feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #780 from dgarske/crl_win

Browse Source 
Fixes for building CRL with Windows
This commit is contained in:
toddouska
2017-03-08 15:31:02 -08:00
committed by GitHub
parent e7445b8e49 a55ebb4c18
commit 2b0963c42a
12 changed files with 245 additions and 157 deletions
Download Patch File Download Diff File Expand all files Collapse all files

98
src/crl.c Normal file → Executable file
View File

@ -34,11 +34,6 @@
#include <wolfssl/internal.h>
#include <wolfssl/error-ssl.h>
#ifndef NO_FILESYSTEM
#include <dirent.h>
#include <sys/stat.h>
#endif
#include <string.h>
#ifdef HAVE_CRL_MONITOR
@ -790,74 +785,62 @@ static int StartMonitorCRL(WOLFSSL_CRL* crl)
#endif /* HAVE_CRL_MONITOR */
#ifndef NO_FILESYSTEM
#if !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
/* Load CRL path files of type, SSL_SUCCESS on ok */
int LoadCRL(WOLFSSL_CRL* crl, const char* path, int type, int monitor)
{
struct dirent* entry;
DIR* dir;
int ret = SSL_SUCCESS;
char* name = NULL;
#ifdef WOLFSSL_SMALL_STACK
char* name;
ReadDirCtx* readCtx = NULL;
#else
char name[MAX_FILENAME_SZ];
ReadDirCtx readCtx[1];
#endif
WOLFSSL_ENTER("LoadCRL");
if (crl == NULL)
return BAD_FUNC_ARG;
dir = opendir(path);
if (dir == NULL) {
WOLFSSL_MSG("opendir path crl load failed");
return BAD_PATH_ERROR;
}
#ifdef WOLFSSL_SMALL_STACK
name = (char*)XMALLOC(MAX_FILENAME_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER);
ReadDirCtx* readCtx = NULL;
readCtx = (char*)XMALLOC(sizeof(ReadDirCtx), ctx->heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (name == NULL)
return MEMORY_E;
#endif
while ( (entry = readdir(dir)) != NULL) {
struct stat s;
XMEMSET(name, 0, MAX_FILENAME_SZ);
XSTRNCPY(name, path, MAX_FILENAME_SZ/2 - 2);
XSTRNCAT(name, "/", 1);
XSTRNCAT(name, entry->d_name, MAX_FILENAME_SZ/2);
if (stat(name, &s) != 0) {
WOLFSSL_MSG("stat on name failed");
continue;
}
if (s.st_mode & S_IFREG) {
if (type == SSL_FILETYPE_PEM) {
if (XSTRSTR(entry->d_name, ".pem") == NULL) {
WOLFSSL_MSG("not .pem file, skipping");
continue;
}
}
else {
if (XSTRSTR(entry->d_name, ".der") == NULL &&
XSTRSTR(entry->d_name, ".crl") == NULL) {
WOLFSSL_MSG("not .der or .crl file, skipping");
continue;
}
}
if (ProcessFile(NULL, name, type, CRL_TYPE, NULL, 0, crl)
!= SSL_SUCCESS) {
WOLFSSL_MSG("CRL file load failed, continuing");
/* try to load each regular file in path */
ret = wc_ReadDirFirst(readCtx, path, &name);
while (ret == 0 && name) {
int skip = 0;
if (type == SSL_FILETYPE_PEM) {
if (XSTRSTR(name, ".pem") == NULL) {
WOLFSSL_MSG("not .pem file, skipping");
skip = 1;
}
}
else {
if (XSTRSTR(name, ".der") == NULL &&
XSTRSTR(name, ".crl") == NULL)
{
WOLFSSL_MSG("not .der or .crl file, skipping");
skip = 1;
}
}
if (!skip && ProcessFile(NULL, name, type, CRL_TYPE, NULL, 0, crl)
!= SSL_SUCCESS) {
WOLFSSL_MSG("CRL file load failed, continuing");
}
ret = wc_ReadDirNext(readCtx, path, &name);
}
wc_ReadDirClose(readCtx);
ret = SSL_SUCCESS; /* load failures not reported, for backwards compat */
#ifdef WOLFSSL_SMALL_STACK
XFREE(name, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(readCtx, ctx->heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif
if (monitor & WOLFSSL_CRL_MONITOR) {
@ -901,12 +884,21 @@ int LoadCRL(WOLFSSL_CRL* crl, const char* path, int type, int monitor)
}
}
closedir(dir);
return ret;
}
#endif /* NO_FILESYSTEM */
#else
int LoadCRL(WOLFSSL_CRL* crl, const char* path, int type, int monitor)
{
(void)crl;
(void)path;
(void)type;
(void)monitor;
/* stub for scenario where file system is not supported */
return NOT_COMPILED_IN;
}
#endif /* !NO_FILESYSTEM && !NO_WOLFSSL_DIR */
#endif /* HAVE_CRL */
#endif /* !WOLFCRYPT_ONLY */

4
src/internal.c
View File

@ -11201,7 +11201,7 @@ int SendCertificateStatus(WOLFSSL* ssl)
if (responses[0].buffer) {
if (ret == 0)
ret = BuildCertificateStatus(ssl, status_type,
responses, i + 1);
responses, (byte)i + 1);
for (i = 0; i < 1 + MAX_CHAIN_DEPTH; i++)
if (responses[i].buffer)
@ -11713,8 +11713,6 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e)
case NOT_CA_ERROR:
return "Not a CA by basic constraint error";
case BAD_PATH_ERROR:
return "Bad path for opendir error";
case BAD_CERT_MANAGER_ERROR:
return "Bad Cert Manager error";

107
src/ssl.c
View File

@ -93,18 +93,6 @@
#include <wolfssl/wolfcrypt/dh.h>
#endif
#ifndef NO_FILESYSTEM
#if !defined(USE_WINDOWS_API) && !defined(NO_WOLFSSL_DIR) \
&& !defined(EBSNET)
#include <dirent.h>
#include <sys/stat.h>
#endif
#ifdef EBSNET
#include "vfapi.h"
#include "vfile.h"
#endif
#endif /* NO_FILESYSTEM */
#if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_HAVE_MAX)
#define WOLFSSL_HAVE_MAX
@ -5079,7 +5067,6 @@ int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX* ctx, const char* file,
int ret = SSL_SUCCESS;
WOLFSSL_ENTER("wolfSSL_CTX_load_verify_locations");
(void)path;
if (ctx == NULL || (file == NULL && path == NULL) )
return SSL_FAILURE;
@ -5088,94 +5075,30 @@ int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX* ctx, const char* file,
ret = ProcessFile(ctx, file, SSL_FILETYPE_PEM, CA_TYPE, NULL, 0, NULL);
if (ret == SSL_SUCCESS && path) {
/* try to load each regular file in path */
#ifdef USE_WINDOWS_API
WIN32_FIND_DATAA FindFileData;
HANDLE hFind;
char* name = NULL;
#ifdef WOLFSSL_SMALL_STACK
char* name = NULL;
#else
char name[MAX_FILENAME_SZ];
#endif
#ifdef WOLFSSL_SMALL_STACK
name = (char*)XMALLOC(MAX_FILENAME_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER);
ReadDirCtx* readCtx = NULL;
readCtx = (ReadDirCtx*)XMALLOC(sizeof(ReadDirCtx), ctx->heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (name == NULL)
return MEMORY_E;
#endif
XMEMSET(name, 0, MAX_FILENAME_SZ);
XSTRNCPY(name, path, MAX_FILENAME_SZ - 4);
XSTRNCAT(name, "\\*", 3);
hFind = FindFirstFileA(name, &FindFileData);
if (hFind == INVALID_HANDLE_VALUE) {
WOLFSSL_MSG("FindFirstFile for path verify locations failed");
#ifdef WOLFSSL_SMALL_STACK
XFREE(name, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return BAD_PATH_ERROR;
}
do {
if (FindFileData.dwFileAttributes != FILE_ATTRIBUTE_DIRECTORY) {
XSTRNCPY(name, path, MAX_FILENAME_SZ/2 - 3);
XSTRNCAT(name, "\\", 2);
XSTRNCAT(name, FindFileData.cFileName, MAX_FILENAME_SZ/2);
ret = ProcessFile(ctx, name, SSL_FILETYPE_PEM, CA_TYPE,
NULL, 0, NULL);
}
} while (ret == SSL_SUCCESS && FindNextFileA(hFind, &FindFileData));
#ifdef WOLFSSL_SMALL_STACK
XFREE(name, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
FindClose(hFind);
#elif !defined(NO_WOLFSSL_DIR)
struct dirent* entry;
DIR* dir = opendir(path);
#ifdef WOLFSSL_SMALL_STACK
char* name = NULL;
#else
char name[MAX_FILENAME_SZ];
ReadDirCtx readCtx[1];
#endif
if (dir == NULL) {
WOLFSSL_MSG("opendir path verify locations failed");
return BAD_PATH_ERROR;
/* try to load each regular file in path */
ret = wc_ReadDirFirst(readCtx, path, &name);
while (ret == 0 && name) {
ret = ProcessFile(ctx, name, SSL_FILETYPE_PEM, CA_TYPE,
NULL, 0, NULL);
if (ret != SSL_SUCCESS)
break;
ret = wc_ReadDirNext(readCtx, path, &name);
}
wc_ReadDirClose(readCtx);
#ifdef WOLFSSL_SMALL_STACK
name = (char*)XMALLOC(MAX_FILENAME_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (name == NULL) {
closedir(dir);
return MEMORY_E;
}
#endif
while ( ret == SSL_SUCCESS && (entry = readdir(dir)) != NULL) {
struct stat s;
XMEMSET(name, 0, MAX_FILENAME_SZ);
XSTRNCPY(name, path, MAX_FILENAME_SZ/2 - 2);
XSTRNCAT(name, "/", 1);
XSTRNCAT(name, entry->d_name, MAX_FILENAME_SZ/2);
if (stat(name, &s) != 0) {
WOLFSSL_MSG("stat on name failed");
ret = BAD_PATH_ERROR;
} else if (s.st_mode & S_IFREG)
ret = ProcessFile(ctx, name, SSL_FILETYPE_PEM, CA_TYPE,
NULL, 0, NULL);
}
#ifdef WOLFSSL_SMALL_STACK
XFREE(name, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
closedir(dir);
XFREE(readCtx, ctx->heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif
}

4
src/tls.c Normal file → Executable file
View File

@ -2044,7 +2044,7 @@ static word16 TLSX_CSR_Write(CertificateStatusRequest* csr, byte* output,
/* request extensions */
if (csr->request.ocsp.nonceSz)
length = EncodeOcspRequestExtensions(
length = (word16)EncodeOcspRequestExtensions(
&csr->request.ocsp,
output + offset + OPAQUE16_LEN,
OCSP_NONCE_EXT_SZ);
@ -2397,7 +2397,7 @@ static word16 TLSX_CSR2_Write(CertificateStatusRequestItemV2* csr2,
length = 0;
if (csr2->request.ocsp[0].nonceSz)
length = EncodeOcspRequestExtensions(
length = (word16)EncodeOcspRequestExtensions(
&csr2->request.ocsp[0],
output + offset + OPAQUE16_LEN,
OCSP_NONCE_EXT_SZ);

3
wolfcrypt/src/error.c
View File

@ -419,6 +419,9 @@ const char* wc_GetErrorString(int error)
case DH_CHECK_PUB_E:
return "DH Check Public Key failure";
case BAD_PATH_ERROR:
return "Bad path for opendir error";
default:
return "unknown error number";

133
wolfcrypt/src/wc_port.c
View File

@ -28,6 +28,7 @@
#include <wolfssl/wolfcrypt/types.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/wolfcrypt/logging.h>
#include <wolfssl/wolfcrypt/wc_port.h>
/* IPP header files for library initialization */
#ifdef HAVE_FAST_RSA
@ -126,6 +127,138 @@ int wolfCrypt_Cleanup(void)
return ret;
}
#if !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
/* File Handling Helpers */
int wc_ReadDirFirst(ReadDirCtx* ctx, const char* path, char** name)
{
int ret = 0;
if (name)
*name = NULL;
if (ctx == NULL || path == NULL) {
return BAD_FUNC_ARG;
}
XMEMSET(ctx->name, 0, MAX_FILENAME_SZ);
#ifdef USE_WINDOWS_API
XSTRNCPY(ctx->name, path, MAX_FILENAME_SZ - 4);
XSTRNCAT(ctx->name, "\\*", 3);
ctx->hFind = FindFirstFileA(ctx->name, &ctx->FindFileData);
if (ctx->hFind == INVALID_HANDLE_VALUE) {
WOLFSSL_MSG("FindFirstFile for path verify locations failed");
return BAD_PATH_ERROR;
}
do {
if (ctx->FindFileData.dwFileAttributes != FILE_ATTRIBUTE_DIRECTORY) {
XSTRNCPY(ctx->name, path, MAX_FILENAME_SZ/2 - 3);
XSTRNCAT(ctx->name, "\\", 2);
XSTRNCAT(ctx->name, ctx->FindFileData.cFileName, MAX_FILENAME_SZ/2);
if (name)
*name = ctx->name;
return 0;
}
} while (FindNextFileA(ctx->hFind, &ctx->FindFileData));
#else
ctx->dir = opendir(path);
if (ctx->dir == NULL) {
WOLFSSL_MSG("opendir path verify locations failed");
return BAD_PATH_ERROR;
}
while ((ctx->entry = readdir(ctx->dir)) != NULL) {
XSTRNCPY(ctx->name, path, MAX_FILENAME_SZ/2 - 2);
XSTRNCAT(ctx->name, "/", 1);
XSTRNCAT(ctx->name, ctx->entry->d_name, MAX_FILENAME_SZ/2);
if (stat(ctx->name, &ctx->s) != 0) {
WOLFSSL_MSG("stat on name failed");
ret = BAD_PATH_ERROR;
break;
} else if (ctx->s.st_mode & S_IFREG) {
if (name)
*name = ctx->name;
return 0;
}
}
#endif
wc_ReadDirClose(ctx);
return ret;
}
int wc_ReadDirNext(ReadDirCtx* ctx, const char* path, char** name)
{
int ret = -1;
if (name)
*name = NULL;
if (ctx == NULL || path == NULL) {
return BAD_FUNC_ARG;
}
XMEMSET(ctx->name, 0, MAX_FILENAME_SZ);
#ifdef USE_WINDOWS_API
while (FindNextFileA(ctx->hFind, &ctx->FindFileData)) {
if (ctx->FindFileData.dwFileAttributes != FILE_ATTRIBUTE_DIRECTORY) {
XSTRNCPY(ctx->name, path, MAX_FILENAME_SZ/2 - 3);
XSTRNCAT(ctx->name, "\\", 2);
XSTRNCAT(ctx->name, ctx->FindFileData.cFileName, MAX_FILENAME_SZ/2);
if (name)
*name = ctx->name;
return 0;
}
}
#else
while ((ctx->entry = readdir(ctx->dir)) != NULL) {
XSTRNCPY(ctx->name, path, MAX_FILENAME_SZ/2 - 2);
XSTRNCAT(ctx->name, "/", 1);
XSTRNCAT(ctx->name, ctx->entry->d_name, MAX_FILENAME_SZ/2);
if (stat(ctx->name, &ctx->s) != 0) {
WOLFSSL_MSG("stat on name failed");
ret = BAD_PATH_ERROR;
break;
} else if (ctx->s.st_mode & S_IFREG) {
if (name)
*name = ctx->name;
return 0;
}
}
#endif
wc_ReadDirClose(ctx);
return ret;
}
void wc_ReadDirClose(ReadDirCtx* ctx)
{
if (ctx == NULL) {
return;
}
#ifdef USE_WINDOWS_API
if (ctx->hFind != INVALID_HANDLE_VALUE) {
FindClose(ctx->hFind);
ctx->hFind = INVALID_HANDLE_VALUE;
}
#else
if (ctx->dir) {
closedir(ctx->dir);
ctx->dir = NULL;
}
#endif
}
#endif /* !NO_FILESYSTEM && !NO_WOLFSSL_DIR */
wolfSSL_Mutex* wc_InitAndAllocMutex()
{

2
wolfssl/error-ssl.h
View File

@ -90,7 +90,7 @@ enum wolfSSL_ErrorCodes {
ECC_EXPORT_ERROR = -354, /* Bad ECC Export Key */
ECC_SHARED_ERROR = -355, /* Bad ECC Shared Secret */
NOT_CA_ERROR = -357, /* Not a CA cert error */
BAD_PATH_ERROR = -358, /* Bad path for opendir */
BAD_CERT_MANAGER_ERROR = -359, /* Bad Cert Manager */
OCSP_CERT_REVOKED = -360, /* OCSP Certificate revoked */
CRL_CERT_REVOKED = -361, /* CRL Certificate revoked */

1
wolfssl/internal.h
View File

@ -1064,7 +1064,6 @@ enum Misc {
MAX_X509_SIZE = 2048, /* max static x509 buffer size */
CERT_MIN_SIZE = 256, /* min PEM cert size with header/footer */
MAX_FILENAME_SZ = 256, /* max file name length */
FILE_BUFFER_SIZE = 1024, /* default static file buffer size for input,
will use dynamic buffer if not big enough */

4
wolfssl/test.h
View File

@ -1285,10 +1285,6 @@ static INLINE void CaCb(unsigned char* der, int sz, int type)
/* Wolf Root Directory Helper */
/* KEIL-RL File System does not support relative directory */
#if !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_KEIL_FS) && !defined(WOLFSSL_TIRTOS)
#ifndef MAX_PATH
#define MAX_PATH 256
#endif
/* Maximum depth to search for WolfSSL root */
#define MAX_WOLF_ROOT_DEPTH 5

1
wolfssl/wolfcrypt/error-crypt.h
View File

@ -184,6 +184,7 @@ enum {
WC_CLEANUP_E = -241, /* wolfcrypt cleanup failed */
ECC_CDH_KAT_FIPS_E = -242, /* ECC CDH Known Answer Test failure */
DH_CHECK_PUB_E = -243, /* DH Check Pub Key error */
BAD_PATH_ERROR = -244, /* Bad path for opendir */
MIN_CODE_E = -300 /* errors -101 - -299 */

4
wolfssl/wolfcrypt/logging.h
View File

@ -60,6 +60,10 @@ WOLFSSL_API int wolfSSL_SetLoggingCb(wolfSSL_Logging_cb log_function);
#endif /* defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) */
#ifdef DEBUG_WOLFSSL
#if defined ( WIN32 )
#define __func__ __FUNCTION__
#endif
/* a is prepended to m and b is appended, creating a log msg a + m + b */
#define WOLFSSL_LOG_CAT(a, m, b) #a " " m " " #b

41
wolfssl/wolfcrypt/wc_port.h
View File

@ -192,6 +192,9 @@ WOLFSSL_API int wolfCrypt_Cleanup(void);
#ifndef NO_FILESYSTEM
#if defined(EBSNET)
#include "vfapi.h"
#include "vfile.h"
#define XFILE int
#define XFOPEN(NAME, MODE) vf_open((const char *)NAME, VO_RDONLY, 0);
#define XFSEEK vf_lseek
@ -202,6 +205,7 @@ WOLFSSL_API int wolfCrypt_Cleanup(void);
#define XFCLOSE vf_close
#define XSEEK_END VSEEK_END
#define XBADFILE -1
#define XFGETS(b,s,f) -2 /* Not ported yet */
#elif defined(LSR_FS)
#include <fs.h>
#define XFILE struct fs_file*
@ -214,6 +218,7 @@ WOLFSSL_API int wolfCrypt_Cleanup(void);
#define XFCLOSE fs_close
#define XSEEK_END 0
#define XBADFILE NULL
#define XFGETS(b,s,f) -2 /* Not ported yet */
#elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
#define XFILE MQX_FILE_PTR
#define XFOPEN fopen
@ -225,6 +230,7 @@ WOLFSSL_API int wolfCrypt_Cleanup(void);
#define XFCLOSE fclose
#define XSEEK_END IO_SEEK_END
#define XBADFILE NULL
#define XFGETS fgets
#elif defined(MICRIUM)
#include <fs.h>
#define XFILE FS_FILE*
@ -237,6 +243,7 @@ WOLFSSL_API int wolfCrypt_Cleanup(void);
#define XFCLOSE fs_fclose
#define XSEEK_END FS_SEEK_END
#define XBADFILE NULL
#define XFGETS(b,s,f) -2 /* Not ported yet */
#else
/* stdio, default case */
#include <stdio.h>
@ -255,9 +262,41 @@ WOLFSSL_API int wolfCrypt_Cleanup(void);
#define XFCLOSE fclose
#define XSEEK_END SEEK_END
#define XBADFILE NULL
#define XFGETS fgets
#if !defined(USE_WINDOWS_API) && !defined(NO_WOLFSSL_DIR)
#include <dirent.h>
#include <unistd.h>
#include <sys/stat.h>
#endif
#endif
#endif /* NO_FILESYSTEM */
#ifndef MAX_FILENAME_SZ
#define MAX_FILENAME_SZ 256 /* max file name length */
#endif
#ifndef MAX_PATH
#define MAX_PATH 256
#endif
#if !defined(NO_WOLFSSL_DIR)
typedef struct ReadDirCtx {
#ifdef USE_WINDOWS_API
WIN32_FIND_DATAA FindFileData;
HANDLE hFind;
#else
struct dirent* entry;
DIR* dir;
struct stat s;
#endif
char name[MAX_FILENAME_SZ];
} ReadDirCtx;
WOLFSSL_API int wc_ReadDirFirst(ReadDirCtx* ctx, const char* path, char** name);
WOLFSSL_API int wc_ReadDirNext(ReadDirCtx* ctx, const char* path, char** name);
WOLFSSL_API void wc_ReadDirClose(ReadDirCtx* ctx);
#endif /* !NO_WOLFSSL_DIR */
#endif /* !NO_FILESYSTEM */
/* Windows API defines its own min() macro. */