diff --git a/src/internal.c b/src/internal.c index c587ea27b..271352518 100644 --- a/src/internal.c +++ b/src/internal.c @@ -3457,7 +3457,7 @@ void FreeX509(WOLFSSL_X509* x509) x509->key.pkey = NULL; } #endif /* OPENSSL_ALL */ - #ifdef WOLFSSL_CERT_REQ + #if defined(WOLFSSL_CERT_REQ) && defined(OPENSSL_ALL) if (x509->challengePwAttr) { wolfSSL_X509_ATTRIBUTE_free(x509->challengePwAttr); } @@ -9609,6 +9609,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) if (dCert->cPwdLen < CTC_NAME_SIZE) { XMEMCPY(x509->challengePw, dCert->cPwd, dCert->cPwdLen); x509->challengePw[dCert->cPwdLen] = '\0'; +#ifdef OPENSSL_ALL if (x509->challengePwAttr) { wolfSSL_X509_ATTRIBUTE_free(x509->challengePwAttr); } @@ -9626,6 +9627,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) else { ret = MEMORY_E; } +#endif } else { WOLFSSL_MSG("Challenge password too long"); diff --git a/src/ssl.c b/src/ssl.c index 77141f26e..ad7f8af0b 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -1686,7 +1686,7 @@ int wolfSSL_SetMinEccKey_Sz(WOLFSSL* ssl, short keySz) return WOLFSSL_SUCCESS; } -#endif /* !NO_RSA */ +#endif /* HAVE_ECC */ #ifndef NO_RSA int wolfSSL_CTX_SetMinRsaKey_Sz(WOLFSSL_CTX* ctx, short keySz) @@ -8803,6 +8803,102 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) return ext; } +/** + * @param str String to copy + * @param buf Output buffer. If this contains a pointer then it is free'd + * with the DYNAMIC_TYPE_X509_EXT hint. + * @param len Output length + * @return WOLFSSL_SUCCESS on sucess and WOLFSSL_FAILURE on error + */ +static int asn1_string_copy_to_buffer(WOLFSSL_ASN1_STRING* str, byte** buf, + word32* len, void* heap) { + if (!str || !buf || !len) { + return WOLFSSL_FAILURE; + } + if (str->data && str->length > 0) { + if (*buf) + XFREE(*buf, heap, DYNAMIC_TYPE_X509_EXT); + *len = 0; + *buf = (byte*)XMALLOC(str->length, heap, + DYNAMIC_TYPE_X509_EXT); + if (!*buf) { + WOLFSSL_MSG("malloc error"); + return WOLFSSL_FAILURE; + } + *len = str->length; + XMEMCPY(*buf, str->data, str->length); + } + return WOLFSSL_SUCCESS; +} + +int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext, int loc) +{ + WOLFSSL_ENTER("wolfSSL_X509_add_ext"); + + if (!x509 || !ext || !ext->obj || loc >= 0) { + WOLFSSL_MSG("Bad parameter"); + return WOLFSSL_FAILURE; + } + + switch (ext->obj->type) { + case NID_authority_key_identifier: + if (asn1_string_copy_to_buffer(&ext->value, &x509->authKeyId, + &x509->authKeyIdSz, x509->heap) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("asn1_string_copy_to_buffer error"); + return WOLFSSL_FAILURE; + } + x509->authKeyIdCrit = ext->crit; + break; + case NID_subject_key_identifier: + if (asn1_string_copy_to_buffer(&ext->value, &x509->subjKeyId, + &x509->subjKeyIdSz, x509->heap) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("asn1_string_copy_to_buffer error"); + return WOLFSSL_FAILURE; + } + x509->subjKeyIdCrit = ext->crit; + break; + case NID_subject_alt_name: + { + WOLFSSL_GENERAL_NAMES* gns = ext->ext_sk; + while (gns) { + WOLFSSL_GENERAL_NAME* gn = gns->data.gn; + if (!gn || !gn->d.ia5 || + wolfSSL_X509_add_altname_ex(x509, gn->d.ia5->data, + gn->d.ia5->length, gn->type) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("Subject alternative name missing extension"); + return WOLFSSL_FAILURE; + } + gns = gns->next; + } + x509->subjAltNameSet = 1; + x509->subjAltNameCrit = ext->crit; + break; + } + case NID_key_usage: + if (ext && ext->value.data && + ext->value.length == sizeof(word16)) { + x509->keyUsage = *(word16*)ext->value.data; + x509->keyUsageCrit = ext->crit; + x509->keyUsageSet = 1; + } + break; + case NID_basic_constraints: + if (ext->obj) { + x509->isCa = ext->obj->ca; + x509->basicConstCrit = ext->crit; + if (ext->obj->pathlen) + x509->pathLength = ext->obj->pathlen->length; + x509->basicConstSet = 1; + } + break; + default: + WOLFSSL_MSG("Unsupported extension to add"); + return WOLFSSL_FAILURE; + } + + return WOLFSSL_SUCCESS; +} + #ifndef NO_BIO /* Return 0 on success and 1 on failure. Copies ext data to bio, using indent * to pad the output. flag is ignored. */ @@ -9911,102 +10007,6 @@ int wolfSSL_X509_add_altname(WOLFSSL_X509* x509, const char* name, int type) return wolfSSL_X509_add_altname_ex(x509, name, nameSz, type); } -/** - * @param str String to copy - * @param buf Output buffer. If this contains a pointer then it is free'd - * with the DYNAMIC_TYPE_X509_EXT hint. - * @param len Output length - * @return WOLFSSL_SUCCESS on sucess and WOLFSSL_FAILURE on error - */ -static int asn1_string_copy_to_buffer(WOLFSSL_ASN1_STRING* str, byte** buf, - word32* len, void* heap) { - if (!str || !buf || !len) { - return WOLFSSL_FAILURE; - } - if (str->data && str->length > 0) { - if (*buf) - XFREE(*buf, heap, DYNAMIC_TYPE_X509_EXT); - *len = 0; - *buf = (byte*)XMALLOC(str->length, heap, - DYNAMIC_TYPE_X509_EXT); - if (!*buf) { - WOLFSSL_MSG("malloc error"); - return WOLFSSL_FAILURE; - } - *len = str->length; - XMEMCPY(*buf, str->data, str->length); - } - return WOLFSSL_SUCCESS; -} - -int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext, int loc) -{ - WOLFSSL_ENTER("wolfSSL_X509_add_ext"); - - if (!x509 || !ext || !ext->obj || loc >= 0) { - WOLFSSL_MSG("Bad parameter"); - return WOLFSSL_FAILURE; - } - - switch (ext->obj->type) { - case NID_authority_key_identifier: - if (asn1_string_copy_to_buffer(&ext->value, &x509->authKeyId, - &x509->authKeyIdSz, x509->heap) != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("asn1_string_copy_to_buffer error"); - return WOLFSSL_FAILURE; - } - x509->authKeyIdCrit = ext->crit; - break; - case NID_subject_key_identifier: - if (asn1_string_copy_to_buffer(&ext->value, &x509->subjKeyId, - &x509->subjKeyIdSz, x509->heap) != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("asn1_string_copy_to_buffer error"); - return WOLFSSL_FAILURE; - } - x509->subjKeyIdCrit = ext->crit; - break; - case NID_subject_alt_name: - { - WOLFSSL_GENERAL_NAMES* gns = ext->ext_sk; - while (gns) { - WOLFSSL_GENERAL_NAME* gn = gns->data.gn; - if (!gn || !gn->d.ia5 || - wolfSSL_X509_add_altname_ex(x509, gn->d.ia5->data, - gn->d.ia5->length, gn->type) != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("Subject alternative name missing extension"); - return WOLFSSL_FAILURE; - } - gns = gns->next; - } - x509->subjAltNameSet = 1; - x509->subjAltNameCrit = ext->crit; - break; - } - case NID_key_usage: - if (ext && ext->value.data && - ext->value.length == sizeof(word16)) { - x509->keyUsage = *(word16*)ext->value.data; - x509->keyUsageCrit = ext->crit; - x509->keyUsageSet = 1; - } - break; - case NID_basic_constraints: - if (ext->obj) { - x509->isCa = ext->obj->ca; - x509->basicConstCrit = ext->crit; - if (ext->obj->pathlen) - x509->pathLength = ext->obj->pathlen->length; - x509->basicConstSet = 1; - } - break; - default: - WOLFSSL_MSG("Unsupported extension to add"); - return WOLFSSL_FAILURE; - } - - return WOLFSSL_SUCCESS; -} - #ifndef NO_WOLFSSL_STUB WOLFSSL_X509_EXTENSION *wolfSSL_X509_delete_ext(WOLFSSL_X509 *x509, int loc) { @@ -15772,6 +15772,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) bio->type = (byte)method->type; bio->method = method; bio->shutdown = BIO_CLOSE; /* default to close things */ + bio->num = -1; /* Default to invalid socket */ bio->init = 1; if (method->type != WOLFSSL_BIO_FILE && method->type != WOLFSSL_BIO_SOCKET && @@ -15880,7 +15881,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) if (bio->ptr) { XFCLOSE((XFILE)bio->ptr); } - else { + else if (bio->num != -1) { XCLOSE(bio->num); } } @@ -18958,7 +18959,9 @@ int wolfSSL_sk_push_node(WOLFSSL_STACK** stack, WOLFSSL_STACK* in) int wolfSSL_sk_push(WOLFSSL_STACK* sk, const void *data) { WOLFSSL_STACK* node; +#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) WOLFSSL_CIPHER ciph; +#endif WOLFSSL_ENTER("wolfSSL_sk_push"); if (!sk) { @@ -18967,7 +18970,7 @@ int wolfSSL_sk_push(WOLFSSL_STACK* sk, const void *data) /* Check if empty data */ switch (sk->type) { - #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) +#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) case STACK_TYPE_CIPHER: /* check if entire struct is zero */ XMEMSET(&ciph, 0, sizeof(WOLFSSL_CIPHER)); @@ -18981,15 +18984,17 @@ int wolfSSL_sk_push(WOLFSSL_STACK* sk, const void *data) return WOLFSSL_SUCCESS; } break; - #endif +#endif default: /* All other types are pointers */ if (!sk->data.generic) { sk->data.generic = (void*)data; sk->num = 1; +#ifdef OPENSSL_ALL if (sk->hash_fn) { sk->hash = sk->hash_fn(sk->data.generic); } +#endif return WOLFSSL_SUCCESS; } break; @@ -19015,7 +19020,7 @@ int wolfSSL_sk_push(WOLFSSL_STACK* sk, const void *data) sk->hash = 0; #endif switch (sk->type) { - #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) +#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) case STACK_TYPE_CIPHER: node->data.cipher = sk->data.cipher; sk->data.cipher = *(WOLFSSL_CIPHER*)data; @@ -19023,14 +19028,16 @@ int wolfSSL_sk_push(WOLFSSL_STACK* sk, const void *data) sk->hash = sk->hash_fn(&sk->data.cipher); } break; - #endif +#endif default: /* All other types are pointers */ node->data.generic = sk->data.generic; sk->data.generic = (void*)data; +#ifdef OPENSSL_ALL if (sk->hash_fn) { sk->hash = sk->hash_fn(sk->data.generic); } +#endif break; } @@ -20583,8 +20590,6 @@ WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format) } #endif /* !NO_FILESYSTEM */ -#endif /* NO_FILESYSTEM */ - static WOLFSSL_X509* wolfSSL_X509_X509_REQ_load_certificate_buffer( const unsigned char* buf, int sz, int format, int type) { @@ -31195,7 +31200,6 @@ WOLFSSL_DH* wolfSSL_DH_new(void) return external; } - void wolfSSL_DH_free(WOLFSSL_DH* dh) { WOLFSSL_ENTER("wolfSSL_DH_free"); @@ -31359,6 +31363,43 @@ int SetDhInternal(WOLFSSL_DH* dh) } #if !defined(NO_DH) && (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH)) +WOLFSSL_DH* wolfSSL_DH_dup(WOLFSSL_DH* dh) +{ + WOLFSSL_DH* ret = NULL; + + WOLFSSL_ENTER("wolfSSL_DH_dup"); + + if (!dh) { + WOLFSSL_MSG("Bad parameter"); + return NULL; + } + + if (dh->inSet == 0 && SetDhInternal(dh) != WOLFSSL_SUCCESS){ + WOLFSSL_MSG("Bad DH set internal"); + return NULL; + } + + if (!(ret = wolfSSL_DH_new())) { + WOLFSSL_MSG("wolfSSL_DH_new error"); + return NULL; + } + + if (wc_DhKeyCopy((DhKey*)dh->internal, (DhKey*)ret->internal) != MP_OKAY) { + WOLFSSL_MSG("wc_DhKeyCopy error"); + wolfSSL_DH_free(ret); + return NULL; + } + ret->inSet = 1; + + if (SetDhExternal(ret) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("SetDhExternal error"); + wolfSSL_DH_free(ret); + return NULL; + } + + return ret; +} + /* Set the members of DhKey into WOLFSSL_DH * DhKey was populated from wc_DhKeyDecode */ @@ -39454,7 +39495,7 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ !defined(WOLFCRYPT_ONLY) - #ifndef NO_CERTS +#ifndef NO_CERTS void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME *name) { WOLFSSL_ENTER("wolfSSL_X509_NAME_free"); @@ -40137,7 +40178,6 @@ cleanup: return ret; } -#endif /* WOLFSSL_CERT_GEN */ int wolfSSL_X509_sign_ctx(WOLFSSL_X509 *x509, WOLFSSL_EVP_MD_CTX *ctx) { @@ -40987,7 +41027,7 @@ err: #if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM) char* pem = NULL; - long i = 0, l; + long i = pem_struct_min_sz, l; const char* header = NULL; const char* headerEnd = NULL; const char* footer = NULL; @@ -41014,21 +41054,21 @@ err: if (pem == NULL) return WOLFSSL_FAILURE; - if (wolfSSL_BIO_read(bio, &pem[i], pem_struct_min_sz) != + if (wolfSSL_BIO_read(bio, &pem[0], pem_struct_min_sz) != pem_struct_min_sz) { goto err; } - i += pem_struct_min_sz; /* Read the header and footer */ while ((l = wolfSSL_BIO_read(bio, &pem[i], 1)) == 1) { i++; if (!header) - header = XSTRNSTR(pem, "-----", i); + header = XSTRNSTR(pem, "-----BEGIN ", i); else if (header) { if (!headerEnd) { - headerEnd = XSTRNSTR(header + XSTR_SIZEOF("-----"), - "-----", i - (header + XSTR_SIZEOF("-----") - pem)); + headerEnd = XSTRNSTR(header + XSTR_SIZEOF("-----BEGIN "), + "-----", + i - (header + XSTR_SIZEOF("-----BEGIN ") - pem)); if (headerEnd) { headerEnd += XSTR_SIZEOF("-----"); /* Read in the newline */ @@ -41293,6 +41333,11 @@ err: WOLFSSL_ENTER("wolfSSL_X509_NAME_ENTRY_create_by_NID()"); + if (!data) { + WOLFSSL_MSG("Bad parameter"); + return NULL; + } + if (out == NULL || *out == NULL) { ne = wolfSSL_X509_NAME_ENTRY_new(); if (ne == NULL) { @@ -41537,6 +41582,8 @@ err: return ret; } +#endif /* !NO_CERTS */ + /* NID variables are dependent on compatibility header files currently * * returns a pointer to a new WOLFSSL_ASN1_OBJECT struct on success and NULL @@ -41782,6 +41829,8 @@ err: } #endif +#endif /* !WOLFCRYPT_ONLY */ + #if defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) || \ defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(HAVE_STUNNEL) || \ defined(WOLFSSL_NGINX) || defined(HAVE_POCO_LIB) || \ @@ -51720,7 +51769,7 @@ int wolfSSL_X509_set_version(WOLFSSL_X509* x509, long v) #endif /* (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) && WOLFSSL_CERT_GEN */ -#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ +#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \ defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) void wolfSSL_X509V3_set_ctx(WOLFSSL_X509V3_CTX* ctx, WOLFSSL_X509* issuer, @@ -52113,7 +52162,7 @@ int wolfSSL_X509_REQ_set_pubkey(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey) { return wolfSSL_X509_set_pubkey(req, pkey); } -#endif /* OPENSSL_EXTRA && !NO_CERTS && WOLFSSL_CERT_GEN && WOLFSSL_CERT_REQ */ +#endif /* OPENSSL_ALL && !NO_CERTS && WOLFSSL_CERT_GEN && WOLFSSL_CERT_REQ */ #ifdef WOLFSSL_STATIC_EPHEMERAL static int SetStaticEphemeralKey(StaticKeyExchangeInfo_t* staticKE, int keyAlgo, @@ -52244,4 +52293,4 @@ int wolfSSL_set_ephemeral_key(WOLFSSL* ssl, int keyAlgo, #endif /* WOLFSSL_STATIC_EPHEMERAL */ -#endif /* WOLFCRYPT_ONLY */ +#endif /* !WOLFCRYPT_ONLY */ diff --git a/tests/api.c b/tests/api.c index 5608029d8..b679530e7 100644 --- a/tests/api.c +++ b/tests/api.c @@ -27747,7 +27747,9 @@ static void test_wolfSSL_X509_STORE_CTX(void) X509_STORE_CTX_set_error(NULL, -5); X509_STORE_CTX_free(ctx); +#ifdef OPENSSL_ALL sk_X509_free(sk); +#endif X509_STORE_free(str); X509_free(x509); @@ -38156,6 +38158,10 @@ static void test_wolfSSL_X509_CRL(void) static void test_wolfSSL_d2i_X509_REQ(void) { +#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) + /* ./certs/csr.signed.der and ./certs/csr.attr.der were + * generated by libest + * ./certs/csr.attr.der contains sample attributes */ const char* csrFile = "./certs/csr.signed.der"; const char* csrPopFile = "./certs/csr.attr.der"; /* ./certs/csr.dsa.pem is generated using @@ -38164,7 +38170,9 @@ static void test_wolfSSL_d2i_X509_REQ(void) * -outform PEM * with the passphrase "wolfSSL" */ +#ifndef NO_DSA const char* csrDsaFile = "./certs/csr.dsa.pem"; +#endif BIO* bio = NULL; X509* req = NULL; EVP_PKEY *pub_key = NULL; @@ -38188,6 +38196,10 @@ static void test_wolfSSL_d2i_X509_REQ(void) EVP_PKEY_free(pub_key); } { +#ifdef OPENSSL_ALL + X509_ATTRIBUTE* attr; + ASN1_TYPE *at; +#endif AssertNotNull(bio = BIO_new_file(csrPopFile, "rb")); AssertNotNull(d2i_X509_REQ_bio(bio, &req)); @@ -38201,15 +38213,23 @@ static void test_wolfSSL_d2i_X509_REQ(void) */ AssertIntEQ(X509_REQ_verify(req, pub_key), 1); +#ifdef OPENSSL_ALL /* * Obtain the challenge password from the CSR */ - AssertIntGE(X509_REQ_get_attr_by_NID(req, NID_pkcs9_challengePassword, -1), 0); + AssertIntEQ(X509_REQ_get_attr_by_NID(req, NID_pkcs9_challengePassword, -1), + NID_pkcs9_challengePassword); + AssertNotNull(attr = X509_REQ_get_attr(req, NID_pkcs9_challengePassword)); + AssertNotNull(at = X509_ATTRIBUTE_get0_type(attr, 0)); + AssertNotNull(at->value.asn1_string); + AssertStrEQ((char*)ASN1_STRING_data(at->value.asn1_string), "2xIE+qqp/rhyTXP+"); +#endif X509_free(req); BIO_free(bio); EVP_PKEY_free(pub_key); } +#ifndef NO_DSA { AssertNotNull(bio = BIO_new_file(csrDsaFile, "rb")); AssertNotNull(PEM_read_bio_X509_REQ(bio, &req, NULL, NULL)); @@ -38228,6 +38248,8 @@ static void test_wolfSSL_d2i_X509_REQ(void) BIO_free(bio); EVP_PKEY_free(pub_key); } +#endif +#endif /* defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) */ } static void test_wolfSSL_PEM_read_X509(void) @@ -38987,7 +39009,9 @@ static void test_wolfSSL_X509_print() !defined(NO_RSA) && !defined(HAVE_FAST_RSA) && defined(XSNPRINTF) X509 *x509; BIO *bio; +#ifdef OPENSSL_ALL const X509_ALGOR *cert_sig_alg; +#endif int stdout_fd = fileno(stdout); printf(testingFmt, "wolfSSL_X509_print"); @@ -39007,9 +39031,11 @@ static void test_wolfSSL_X509_print() AssertNotNull(bio = BIO_new_fd(stdout_fd, BIO_NOCLOSE)); +#ifdef OPENSSL_ALL /* Print signature */ AssertNotNull(cert_sig_alg = X509_get0_tbs_sigalg(x509)); AssertIntEQ(X509_signature_print(bio, cert_sig_alg, NULL), SSL_SUCCESS); +#endif /* print to stdout */ AssertIntEQ(X509_print(bio, x509), SSL_SUCCESS); diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 385b5d99d..05187a93e 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -121,6 +121,12 @@ extern int wc_InitRsaHw(RsaKey* key); #endif #endif +#ifndef NO_DSA + #include +#else + typedef void* DsaKey; +#endif + #ifdef WOLF_CRYPTO_CB #include #endif @@ -12365,83 +12371,6 @@ static int CopyValidity(byte* output, Cert* cert) #endif - -/* Set Date validity from now until now + daysValid - * return size in bytes written to output, 0 on error */ -static int SetValidity(byte* output, int daysValid) -{ - byte before[MAX_DATE_SIZE]; - byte after[MAX_DATE_SIZE]; - - int beforeSz; - int afterSz; - int seqSz; - - time_t now; - time_t then; - struct tm* tmpTime; - struct tm* expandedTime; - struct tm localTime; - -#if defined(NEED_TMP_TIME) - /* for use with gmtime_r */ - struct tm tmpTimeStorage; - tmpTime = &tmpTimeStorage; -#else - tmpTime = NULL; -#endif - (void)tmpTime; - - now = XTIME(0); - - /* before now */ - before[0] = ASN_GENERALIZED_TIME; - beforeSz = SetLength(ASN_GEN_TIME_SZ, before + 1) + 1; /* gen tag */ - - /* subtract 1 day of seconds for more compliance */ - then = now - 86400; - expandedTime = XGMTIME(&then, tmpTime); - if (expandedTime == NULL) { - WOLFSSL_MSG("XGMTIME failed"); - return 0; /* error */ - } - localTime = *expandedTime; - - /* adjust */ - localTime.tm_year += 1900; - localTime.tm_mon += 1; - - SetTime(&localTime, before + beforeSz); - beforeSz += ASN_GEN_TIME_SZ; - - after[0] = ASN_GENERALIZED_TIME; - afterSz = SetLength(ASN_GEN_TIME_SZ, after + 1) + 1; /* gen tag */ - - /* add daysValid of seconds */ - then = now + (daysValid * (time_t)86400); - expandedTime = XGMTIME(&then, tmpTime); - if (expandedTime == NULL) { - WOLFSSL_MSG("XGMTIME failed"); - return 0; /* error */ - } - localTime = *expandedTime; - - /* adjust */ - localTime.tm_year += 1900; - localTime.tm_mon += 1; - - SetTime(&localTime, after + afterSz); - afterSz += ASN_GEN_TIME_SZ; - - /* headers and output */ - seqSz = SetSequence(beforeSz + afterSz, output); - XMEMCPY(output + seqSz, before, beforeSz); - XMEMCPY(output + seqSz + beforeSz, after, afterSz); - - return seqSz + beforeSz + afterSz; -} - - /* ASN Encoded Name field */ typedef struct EncodedName { int nameLen; /* actual string value length */ @@ -13433,6 +13362,81 @@ int SetName(byte* output, word32 outputSz, CertName* name) return totalBytes; } +/* Set Date validity from now until now + daysValid + * return size in bytes written to output, 0 on error */ +static int SetValidity(byte* output, int daysValid) +{ + byte before[MAX_DATE_SIZE]; + byte after[MAX_DATE_SIZE]; + + int beforeSz; + int afterSz; + int seqSz; + + time_t now; + time_t then; + struct tm* tmpTime; + struct tm* expandedTime; + struct tm localTime; + +#if defined(NEED_TMP_TIME) + /* for use with gmtime_r */ + struct tm tmpTimeStorage; + tmpTime = &tmpTimeStorage; +#else + tmpTime = NULL; +#endif + (void)tmpTime; + + now = XTIME(0); + + /* before now */ + before[0] = ASN_GENERALIZED_TIME; + beforeSz = SetLength(ASN_GEN_TIME_SZ, before + 1) + 1; /* gen tag */ + + /* subtract 1 day of seconds for more compliance */ + then = now - 86400; + expandedTime = XGMTIME(&then, tmpTime); + if (expandedTime == NULL) { + WOLFSSL_MSG("XGMTIME failed"); + return 0; /* error */ + } + localTime = *expandedTime; + + /* adjust */ + localTime.tm_year += 1900; + localTime.tm_mon += 1; + + SetTime(&localTime, before + beforeSz); + beforeSz += ASN_GEN_TIME_SZ; + + after[0] = ASN_GENERALIZED_TIME; + afterSz = SetLength(ASN_GEN_TIME_SZ, after + 1) + 1; /* gen tag */ + + /* add daysValid of seconds */ + then = now + (daysValid * (time_t)86400); + expandedTime = XGMTIME(&then, tmpTime); + if (expandedTime == NULL) { + WOLFSSL_MSG("XGMTIME failed"); + return 0; /* error */ + } + localTime = *expandedTime; + + /* adjust */ + localTime.tm_year += 1900; + localTime.tm_mon += 1; + + SetTime(&localTime, after + afterSz); + afterSz += ASN_GEN_TIME_SZ; + + /* headers and output */ + seqSz = SetSequence(beforeSz + afterSz, output); + XMEMCPY(output + seqSz, before, beforeSz); + XMEMCPY(output + seqSz + beforeSz, after, afterSz); + + return seqSz + beforeSz + afterSz; +} + /* encode info from cert into DER encoded format */ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey, WC_RNG* rng, const byte* ntruKey, word16 ntruSz, DsaKey* dsaKey, diff --git a/wolfcrypt/src/dh.c b/wolfcrypt/src/dh.c index f5e89aa25..0c9f18275 100644 --- a/wolfcrypt/src/dh.c +++ b/wolfcrypt/src/dh.c @@ -2103,7 +2103,6 @@ WOLFSSL_LOCAL int wc_DhKeyCopy(DhKey* src, DhKey* dst) return ret; } -#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH) if ((ret = mp_copy(&src->pub, &dst->pub)) != MP_OKAY) { WOLFSSL_MSG("mp_copy error"); return ret; @@ -2113,7 +2112,6 @@ WOLFSSL_LOCAL int wc_DhKeyCopy(DhKey* src, DhKey* dst) WOLFSSL_MSG("mp_copy error"); return ret; } -#endif dst->heap = src->heap; diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 086371fdb..4e0478f68 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -3767,7 +3767,9 @@ struct WOLFSSL_X509 { byte serial[EXTERNAL_SERIAL_SIZE]; char subjectCN[ASN_NAME_MAX]; /* common name short cut */ #ifdef WOLFSSL_CERT_REQ +#ifdef OPENSSL_ALL WOLFSSL_X509_ATTRIBUTE* challengePwAttr; +#endif char challengePw[CTC_NAME_SIZE]; /* for REQ certs */ #endif WOLFSSL_X509_NAME issuer; diff --git a/wolfssl/openssl/bio.h b/wolfssl/openssl/bio.h index d112f038f..c5786b73a 100644 --- a/wolfssl/openssl/bio.h +++ b/wolfssl/openssl/bio.h @@ -40,7 +40,14 @@ #define BIO_FLAGS_SHOULD_RETRY WOLFSSL_BIO_FLAG_RETRY #define BIO_new_fp wolfSSL_BIO_new_fp +#if defined(OPENSSL_ALL) \ + || defined(HAVE_STUNNEL) \ + || defined(HAVE_LIGHTY) \ + || defined(WOLFSSL_MYSQL_COMPATIBLE) \ + || defined(WOLFSSL_HAPROXY) \ + || defined(OPENSSL_EXTRA) #define BIO_new_file wolfSSL_BIO_new_file +#endif #define BIO_new_fp wolfSSL_BIO_new_fp #define BIO_ctrl wolfSSL_BIO_ctrl #define BIO_ctrl_pending wolfSSL_BIO_ctrl_pending diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index af8faa95d..7f24efa4f 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -306,7 +306,7 @@ enum Misc_ASN { #endif RSA_INTS = 8, /* RSA ints in private key */ DSA_INTS = 5, /* DSA ints in private key */ - MIN_DATE_SIZE = 13, + MIN_DATE_SIZE = 12, MAX_DATE_SIZE = 32, ASN_GEN_TIME_SZ = 15, /* 7 numbers * 2 + Zulu tag */ #ifndef NO_RSA @@ -679,7 +679,7 @@ struct SignatureCtx { #ifndef NO_RSA byte* out; #endif -#if !defined(NO_RSA) && !defined(NO_DSA) +#if !(defined(NO_RSA) && defined(NO_DSA)) byte* sigCpy; #endif #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) diff --git a/wolfssl/wolfcrypt/dh.h b/wolfssl/wolfcrypt/dh.h index 00b1c6267..8bc1dd3d4 100644 --- a/wolfssl/wolfcrypt/dh.h +++ b/wolfssl/wolfcrypt/dh.h @@ -121,12 +121,7 @@ WOLFSSL_API int wc_DhImportKeyPair(DhKey* key, const byte* priv, word32 privSz, const byte* pub, word32 pubSz); WOLFSSL_API int wc_DhExportKeyPair(DhKey* key, byte* priv, word32* pPrivSz, byte* pub, word32* pPubSz); -#endif /* WOLFSSL_DH_EXTRA */ - -#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) WOLFSSL_LOCAL int wc_DhKeyCopy(DhKey* src, DhKey* dst); -WOLFSSL_LOCAL int wc_DhSetFullKeys(DhKey* key,const byte* priv_key,word32 privSz, - const byte* pub_key, word32 pubSz); #endif WOLFSSL_API int wc_DhSetCheckKey(DhKey* key, const byte* p, word32 pSz, const byte* g, word32 gSz, const byte* q, word32 qSz,