= 0) {
WOLFSSL_MSG("Failed to get WOLFSSL_ASN1_TIME buffer length.");
return WOLFSSL_FAILURE;
}
XMEMSET(tm, 0, sizeof(struct tm));
/* Convert ASN1_time to struct tm */
/* Check type */
if (asnTime->type == ASN_UTC_TIME) {
/* 2-digit year */
bytesNeeded += 2;
if (bytesNeeded > asn1TimeBufLen) {
WOLFSSL_MSG("WOLFSSL_ASN1_TIME buffer length is invalid.");
return WOLFSSL_FAILURE;
}
tm->tm_year = (asn1TimeBuf[i] - '0') * 10; i++;
tm->tm_year += asn1TimeBuf[i] - '0'; i++;
if (tm->tm_year < 70) {
tm->tm_year += 100;
}
}
else if (asnTime->type == ASN_GENERALIZED_TIME) {
/* 4-digit year */
bytesNeeded += 4;
if (bytesNeeded > asn1TimeBufLen) {
WOLFSSL_MSG("WOLFSSL_ASN1_TIME buffer length is invalid.");
return WOLFSSL_FAILURE;
}
tm->tm_year = (asn1TimeBuf[i] - '0') * 1000; i++;
tm->tm_year += (asn1TimeBuf[i] - '0') * 100; i++;
tm->tm_year += (asn1TimeBuf[i] - '0') * 10; i++;
tm->tm_year += asn1TimeBuf[i] - '0'; i++;
tm->tm_year -= 1900;
}
else {
WOLFSSL_MSG("asnTime->type is invalid.");
return WOLFSSL_FAILURE;
}
tm->tm_mon = (asn1TimeBuf[i] - '0') * 10; i++;
tm->tm_mon += (asn1TimeBuf[i] - '0') - 1; i++; /* January is 0 not 1 */
tm->tm_mday = (asn1TimeBuf[i] - '0') * 10; i++;
tm->tm_mday += (asn1TimeBuf[i] - '0'); i++;
tm->tm_hour = (asn1TimeBuf[i] - '0') * 10; i++;
tm->tm_hour += (asn1TimeBuf[i] - '0'); i++;
tm->tm_min = (asn1TimeBuf[i] - '0') * 10; i++;
tm->tm_min += (asn1TimeBuf[i] - '0'); i++;
tm->tm_sec = (asn1TimeBuf[i] - '0') * 10; i++;
tm->tm_sec += (asn1TimeBuf[i] - '0');
#ifdef XMKTIME
/* Call XMKTIME on tm to get the tm_wday and tm_yday fields populated. */
XMKTIME(tm);
#endif
return WOLFSSL_SUCCESS;
}
/* return -1 if asnTime is earlier than or equal to cmpTime, and 1 otherwise
* return 0 on error
*/
int wolfSSL_X509_cmp_time(const WOLFSSL_ASN1_TIME* asnTime, time_t* cmpTime)
{
int ret = WOLFSSL_FAILURE, i = 0;
int ret = WOLFSSL_FAILURE;
time_t tmpTime, *pTime = &tmpTime;
byte data_ptr[MAX_TIME_STRING_SZ], inv = 0;
struct tm ts, *tmpTs, *ct;
#if defined(NEED_TMP_TIME)
/* for use with gmtime_r */
@@ -26328,44 +26516,10 @@ int wolfSSL_X509_cmp_time(const WOLFSSL_ASN1_TIME* asnTime, time_t* cmpTime)
pTime = cmpTime;
}
/* Convert ASN1_time to time_t */
XMEMSET(&ts, 0, sizeof(struct tm));
/* Check type */
if (asnTime->type == ASN_UTC_TIME) {
/* 2-digit year */
XMEMCPY(data_ptr, &asnTime->data[i], ASN_UTC_TIME_SIZE);
ts.tm_year = (data_ptr[i] - '0') * 10; i++;
ts.tm_year += data_ptr[i] - '0'; i++;
if (ts.tm_year < 70) {
ts.tm_year += 100;
if (Asn1TimeToTm((WOLFSSL_ASN1_TIME*)asnTime, &ts) != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("Failed to convert WOLFSSL_ASN1_TIME to struct tm.");
return WOLFSSL_FAILURE;
}
}
else if (asnTime->type == ASN_GENERALIZED_TIME) {
/* 4-digit year */
XMEMCPY(data_ptr, &asnTime->data[i], ASN_GENERALIZED_TIME_SIZE);
ts.tm_year = (data_ptr[i] - '0') * 1000; i++;
ts.tm_year += (data_ptr[i] - '0') * 100; i++;
ts.tm_year += (data_ptr[i] - '0') * 10; i++;
ts.tm_year += data_ptr[i] - '0'; i++;
ts.tm_year -= 1900;
}
else {
/* Invalid type */
inv = 1;
}
if (inv != 1) {
ts.tm_mon = (data_ptr[i] - '0') * 10; i++;
ts.tm_mon += (data_ptr[i] - '0') - 1; i++; /* January is 0 not 1 */
ts.tm_mday = (data_ptr[i] - '0') * 10; i++;
ts.tm_mday += (data_ptr[i] - '0'); i++;
ts.tm_hour = (data_ptr[i] - '0') * 10; i++;
ts.tm_hour += (data_ptr[i] - '0'); i++;
ts.tm_min = (data_ptr[i] - '0') * 10; i++;
ts.tm_min += (data_ptr[i] - '0'); i++;
ts.tm_sec = (data_ptr[i] - '0') * 10; i++;
ts.tm_sec += (data_ptr[i] - '0');
/* Convert to time struct*/
ct = XGMTIME(pTime, tmpTs);
@@ -26375,7 +26529,6 @@ int wolfSSL_X509_cmp_time(const WOLFSSL_ASN1_TIME* asnTime, time_t* cmpTime)
/* DateGreaterThan returns 1 for >; 0 for <= */
ret = DateGreaterThan(&ts, ct) ? 1 : -1;
}
return ret;
}
@@ -26675,6 +26828,40 @@ char* wolfSSL_ASN1_TIME_to_string(WOLFSSL_ASN1_TIME* t, char* buf, int len)
return buf;
}
int wolfSSL_ASN1_TIME_to_tm(const WOLFSSL_ASN1_TIME* asnTime, struct tm* tm)
{
time_t currentTime;
WOLFSSL_ENTER("wolfSSL_ASN1_TIME_to_tm");
/* If asnTime is NULL, then the current time is converted. */
if (asnTime == NULL) {
if (tm == NULL) {
WOLFSSL_MSG("asnTime and tm are both NULL");
return WOLFSSL_FAILURE;
}
currentTime = XTIME(0);
if (currentTime < 0) {
WOLFSSL_MSG("Failed to get current time.");
return WOLFSSL_FAILURE;
}
if (XGMTIME(&currentTime, tm) == NULL) {
WOLFSSL_MSG("Failed to convert current time to UTC.");
return WOLFSSL_FAILURE;
}
return WOLFSSL_SUCCESS;
}
/* If tm is NULL this function performs a format check on asnTime only. */
if (tm == NULL) {
return wolfSSL_ASN1_TIME_check(asnTime);
}
return Asn1TimeToTm((WOLFSSL_ASN1_TIME*)asnTime, tm);
}
#endif /* !NO_ASN_TIME */
#endif /* WOLFSSL_MYSQL_COMPATIBLE || WOLFSSL_NGINX || WOLFSSL_HAPROXY ||
OPENSSL_EXTRA*/
@@ -29323,38 +29510,86 @@ int wolfSSL_ASN1_UTCTIME_print(WOLFSSL_BIO* bio, const WOLFSSL_ASN1_UTCTIME* a)
* returns WOLFSSL_SUCCESS (1) if correct otherwise WOLFSSL_FAILURE (0) */
int wolfSSL_ASN1_TIME_check(const WOLFSSL_ASN1_TIME* a)
{
#ifndef NO_ASN_TIME
char buf[MAX_TIME_STRING_SZ];
#endif
WOLFSSL_ENTER("wolfSSL_ASN1_TIME_check");
#ifndef NO_ASN_TIME
/* if can parse the WOLFSSL_ASN1_TIME passed in then consider syntax good */
if (wolfSSL_ASN1_TIME_to_string((WOLFSSL_ASN1_TIME*)a, buf,
MAX_TIME_STRING_SZ) == NULL) {
return WOLFSSL_FAILURE;
}
return WOLFSSL_SUCCESS;
#else
(void)a;
}
int wolfSSL_ASN1_TIME_diff(int *days, int *secs, const WOLFSSL_ASN1_TIME *from,
const WOLFSSL_ASN1_TIME *to)
{
#if defined(XMKTIME) && defined(XDIFFTIME)
const int SECS_PER_DAY = 24 * 60 * 60;
struct tm fromTm;
struct tm toTm;
time_t fromSecs;
time_t toSecs;
double diffSecs;
WOLFSSL_ENTER("wolfSSL_ASN1_TIME_diff");
if (days == NULL) {
WOLFSSL_MSG("days is NULL");
return WOLFSSL_FAILURE;
#endif
}
if (secs == NULL) {
WOLFSSL_MSG("secs is NULL");
return WOLFSSL_FAILURE;
}
if (from == NULL && to == NULL) {
*days = 0;
*secs = 0;
return WOLFSSL_SUCCESS;
}
if (from == NULL) {
fromSecs = XTIME(0);
XGMTIME(&fromSecs, &fromTm);
}
else if (wolfSSL_ASN1_TIME_to_tm(from, &fromTm) != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("Failed to convert from time to struct tm.");
return WOLFSSL_FAILURE;
}
fromSecs = XMKTIME(&fromTm);
if (fromSecs < 0) {
WOLFSSL_MSG("XMKTIME for from time failed.");
return WOLFSSL_FAILURE;
}
if (to == NULL) {
toSecs = XTIME(0);
XGMTIME(&toSecs, &toTm);
}
else if (wolfSSL_ASN1_TIME_to_tm(to, &toTm) != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("Failed to convert to time to struct tm.");
return WOLFSSL_FAILURE;
}
toSecs = XMKTIME(&toTm);
if (toSecs < 0) {
WOLFSSL_MSG("XMKTIME for to time failed.");
return WOLFSSL_FAILURE;
}
diffSecs = XDIFFTIME(toSecs, fromSecs);
*days = (int) (diffSecs / SECS_PER_DAY);
*secs = (int) (diffSecs - (*days * SECS_PER_DAY));
return WOLFSSL_SUCCESS;
#else
return WOLFSSL_FAILURE;
#endif /* XMKTIME && XDIFFTIME */
}
#endif /* !NO_ASN_TIME */
#ifndef NO_WOLFSSL_STUB
int wolfSSL_ASN1_TIME_diff(int *pday, int *psec,
const WOLFSSL_ASN1_TIME *from, const WOLFSSL_ASN1_TIME *to)
{
WOLFSSL_STUB("wolfSSL_ASN1_TIME_diff");
(void)pday;
(void)psec;
(void)from;
(void)to;
return 0;
}
WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_set(WOLFSSL_ASN1_TIME *s, time_t t)
{
WOLFSSL_STUB("wolfSSL_ASN1_TIME_set");
@@ -41914,7 +42149,46 @@ cleanup:
{
return loadX509orX509REQFromPemBio(bp, x, cb, u, CERTREQ_TYPE);
}
#endif
#ifndef NO_FILESYSTEM
WOLFSSL_X509* wolfSSL_PEM_read_X509_REQ(XFILE fp, WOLFSSL_X509** x,
pem_password_cb* cb, void* u)
{
int err = 0;
WOLFSSL_X509* ret = NULL;
WOLFSSL_BIO* bio = NULL;
WOLFSSL_ENTER("wolfSSL_PEM_read_X509_REQ");
if (fp == XBADFILE) {
WOLFSSL_MSG("Invalid file.");
err = 1;
}
if (err == 0) {
bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file());
if (bio == NULL) {
WOLFSSL_MSG("Failed to create new BIO with input file.");
err = 1;
}
}
if (err == 0 && wolfSSL_BIO_set_fp(bio, fp, BIO_CLOSE)
!= WOLFSSL_SUCCESS) {
WOLFSSL_MSG("Failed to set BIO file pointer.");
err = 1;
}
if (err == 0) {
ret = wolfSSL_PEM_read_bio_X509_REQ(bio, x, cb, u);
}
if (bio != NULL) {
wolfSSL_BIO_free(bio);
}
return ret;
}
#endif /* !NO_FILESYSTEM */
#endif /* WOLFSSL_CERT_REQ */
WOLFSSL_X509_CRL *wolfSSL_PEM_read_bio_X509_CRL(WOLFSSL_BIO *bp,
WOLFSSL_X509_CRL **x, pem_password_cb *cb, void *u)
@@ -45901,6 +46175,11 @@ int wolfSSL_DH_generate_parameters_ex(WOLFSSL_DH* dh, int prime_len, int generat
}
#endif /* WOLFSSL_KEY_GEN && !HAVE_SELFTEST */
int wolfSSL_ERR_load_ERR_strings(void)
{
return WOLFSSL_SUCCESS;
}
void wolfSSL_ERR_load_crypto_strings(void)
{
WOLFSSL_ENTER("wolfSSL_ERR_load_crypto_strings");
@@ -56505,6 +56784,14 @@ int wolfSSL_CONF_cmd(WOLFSSL_CONF_CTX* cctx, const char* cmd, const char* value)
return WOLFSSL_FAILURE;
}
while (b != NULL && b->type != WOLFSSL_BIO_SOCKET) {
b = b->next;
}
if (b == NULL) {
WOLFSSL_MSG("Failed to find socket BIO in chain.");
return WOLFSSL_FAILURE;
}
b->port = (word16)p;
return WOLFSSL_SUCCESS;
}
@@ -56627,6 +56914,38 @@ int wolfSSL_CONF_cmd(WOLFSSL_CONF_CTX* cctx, const char* cmd, const char* value)
}
}
void wolfSSL_BIO_ssl_shutdown(WOLFSSL_BIO* b)
{
int rc;
WOLFSSL_ENTER("wolfSSL_BIO_ssl_shutdown");
if (b == NULL) {
WOLFSSL_MSG("BIO is null.");
return;
}
while (b != NULL && b->type != WOLFSSL_BIO_SSL) {
b = b->next;
}
if (b == NULL) {
WOLFSSL_MSG("Failed to find SSL BIO in chain.");
return;
}
if (b->ptr != NULL) {
rc = wolfSSL_shutdown((WOLFSSL*)b->ptr);
if (rc == SSL_SHUTDOWN_NOT_DONE) {
/* In this case, call again to give us a chance to read the
* close notify alert from the other end. */
wolfSSL_shutdown((WOLFSSL*)b->ptr);
}
}
else {
WOLFSSL_MSG("BIO has no SSL pointer set.");
}
}
long wolfSSL_BIO_set_ssl(WOLFSSL_BIO* b, WOLFSSL* ssl, int closeF)
{
long ret = WOLFSSL_FAILURE;
@@ -56645,6 +56964,128 @@ int wolfSSL_CONF_cmd(WOLFSSL_CONF_CTX* cctx, const char* cmd, const char* value)
return ret;
}
long wolfSSL_BIO_get_ssl(WOLFSSL_BIO* bio, WOLFSSL** ssl)
{
WOLFSSL_ENTER("wolfSSL_BIO_get_ssl");
if (bio == NULL) {
WOLFSSL_MSG("bio is null.");
return WOLFSSL_FAILURE;
}
if (ssl == NULL) {
WOLFSSL_MSG("ssl is null.");
return WOLFSSL_FAILURE;
}
if (bio->type != WOLFSSL_BIO_SSL) {
WOLFSSL_MSG("bio type is not WOLFSSL_BIO_SSL.");
return WOLFSSL_FAILURE;
}
*ssl = (WOLFSSL*)bio->ptr;
return WOLFSSL_SUCCESS;
}
WOLFSSL_BIO* wolfSSL_BIO_new_ssl_connect(WOLFSSL_CTX* ctx)
{
WOLFSSL* ssl = NULL;
WOLFSSL_BIO* sslBio = NULL;
WOLFSSL_BIO* connBio = NULL;
int err = 0;
WOLFSSL_ENTER("wolfSSL_BIO_new_ssl_connect");
if (ctx == NULL) {
WOLFSSL_MSG("ctx is NULL.");
err = 1;
}
if (err == 0) {
ssl = wolfSSL_new(ctx);
if (ssl == NULL) {
WOLFSSL_MSG("Failed to create SSL object from ctx.");
err = 1;
}
}
if (err == 0) {
sslBio = wolfSSL_BIO_new(wolfSSL_BIO_f_ssl());
if (sslBio == NULL) {
WOLFSSL_MSG("Failed to create SSL BIO.");
err = 1;
}
}
if (err == 0 && wolfSSL_BIO_set_ssl(sslBio, ssl, BIO_CLOSE) !=
WOLFSSL_SUCCESS) {
WOLFSSL_MSG("Failed to set SSL pointer in BIO.");
err = 1;
}
if (err == 0) {
connBio = wolfSSL_BIO_new(wolfSSL_BIO_s_socket());
if (connBio == NULL) {
WOLFSSL_MSG("Failed to create connect BIO.");
err = 1;
}
else {
wolfSSL_BIO_push(sslBio, connBio);
}
}
if (err == 1) {
wolfSSL_free(ssl);
wolfSSL_BIO_free(sslBio);
wolfSSL_BIO_free(connBio);
}
return sslBio;
}
long wolfSSL_BIO_set_conn_hostname(WOLFSSL_BIO* b, char* name)
{
size_t currLen = 0;
size_t newLen = 0;
WOLFSSL_ENTER("wolfSSL_BIO_set_conn_hostname");
if (name == NULL) {
WOLFSSL_MSG("Hostname is NULL.");
return WOLFSSL_FAILURE;
}
while (b != NULL && b->type != WOLFSSL_BIO_SOCKET) {
b = b->next;
}
if (b == NULL) {
WOLFSSL_MSG("Failed to find socket BIO in chain.");
return WOLFSSL_FAILURE;
}
newLen = XSTRLEN(name);
if (b->ip == NULL) {
/* +1 for null char */
b->ip = (char*)XMALLOC(newLen + 1, b->heap, DYNAMIC_TYPE_OPENSSL);
if (b->ip == NULL) {
WOLFSSL_MSG("Hostname malloc failed.");
return WOLFSSL_FAILURE;
}
}
else {
currLen = XSTRLEN(b->ip);
if (currLen != newLen) {
b->ip = (char*)XREALLOC(b->ip, newLen + 1, b->heap,
DYNAMIC_TYPE_OPENSSL);
if (b->ip == NULL) {
WOLFSSL_MSG("Hostname realloc failed.");
return WOLFSSL_FAILURE;
}
}
}
XMEMCPY(b->ip, name, newLen);
b->ip[newLen] = '\0';
return WOLFSSL_SUCCESS;
}
#ifndef NO_FILESYSTEM
long wolfSSL_BIO_set_fd(WOLFSSL_BIO* b, int fd, int closeF)
{

178
tests/api.c
View File

@@ -29176,6 +29176,33 @@ static void test_wolfSSL_ASN1_UTCTIME_print(void)
#endif /* OPENSSL_EXTRA && !NO_ASN_TIME && !NO_BIO */
}
static void test_wolfSSL_ASN1_TIME_diff(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME)
ASN1_TIME* fromTime;
ASN1_TIME* toTime;
int daysDiff;
int secsDiff;
printf(testingFmt, "test_wolfSSL_ASN1_TIME_diff");
AssertNotNull((fromTime = ASN1_TIME_new()));
/* Feb 22, 2003, 21:15:15 */
AssertIntEQ(ASN1_TIME_set_string(fromTime, "030222211515Z"), 1);
AssertNotNull((toTime = ASN1_TIME_new()));
/* Dec 19, 2010, 18:10:11 */
AssertIntEQ(ASN1_TIME_set_string(toTime, "101219181011Z"), 1);
AssertIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, fromTime, toTime), 1);
AssertIntEQ(daysDiff, 2856);
AssertIntEQ(secsDiff, 75296);
ASN1_TIME_free(fromTime);
ASN1_TIME_free(toTime);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_ASN1_GENERALIZEDTIME_free(void)
{
@@ -34110,6 +34137,36 @@ static void test_wolfSSL_ASN1_TIME_adj(void)
}
static void test_wolfSSL_ASN1_TIME_to_tm(void)
{
#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || \
defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) \
&& !defined(NO_ASN_TIME)
ASN1_TIME asnTime;
struct tm tm;
printf(testingFmt, "wolfSSL_ASN1_TIME_to_tm()");
XMEMSET(&asnTime, 0, sizeof(ASN1_TIME));
AssertIntEQ(ASN1_TIME_set_string(&asnTime, "000222211515Z"), 1);
AssertIntEQ(ASN1_TIME_to_tm(&asnTime, &tm), 1);
AssertIntEQ(tm.tm_sec, 15);
AssertIntEQ(tm.tm_min, 15);
AssertIntEQ(tm.tm_hour, 21);
AssertIntEQ(tm.tm_mday, 22);
AssertIntEQ(tm.tm_mon, 1);
AssertIntEQ(tm.tm_year, 100);
AssertIntEQ(tm.tm_isdst, 0);
#ifdef XMKTIME
AssertIntEQ(tm.tm_wday, 2);
AssertIntEQ(tm.tm_yday, 52);
#endif
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_cmp_time(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) \
@@ -36608,10 +36665,11 @@ static void test_wolfSSL_BIO_connect(void)
tcp_ready ready;
func_args server_args;
THREAD_TYPE serverThread;
BIO *tcp_bio;
BIO *ssl_bio;
BIO *tcpBio;
BIO *sslBio;
SSL_CTX* ctx;
SSL *ssl;
SSL *sslPtr;
char msg[] = "hello wolfssl!";
char reply[30];
char buff[10] = {0};
@@ -36633,8 +36691,8 @@ static void test_wolfSSL_BIO_connect(void)
/* Start the test proper */
/* Setup the TCP BIO */
AssertNotNull(tcp_bio = BIO_new_connect(wolfSSLIP));
AssertIntEQ(BIO_set_conn_port(tcp_bio, buff), 1);
AssertNotNull(tcpBio = BIO_new_connect(wolfSSLIP));
AssertIntEQ(BIO_set_conn_port(tcpBio, buff), 1);
/* Setup the SSL object */
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
AssertIntEQ(WOLFSSL_SUCCESS,
@@ -36646,27 +36704,58 @@ static void test_wolfSSL_BIO_connect(void)
AssertNotNull(ssl = SSL_new(ctx));
SSL_set_connect_state(ssl);
/* Setup the SSL BIO */
AssertNotNull(ssl_bio = BIO_new(BIO_f_ssl()));
AssertIntEQ(BIO_set_ssl(ssl_bio, ssl, BIO_CLOSE), 1);
/* Link BIO's so that ssl_bio uses tcp_bio for IO */
AssertPtrEq(BIO_push(ssl_bio, tcp_bio), ssl_bio);
AssertNotNull(sslBio = BIO_new(BIO_f_ssl()));
AssertIntEQ(BIO_set_ssl(sslBio, ssl, BIO_CLOSE), 1);
/* Verify that BIO_get_ssl works. */
AssertIntEQ(BIO_get_ssl(sslBio, &sslPtr), 1);
AssertPtrEq(ssl, sslPtr);
/* Link BIO's so that sslBio uses tcpBio for IO */
AssertPtrEq(BIO_push(sslBio, tcpBio), sslBio);
/* Do TCP connect */
AssertIntEQ(BIO_do_connect(ssl_bio), 1);
AssertIntEQ(BIO_do_connect(sslBio), 1);
/* Do TLS handshake */
AssertIntEQ(BIO_do_handshake(ssl_bio), 1);
AssertIntEQ(BIO_do_handshake(sslBio), 1);
/* Test writing */
AssertIntEQ(BIO_write(ssl_bio, msg, sizeof(msg)), sizeof(msg));
AssertIntEQ(BIO_write(sslBio, msg, sizeof(msg)), sizeof(msg));
/* Expect length of default wolfSSL reply */
AssertIntEQ(BIO_read(ssl_bio, reply, sizeof(reply)), 23);
AssertIntEQ(BIO_read(sslBio, reply, sizeof(reply)), 23);
/* Clean it all up */
BIO_free_all(ssl_bio);
SSL_CTX_free(ctx);
BIO_free_all(sslBio);
/* Server clean up */
join_thread(serverThread);
FreeTcpReady(&ready);
/* Run the same test, but use BIO_new_ssl_connect and set the IP and port
* after. */
XMEMSET(&server_args, 0, sizeof(func_args));
StartTCP();
InitTcpReady(&ready);
#if defined(USE_WINDOWS_API)
/* use RNG to get random port if using windows */
ready.port = GetRandomPort();
#endif
server_args.signal = &ready;
start_thread(test_server_nofail, &server_args, &serverThread);
wait_tcp_ready(&server_args);
AssertIntGT(XSPRINTF(buff, "%d", ready.port), 0);
AssertNotNull(sslBio = BIO_new_ssl_connect(ctx));
AssertIntEQ(BIO_set_conn_hostname(sslBio, (char*)wolfSSLIP), 1);
AssertIntEQ(BIO_set_conn_port(sslBio, buff), 1);
AssertIntEQ(BIO_do_connect(sslBio), 1);
AssertIntEQ(BIO_do_handshake(sslBio), 1);
AssertIntEQ(BIO_write(sslBio, msg, sizeof(msg)), sizeof(msg));
AssertIntEQ(BIO_read(sslBio, reply, sizeof(reply)), 23);
/* Attempt to close the TLS connection gracefully. */
BIO_ssl_shutdown(sslBio);
BIO_free_all(sslBio);
join_thread(serverThread);
FreeTcpReady(&ready);
SSL_CTX_free(ctx);
#if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS)
wc_ecc_fp_free(); /* free per thread cache */
#endif
@@ -42247,6 +42336,53 @@ static void test_wolfSSL_X509V3_EXT(void) {
#endif
}
static void test_wolfSSL_X509_get_extension_flags(void)
{
#ifdef OPENSSL_ALL
XFILE f;
X509* x509;
unsigned int extFlags;
unsigned int keyUsageFlags;
unsigned int extKeyUsageFlags;
printf(testingFmt, "test_wolfSSL_X509_get_extension_flags");
/* client-int-cert.pem has the following extension flags. */
extFlags = EXFLAG_KUSAGE | EXFLAG_XKUSAGE;
/* and the following key usage flags. */
keyUsageFlags = KU_DIGITAL_SIGNATURE
| KU_NON_REPUDIATION
| KU_KEY_ENCIPHERMENT;
/* and the following extended key usage flags. */
extKeyUsageFlags = XKU_SSL_CLIENT | XKU_SMIME;
f = XFOPEN("./certs/intermediate/client-int-cert.pem", "rb");
AssertTrue(f != XBADFILE);
AssertNotNull(x509 = PEM_read_X509(f, NULL, NULL, NULL));
XFCLOSE(f);
AssertIntEQ(X509_get_extension_flags(x509), extFlags);
AssertIntEQ(X509_get_key_usage(x509), keyUsageFlags);
AssertIntEQ(X509_get_extended_key_usage(x509), extKeyUsageFlags);
X509_free(x509);
/* client-cert-ext.pem has the following extension flags. */
extFlags = EXFLAG_KUSAGE;
/* and the following key usage flags. */
keyUsageFlags = KU_DIGITAL_SIGNATURE
| KU_KEY_CERT_SIGN
| KU_CRL_SIGN;
AssertNotNull(f = fopen("./certs/client-cert-ext.pem", "rb"));
AssertNotNull(x509 = PEM_read_X509(f, NULL, NULL, NULL));
XFCLOSE(f);
AssertIntEQ(X509_get_extension_flags(x509), extFlags);
AssertIntEQ(X509_get_key_usage(x509), keyUsageFlags);
X509_free(x509);
printf(resultFmt, passed);
#endif /* OPENSSL_ALL */
}
static void test_wolfSSL_X509_get_ext(void){
#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA)
int ret = 0;
@@ -45756,6 +45892,7 @@ static void test_wolfSSL_d2i_X509_REQ(void)
*/
#if !defined(NO_DSA) && !defined(HAVE_SELFTEST)
const char* csrDsaFile = "./certs/csr.dsa.pem";
XFILE f;
#endif
BIO* bio = NULL;
X509* req = NULL;
@@ -45873,6 +46010,14 @@ static void test_wolfSSL_d2i_X509_REQ(void)
X509_free(req);
BIO_free(bio);
/* Run the same test, but with a file pointer instead of a BIO.
* (PEM_read_X509_REQ)*/
AssertTrue((f = XFOPEN(csrDsaFile, "rb")) != XBADFILE);
AssertNotNull(PEM_read_X509_REQ(f, &req, NULL, NULL));
AssertIntEQ(X509_REQ_verify(req, pub_key), 1);
X509_free(req);
EVP_PKEY_free(pub_key);
}
#endif /* !NO_DSA && !HAVE_SELFTEST */
@@ -49001,6 +49146,7 @@ void ApiTest(void)
test_wolfSSL_X509_check_private_key();
test_wolfSSL_ASN1_TIME_print();
test_wolfSSL_ASN1_UTCTIME_print();
test_wolfSSL_ASN1_TIME_diff();
test_wolfSSL_ASN1_GENERALIZEDTIME_free();
test_wolfSSL_private_keys();
test_wolfSSL_PEM_read_PrivateKey();
@@ -49092,6 +49238,7 @@ void ApiTest(void)
test_wolfSSL_BUF();
test_wolfSSL_set_tlsext_status_type();
test_wolfSSL_ASN1_TIME_adj();
test_wolfSSL_ASN1_TIME_to_tm();
test_wolfSSL_X509_cmp_time();
test_wolfSSL_X509_time_adj();
test_wolfSSL_CTX_set_client_CA_list();
@@ -49286,6 +49433,7 @@ void ApiTest(void)
test_wolfSSL_X509V3_EXT_get();
test_wolfSSL_X509V3_EXT_nconf();
test_wolfSSL_X509V3_EXT();
test_wolfSSL_X509_get_extension_flags();
test_wolfSSL_X509_get_ext();
test_wolfSSL_X509_get_ext_by_NID();
test_wolfSSL_X509_get_ext_subj_alt_name();

5
wolfcrypt/src/asn.c
View File

@@ -3949,6 +3949,7 @@ static const byte extExtKeyUsageOcspSignOid[] = {43, 6, 1, 5, 5, 7, 3, 9};
#ifdef WOLFSSL_CERT_REQ
/* csrAttrType */
static const byte attrUnstructuredNameOid[] = {42, 134, 72, 134, 247, 13, 1, 9, 2};
static const byte attrChallengePasswordOid[] = {42, 134, 72, 134, 247, 13, 1, 9, 7};
static const byte attrExtensionRequestOid[] = {42, 134, 72, 134, 247, 13, 1, 9, 14};
static const byte attrSerialNumberOid[] = {85, 4, 5};
@@ -4735,6 +4736,10 @@ const byte* OidFromId(word32 id, word32 type, word32* oidSz)
#ifdef WOLFSSL_CERT_REQ
case oidCsrAttrType:
switch (id) {
case UNSTRUCTURED_NAME_OID:
oid = attrUnstructuredNameOid;
*oidSz = sizeof(attrUnstructuredNameOid);
break;
case CHALLENGE_PASSWORD_OID:
oid = attrChallengePasswordOid;
*oidSz = sizeof(attrChallengePasswordOid);

1
wolfssl/openssl/err.h
View File

@@ -25,6 +25,7 @@
#include <wolfssl/wolfcrypt/logging.h>
/* err.h for openssl */
#define ERR_load_ERR_strings wolfSSL_ERR_load_ERR_strings
#define ERR_load_crypto_strings wolfSSL_ERR_load_crypto_strings
#define ERR_load_CRYPTO_strings wolfSSL_ERR_load_crypto_strings
#define ERR_peek_last_error wolfSSL_ERR_peek_last_error

12
wolfssl/openssl/ssl.h
View File

@@ -237,7 +237,8 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define TLSv1_3_client_method wolfTLSv1_3_client_method
#define TLS_method wolfSSLv23_method
#define X509_FILETYPE_ASN1 SSL_FILETYPE_ASN1
#define X509_FILETYPE_ASN1 WOLFSSL_FILETYPE_ASN1
#define X509_FILETYPE_DEFAULT WOLFSSL_FILETYPE_DEFAULT
#define X509_F_X509_CHECK_PRIVATE_KEY 128
@@ -404,6 +405,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define d2i_X509 wolfSSL_d2i_X509
#define PEM_read_bio_X509 wolfSSL_PEM_read_bio_X509
#define PEM_read_bio_X509_REQ wolfSSL_PEM_read_bio_X509_REQ
#define PEM_read_X509_REQ wolfSSL_PEM_read_X509_REQ
#define PEM_read_bio_X509_CRL wolfSSL_PEM_read_bio_X509_CRL
#define PEM_read_bio_X509_AUX wolfSSL_PEM_read_bio_X509_AUX
#define PEM_read_X509 wolfSSL_PEM_read_X509
@@ -437,6 +439,9 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define X509_load_certificate_file wolfSSL_X509_load_certificate_file
#define X509_digest wolfSSL_X509_digest
#define X509_pubkey_digest wolfSSL_X509_pubkey_digest
#define X509_get_extension_flags wolfSSL_X509_get_extension_flags
#define X509_get_key_usage wolfSSL_X509_get_key_usage
#define X509_get_extended_key_usage wolfSSL_X509_get_extended_key_usage
#define X509_get_ext_count wolfSSL_X509_get_ext_count
#define X509_get_ext_d2i wolfSSL_X509_get_ext_d2i
#define X509V3_EXT_i2d wolfSSL_X509V3_EXT_i2d
@@ -729,8 +734,12 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#define BIO_do_connect wolfSSL_BIO_do_connect
#define BIO_do_accept wolfSSL_BIO_do_accept
#define BIO_do_handshake wolfSSL_BIO_do_handshake
#define BIO_ssl_shutdown wolfSSL_BIO_ssl_shutdown
#define SSL_set_bio wolfSSL_set_bio
#define BIO_set_ssl wolfSSL_BIO_set_ssl
#define BIO_get_ssl wolfSSL_BIO_get_ssl
#define BIO_new_ssl_connect wolfSSL_BIO_new_ssl_connect
#define BIO_set_conn_hostname wolfSSL_BIO_set_conn_hostname
#define BIO_eof wolfSSL_BIO_eof
#define BIO_set_ss wolfSSL_BIO_set_ss
@@ -781,6 +790,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#define ASN1_TIME_set wolfSSL_ASN1_TIME_set
#define ASN1_TIME_set_string wolfSSL_ASN1_TIME_set_string
#define ASN1_TIME_to_string wolfSSL_ASN1_TIME_to_string
#define ASN1_TIME_to_tm wolfSSL_ASN1_TIME_to_tm
#define ASN1_GENERALIZEDTIME_print wolfSSL_ASN1_GENERALIZEDTIME_print
#define ASN1_GENERALIZEDTIME_free wolfSSL_ASN1_GENERALIZEDTIME_free

23
wolfssl/openssl/x509v3.h
View File

@@ -31,6 +31,29 @@
extern "C" {
#endif
#define EXFLAG_KUSAGE 0x2
#define EXFLAG_XKUSAGE 0x4
#define KU_DIGITAL_SIGNATURE KEYUSE_DIGITAL_SIG
#define KU_NON_REPUDIATION KEYUSE_CONTENT_COMMIT
#define KU_KEY_ENCIPHERMENT KEYUSE_KEY_ENCIPHER
#define KU_DATA_ENCIPHERMENT KEYUSE_DATA_ENCIPHER
#define KU_KEY_AGREEMENT KEYUSE_KEY_AGREE
#define KU_KEY_CERT_SIGN KEYUSE_KEY_CERT_SIGN
#define KU_CRL_SIGN KEYUSE_CRL_SIGN
#define KU_ENCIPHER_ONLY KEYUSE_ENCIPHER_ONLY
#define KU_DECIPHER_ONLY KEYUSE_DECIPHER_ONLY
#define XKU_SSL_SERVER 0x1
#define XKU_SSL_CLIENT 0x2
#define XKU_SMIME 0x4
#define XKU_CODE_SIGN 0x8
#define XKU_SGC 0x10
#define XKU_OCSP_SIGN 0x20
#define XKU_TIMESTAMP 0x40
#define XKU_DVCS 0x80
#define XKU_ANYEKU 0x100
#define X509_PURPOSE_SSL_CLIENT 0
#define X509_PURPOSE_SSL_SERVER 1

36
wolfssl/ssl.h
View File

@@ -1503,6 +1503,7 @@ WOLFSSL_API int wolfSSL_BIO_meth_set_destroy(WOLFSSL_BIO_METHOD*, wolfSSL_BIO_me
WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_mem_buf(const void* buf, int len);
WOLFSSL_API long wolfSSL_BIO_set_ssl(WOLFSSL_BIO*, WOLFSSL*, int flag);
WOLFSSL_API long wolfSSL_BIO_get_ssl(WOLFSSL_BIO*, WOLFSSL**);
#ifndef NO_FILESYSTEM
WOLFSSL_API long wolfSSL_BIO_set_fd(WOLFSSL_BIO* b, int fd, int flag);
#endif
@@ -1519,11 +1520,14 @@ WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_socket(void);
WOLFSSL_API WOLFSSL_BIO *wolfSSL_BIO_new_connect(const char *str);
WOLFSSL_API WOLFSSL_BIO *wolfSSL_BIO_new_accept(const char *port);
WOLFSSL_API long wolfSSL_BIO_set_conn_hostname(WOLFSSL_BIO*, char*);
WOLFSSL_API long wolfSSL_BIO_set_conn_port(WOLFSSL_BIO *b, char* port);
WOLFSSL_API long wolfSSL_BIO_do_connect(WOLFSSL_BIO *b);
WOLFSSL_API int wolfSSL_BIO_do_accept(WOLFSSL_BIO *b);
WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_ssl_connect(WOLFSSL_CTX*);
WOLFSSL_API long wolfSSL_BIO_do_handshake(WOLFSSL_BIO *b);
WOLFSSL_API void wolfSSL_BIO_ssl_shutdown(WOLFSSL_BIO*);
WOLFSSL_API long wolfSSL_BIO_ctrl(WOLFSSL_BIO *bp, int cmd, long larg, void *parg);
WOLFSSL_API long wolfSSL_BIO_int_ctrl(WOLFSSL_BIO *bp, int cmd, long larg, int iarg);
@@ -1797,6 +1801,7 @@ WOLFSSL_API int wolfSSL_ASN1_TIME_print(WOLFSSL_BIO*, const WOLFSSL_ASN1_TIME*);
WOLFSSL_API char* wolfSSL_ASN1_TIME_to_string(WOLFSSL_ASN1_TIME* t,
char* buf, int len);
WOLFSSL_API int wolfSSL_ASN1_TIME_to_tm(const WOLFSSL_ASN1_TIME*, struct tm*);
WOLFSSL_API int wolfSSL_ASN1_INTEGER_cmp(const WOLFSSL_ASN1_INTEGER*,
const WOLFSSL_ASN1_INTEGER*);
WOLFSSL_API long wolfSSL_ASN1_INTEGER_get(const WOLFSSL_ASN1_INTEGER*);
@@ -2137,6 +2142,15 @@ enum {
X509_V_ERR_NO_EXPLICIT_POLICY,
X509_V_ERR_UNNESTED_RESOURCE,
X509_V_ERR_APPLICATION_VERIFICATION,
X509_V_ERR_CRL_PATH_VALIDATION_ERROR,
X509_V_ERR_DIFFERENT_CRL_SCOPE,
X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE,
X509_V_ERR_PERMITTED_VIOLATION,
X509_V_ERR_EXCLUDED_VIOLATION,
X509_V_ERR_SUBTREE_MINMAX,
X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE,
X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX,
X509_V_ERR_UNSUPPORTED_NAME_SYNTAX,
X509_R_CERT_ALREADY_IN_HASH_TABLE,
@@ -2440,8 +2454,8 @@ WOLFSSL_API int wolfSSL_ASN1_GENERALIZEDTIME_print(WOLFSSL_BIO*,
const WOLFSSL_ASN1_GENERALIZEDTIME*);
WOLFSSL_API void wolfSSL_ASN1_GENERALIZEDTIME_free(WOLFSSL_ASN1_GENERALIZEDTIME*);
WOLFSSL_API int wolfSSL_ASN1_TIME_check(const WOLFSSL_ASN1_TIME*);
WOLFSSL_API int wolfSSL_ASN1_TIME_diff(int *pday, int *psec,
const WOLFSSL_ASN1_TIME *from, const WOLFSSL_ASN1_TIME *to);
WOLFSSL_API int wolfSSL_ASN1_TIME_diff(int*, int*, const WOLFSSL_ASN1_TIME*,
const WOLFSSL_ASN1_TIME*);
#ifdef OPENSSL_EXTRA
WOLFSSL_API WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_set(WOLFSSL_ASN1_TIME *s, time_t t);
WOLFSSL_API int wolfSSL_ASN1_TIME_set_string(WOLFSSL_ASN1_TIME *s, const char *str);
@@ -3841,6 +3855,9 @@ WOLFSSL_API void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509,
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
#ifndef NO_CERTS
WOLFSSL_API unsigned int wolfSSL_X509_get_extension_flags(WOLFSSL_X509*);
WOLFSSL_API unsigned int wolfSSL_X509_get_key_usage(WOLFSSL_X509*);
WOLFSSL_API unsigned int wolfSSL_X509_get_extended_key_usage(WOLFSSL_X509*);
WOLFSSL_API int wolfSSL_X509_get_ext_count(const WOLFSSL_X509* passedCert);
WOLFSSL_API int wolfSSL_X509_get_ext_by_NID(const WOLFSSL_X509 *x, int nid, int lastpos);
WOLFSSL_API int wolfSSL_X509_add_ext(WOLFSSL_X509 *x, WOLFSSL_X509_EXTENSION *ex, int loc);
@@ -3953,10 +3970,17 @@ WOLFSSL_API int wolfSSL_set_min_proto_version(WOLFSSL*, int);
WOLFSSL_API int wolfSSL_set_max_proto_version(WOLFSSL*, int);
WOLFSSL_API int wolfSSL_CTX_get_min_proto_version(WOLFSSL_CTX*);
WOLFSSL_API int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey);
WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u);
WOLFSSL_API int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx,
WOLFSSL_EVP_PKEY *pkey);
WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509(WOLFSSL_BIO *bp,
WOLFSSL_X509 **x, pem_password_cb *cb, void *u);
#ifdef WOLFSSL_CERT_REQ
WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_REQ(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u);
WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_REQ(WOLFSSL_BIO *bp,
WOLFSSL_X509 **x, pem_password_cb *cb, void *u);
#ifndef NO_FILESYSTEM
WOLFSSL_API WOLFSSL_X509* wolfSSL_PEM_read_X509_REQ(XFILE, WOLFSSL_X509**,
pem_password_cb*, void*);
#endif
#endif
WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_PEM_read_bio_X509_CRL(WOLFSSL_BIO *bp,
WOLFSSL_X509_CRL **x, pem_password_cb *cb, void *u);
@@ -4134,8 +4158,8 @@ WOLFSSL_API WOLFSSL_DH *wolfSSL_DH_generate_parameters(int prime_len, int genera
WOLFSSL_API int wolfSSL_DH_generate_parameters_ex(WOLFSSL_DH*, int, int,
void (*callback) (int, int, void *));
WOLFSSL_API int wolfSSL_ERR_load_ERR_strings(void);
WOLFSSL_API void wolfSSL_ERR_load_crypto_strings(void);
WOLFSSL_API unsigned long wolfSSL_ERR_peek_last_error(void);
WOLFSSL_API int wolfSSL_FIPS_mode(void);

2
wolfssl/wolfcrypt/asn.h
View File

@@ -677,6 +677,7 @@ enum
NID_sha512 = 674,
NID_sha512_224 = 1094,
NID_sha512_256 = 1095,
NID_pkcs9_unstructuredName = 49,
NID_pkcs9_challengePassword = 54,
NID_hw_name_oid = 73,
NID_id_pkix_OCSP_basic = 74,
@@ -1095,6 +1096,7 @@ enum KeyIdType {
#ifdef WOLFSSL_CERT_REQ
enum CsrAttrType {
UNSTRUCTURED_NAME_OID = 654,
CHALLENGE_PASSWORD_OID = 659,
SERIAL_NUMBER_OID = 94,
EXTENSION_REQUEST_OID = 666,

3
wolfssl/wolfcrypt/wc_port.h
View File

@@ -1429,6 +1429,9 @@ WOLFSSL_API int wolfCrypt_Cleanup(void);
#ifdef __PPC__
#define TIME_T_NOT_64BIT
#endif
#define XMKTIME(tm) mktime(tm)
#define XDIFFTIME(to, from) difftime(to, from)
#endif
#ifdef SIZEOF_TIME_T