diff --git a/src/ssl.c b/src/ssl.c index 989d32761..b98fd66ff 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -8629,11 +8629,8 @@ const WOLFSSL_v3_ext_method* wolfSSL_X509V3_EXT_get(WOLFSSL_X509_EXTENSION* ex) WOLFSSL_MSG("Passed an invalid X509_EXTENSION*"); return NULL; } - /* Initialize all methods to NULL */ - method.d2i = NULL; - method.i2v = NULL; - method.i2s = NULL; - method.i2r = NULL; + /* Initialize method to 0 */ + XMEMSET(&method, 0, sizeof(struct WOLFSSL_v3_ext_method)); nid = ex->obj->nid; if (nid <= 0) { @@ -9601,6 +9598,161 @@ void wolfSSL_X509V3_set_ctx_nodb(WOLFSSL_X509V3_CTX* ctx) } #endif /* !NO_WOLFSSL_STUB */ +#if defined(OPENSSL_ALL) +static WOLFSSL_ASN1_STRING* wolfSSL_d2i_ASN1_STRING(WOLFSSL_ASN1_STRING **out, + const unsigned char **in, + long inSz) +{ + WOLFSSL_ASN1_STRING* ret = NULL; + WOLFSSL_ASN1_STRING* tmp = NULL; + + WOLFSSL_ENTER("wolfSSL_d2i_ASN1_STRING";) + + if (!in || !*in || inSz <= 0) { + WOLFSSL_MSG("Bad parameters") + return NULL; + } + + if (!out || !*out) { + if (!(ret = tmp = wolfSSL_ASN1_STRING_new())) { + WOLFSSL_MSG("wolfSSL_ASN1_STRING_new error"); + return NULL; + } + } + else { + ret = *out; + } + + if (wolfSSL_ASN1_STRING_set(ret, *in, inSz) != WOLFSSL_SUCCESS) { + if (tmp) { + wolfSSL_ASN1_STRING_free(tmp); + } + return NULL; + } + + *in += inSz; + *out = ret; + return ret; +} + +static int wolfSSL_i2d_ASN1_STRING(WOLFSSL_ASN1_STRING *s, unsigned char **out) +{ + if (!s) + return WOLFSSL_FAILURE; + + if (!out) + return s->length; + + if (s->length) { + XMEMCPY(*out, s->data, s->length); + *out += s->length; + } + return s->length; +} + +static void wolfSSL_X509V3_EXT_METHOD_populate(WOLFSSL_v3_ext_method *method, + int nid) +{ + if (!method) + return; + + WOLFSSL_ENTER("wolfSSL_X509V3_EXT_METHOD_populate"); + switch (nid) { + case NID_subject_key_identifier: + method->i2s = (X509V3_EXT_I2S)wolfSSL_i2s_ASN1_STRING; + FALL_THROUGH; + case NID_authority_key_identifier: + case NID_key_usage: + method->i2d = (X509V3_EXT_I2D)wolfSSL_i2d_ASN1_STRING; + method->d2i = (X509V3_EXT_D2I)wolfSSL_d2i_ASN1_STRING; + break; + case NID_certificate_policies: + case NID_policy_mappings: + case NID_subject_alt_name: + case NID_issuer_alt_name: + case NID_basic_constraints: + case NID_name_constraints: + case NID_policy_constraints: + case NID_ext_key_usage: + case NID_crl_distribution_points: + case NID_inhibit_any_policy: + case NID_info_access: + WOLFSSL_MSG("Nothing to populate for current NID"); + break; + default: + WOLFSSL_MSG("Unknown or unsupported NID"); + break; + } + + return; +} + +WOLFSSL_X509_EXTENSION *wolfSSL_X509V3_EXT_i2d(int nid, int crit, + void *data) +{ + WOLFSSL_X509_EXTENSION *ext = NULL; + + WOLFSSL_ENTER("wolfSSL_X509V3_EXT_i2d"); + + if (!data) { + return NULL; + } + + if (!(ext = wolfSSL_X509_EXTENSION_new())) { + return NULL; + } + + wolfSSL_X509V3_EXT_METHOD_populate(&ext->ext_method, nid); + + switch (nid) { + case NID_subject_key_identifier: + case NID_authority_key_identifier: + case NID_key_usage: + { + WOLFSSL_ASN1_STRING* asn1str = (WOLFSSL_ASN1_STRING*)data; + ext->value = *asn1str; + if (asn1str->isDynamic) { + ext->value.data = (char*)XMALLOC(asn1str->length, NULL, + DYNAMIC_TYPE_OPENSSL); + if (!ext->value.data) { + WOLFSSL_MSG("malloc failed"); + /* Zero so that no existing memory is freed */ + XMEMSET(&ext->value, 0, sizeof(WOLFSSL_ASN1_STRING)); + goto err_cleanup; + } + XMEMCPY(ext->value.data, asn1str->data, asn1str->length); + } + else { + ext->value.data = ext->value.strData; + } + break; + } + case NID_certificate_policies: + case NID_policy_mappings: + case NID_subject_alt_name: + case NID_issuer_alt_name: + case NID_basic_constraints: + case NID_name_constraints: + case NID_policy_constraints: + case NID_ext_key_usage: + case NID_crl_distribution_points: + case NID_inhibit_any_policy: + case NID_info_access: + default: + WOLFSSL_MSG("Unknown or unsupported NID"); + break; + } + + ext->crit = crit; + + return ext; +err_cleanup: + if (ext) { + wolfSSL_X509_EXTENSION_free(ext); + } + return NULL; +} + /* Returns pointer to ASN1_OBJECT from an X509_EXTENSION object */ WOLFSSL_ASN1_OBJECT* wolfSSL_X509_EXTENSION_get_object \ (WOLFSSL_X509_EXTENSION* ext) @@ -9610,6 +9762,7 @@ WOLFSSL_ASN1_OBJECT* wolfSSL_X509_EXTENSION_get_object \ return NULL; return ext->obj; } +#endif /* OPENSSL_ALL */ /* Returns pointer to ASN1_STRING in X509_EXTENSION object */ WOLFSSL_ASN1_STRING* wolfSSL_X509_EXTENSION_get_data(WOLFSSL_X509_EXTENSION* ext) @@ -20438,9 +20591,9 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b) asn1->data = NULL; } - if (sz + 1 > CTC_NAME_SIZE) { - /* create new data buffer and copy over +1 for null */ - asn1->data = (char*)XMALLOC(sz + 1, NULL, DYNAMIC_TYPE_OPENSSL); + if (sz + 1 > CTC_NAME_SIZE) { /* account for null char */ + /* create new data buffer and copy over */ + asn1->data = (char*)XMALLOC(sz, NULL, DYNAMIC_TYPE_OPENSSL); if (asn1->data == NULL) { return WOLFSSL_FAILURE; } @@ -24903,6 +25056,14 @@ long wolfSSL_num_renegotiations(WOLFSSL* s) return s->secure_rene_count; } + + +/* Is there a renegotiation currently in progress? */ +int wolfSSL_SSL_renegotiate_pending(WOLFSSL *s) +{ + return s && s->options.handShakeDone && + s->options.handShakeState != HANDSHAKE_DONE ? 1 : 0; +} #endif /* HAVE_SECURE_RENEGOTIATION || HAVE_SERVER_RENEGOTIATION_INFO */ #ifndef NO_DH diff --git a/tests/api.c b/tests/api.c index b9b980c8d..7e4ecccb2 100644 --- a/tests/api.c +++ b/tests/api.c @@ -4786,8 +4786,8 @@ static void test_wolfSSL_PKCS12(void) WOLFSSL_X509 *cert; WOLFSSL_X509 *tmp; WOLF_STACK_OF(WOLFSSL_X509) *ca; -#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \ - || defined(WOLFSSL_NGINX) +#if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \ + || defined(WOLFSSL_NGINX)) && defined(SESSION_CERTS) WOLFSSL_CTX *ctx; WOLFSSL *ssl; WOLF_STACK_OF(WOLFSSL_X509) *tmp_ca = NULL; @@ -4833,11 +4833,11 @@ static void test_wolfSSL_PKCS12(void) AssertNotNull(cert); AssertNotNull(ca); -#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \ - || defined(WOLFSSL_NGINX) +#if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \ + || defined(WOLFSSL_NGINX)) && defined(SESSION_CERTS) /* Check that SSL_CTX_set0_chain correctly sets the certChain buffer */ -#ifndef NO_WOLFSSL_CLIENT +#if !defined(NO_WOLFSSL_CLIENT) && defined(SESSION_CERTS) AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); #else AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); @@ -31263,7 +31263,7 @@ static void test_wolfSSL_X509V3_EXT_get(void) { #endif } -static void test_wolfSSL_X509V3_EXT_d2i(void) { +static void test_wolfSSL_X509V3_EXT(void) { #if !defined(NO_FILESYSTEM) && defined (OPENSSL_ALL) FILE* f; int numOfExt = 0, nid = 0, i = 0, expected, actual; @@ -31272,6 +31272,7 @@ static void test_wolfSSL_X509V3_EXT_d2i(void) { const WOLFSSL_v3_ext_method* method; WOLFSSL_X509* x509; WOLFSSL_X509_EXTENSION* ext; + WOLFSSL_X509_EXTENSION* ext2; WOLFSSL_ASN1_OBJECT *obj, *adObj; WOLFSSL_ASN1_STRING* asn1str; WOLFSSL_AUTHORITY_KEYID* aKeyId; @@ -31309,6 +31310,8 @@ static void test_wolfSSL_X509V3_EXT_d2i(void) { AssertIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_subject_key_identifier); AssertNotNull(asn1str = (WOLFSSL_ASN1_STRING*)wolfSSL_X509V3_EXT_d2i(ext)); + AssertNotNull(ext2 = wolfSSL_X509V3_EXT_i2d(NID_subject_key_identifier, 0, + asn1str)); AssertNotNull(method = wolfSSL_X509V3_EXT_get(ext)); AssertNotNull(method->i2s); AssertNotNull(str = method->i2s((WOLFSSL_v3_ext_method*)method, asn1str)); @@ -35695,7 +35698,7 @@ void ApiTest(void) test_wolfSSL_BIO_get_len(); test_wolfSSL_RSA_verify(); test_wolfSSL_X509V3_EXT_get(); - test_wolfSSL_X509V3_EXT_d2i(); + test_wolfSSL_X509V3_EXT(); test_wolfSSL_X509_get_ext(); test_wolfSSL_X509_get_ext_by_NID(); test_wolfSSL_X509_get_ext_count(); diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 289cb3d98..5b94001e8 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -175,6 +175,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define SSL_use_certificate_ASN1 wolfSSL_use_certificate_ASN1 #define d2i_PKCS8_PRIV_KEY_INFO_bio wolfSSL_d2i_PKCS8_PKEY_bio #define d2i_PKCS8PrivateKey_bio wolfSSL_d2i_PKCS8PrivateKey_bio +#define i2d_PKCS8PrivateKey_bio wolfSSL_PEM_write_bio_PKCS8PrivateKey #define PKCS8_PRIV_KEY_INFO_free wolfSSL_EVP_PKEY_free #define d2i_PKCS12_fp wolfSSL_d2i_PKCS12_fp @@ -955,6 +956,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define SSL_num_renegotiations wolfSSL_num_renegotiations #define SSL_renegotiate wolfSSL_Rehandshake #define SSL_get_secure_renegotiation_support wolfSSL_SSL_get_secure_renegotiation_support +#define SSL_renegotiate_pending wolfSSL_SSL_renegotiate_pending #define SSL_set_tlsext_debug_arg wolfSSL_set_tlsext_debug_arg #define SSL_set_tlsext_status_type wolfSSL_set_tlsext_status_type #define SSL_set_tlsext_status_exts wolfSSL_set_tlsext_status_exts diff --git a/wolfssl/openssl/x509v3.h b/wolfssl/openssl/x509v3.h index 782578bdd..bd311e761 100644 --- a/wolfssl/openssl/x509v3.h +++ b/wolfssl/openssl/x509v3.h @@ -40,6 +40,7 @@ /* Forward reference */ typedef void *(*X509V3_EXT_D2I)(void *, const unsigned char **, long); +typedef int (*X509V3_EXT_I2D) (void *, unsigned char **); typedef STACK_OF(CONF_VALUE) *(*X509V3_EXT_I2V) ( struct WOLFSSL_v3_ext_method *method, void *ext, STACK_OF(CONF_VALUE) *extlist); @@ -53,6 +54,7 @@ struct WOLFSSL_v3_ext_method { int ext_flags; void *usr_data; X509V3_EXT_D2I d2i; + X509V3_EXT_I2D i2d; X509V3_EXT_I2V i2v; X509V3_EXT_I2S i2s; X509V3_EXT_I2R i2r; diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index d0abe090b..db3b81ee0 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1577,6 +1577,7 @@ WOLFSSL_API long wolfSSL_clear_options(WOLFSSL *s, long op); WOLFSSL_API long wolfSSL_clear_num_renegotiations(WOLFSSL *s); WOLFSSL_API long wolfSSL_total_renegotiations(WOLFSSL *s); WOLFSSL_API long wolfSSL_num_renegotiations(WOLFSSL* s); +WOLFSSL_API int wolfSSL_SSL_renegotiate_pending(WOLFSSL *s); WOLFSSL_API long wolfSSL_set_tmp_dh(WOLFSSL *s, WOLFSSL_DH *dh); WOLFSSL_API long wolfSSL_set_tlsext_debug_arg(WOLFSSL *s, void *arg); WOLFSSL_API long wolfSSL_set_tlsext_status_type(WOLFSSL *s, int type); @@ -3319,6 +3320,8 @@ WOLFSSL_API void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, WOLFSSL_API int wolfSSL_X509_get_ext_count(const WOLFSSL_X509* passedCert); WOLFSSL_API int wolfSSL_X509_get_ext_by_NID(const WOLFSSL_X509 *x, int nid, int lastpos); WOLFSSL_API int wolfSSL_X509_add_ext(WOLFSSL_X509 *x, WOLFSSL_X509_EXTENSION *ex, int loc); +WOLFSSL_API WOLFSSL_X509_EXTENSION *wolfSSL_X509V3_EXT_i2d(int nid, int crit, + void *data); WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509V3_EXT_conf_nid( WOLF_LHASH_OF(CONF_VALUE)* conf, WOLFSSL_X509V3_CTX* ctx, int nid, char* value);