feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Add link of newly created x509 store's certificate manager to self by default

Browse Source
This commit is contained in:
tim-weller-wolfssl
2022-10-31 10:14:21 -05:00
parent 922771bf05
commit 3bc3ec25b8
4 changed files with 120 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
certs/crl/0fdb2da4.r0 Normal file
View File

@@ -0,0 +1,41 @@
Certificate Revocation List (CRL):
Version 2 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
Last Update: Feb 15 12:50:27 2022 GMT
Next Update: Nov 11 12:50:27 2024 GMT
CRL extensions:
X509v3 CRL Number:
2
Revoked Certificates:
Serial Number: 02
Revocation Date: Feb 15 12:50:27 2022 GMT
Signature Algorithm: sha256WithRSAEncryption
43:e6:3b:30:0e:32:53:32:a4:08:3c:e5:d5:2e:f1:ce:e9:95:
ff:ba:d6:fe:2e:59:80:f8:0a:2f:cf:1e:e0:37:fe:ca:cc:33:
66:8b:ed:65:50:7d:44:92:d3:5c:52:9a:95:a5:9d:a5:4e:77:
8b:b4:7f:59:c8:7a:e0:eb:34:32:ae:a1:03:99:d2:3c:c0:f4:
7e:1c:87:4c:6c:5a:ba:0a:95:e8:a1:44:01:7b:8f:3e:a4:e3:
e8:1e:07:19:f0:09:7a:85:8f:f3:82:62:f8:1e:08:51:a3:60:
30:5b:06:c8:a2:b3:ff:aa:28:66:ad:fe:4b:81:49:30:ef:5f:
5d:ac:d9:ad:17:9f:2a:b6:22:d6:35:cc:9f:d9:11:26:dd:7a:
06:35:d0:d5:c7:41:6c:52:97:8c:aa:82:5a:e5:a8:58:d4:b7:
2b:31:84:34:15:bd:08:e4:9e:71:9e:c5:40:f8:02:a3:a0:1e:
4f:98:72:2b:eb:9e:8a:4e:01:83:88:e5:cb:6e:3b:52:e3:a9:
34:a1:7c:e4:79:2c:d1:e0:0b:74:22:ba:6d:cb:c3:a1:56:f9:
c9:f4:20:bf:00:49:df:6b:59:49:18:c7:75:27:8e:a1:5a:a6:
ff:f2:be:34:4a:c9:6d:6e:24:a3:1f:15:7e:34:90:b6:81:bf:
15:80:c3:ac
-----BEGIN X509 CRL-----
MIICBDCB7QIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMxEDAOBgNV
BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3Ro
MRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x
HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTIyMDIxNTEyNTAyN1oX
DTI0MTExMTEyNTAyN1owFDASAgECFw0yMjAyMTUxMjUwMjdaoA4wDDAKBgNVHRQE
AwIBAjANBgkqhkiG9w0BAQsFAAOCAQEAQ+Y7MA4yUzKkCDzl1S7xzumV/7rW/i5Z
gPgKL88e4Df+yswzZovtZVB9RJLTXFKalaWdpU53i7R/Wch64Os0Mq6hA5nSPMD0
fhyHTGxaugqV6KFEAXuPPqTj6B4HGfAJeoWP84Ji+B4IUaNgMFsGyKKz/6ooZq3+
S4FJMO9fXazZrRefKrYi1jXMn9kRJt16BjXQ1cdBbFKXjKqCWuWoWNS3KzGENBW9
COSecZ7FQPgCo6AeT5hyK+ueik4Bg4jly247UuOpNKF85Hks0eALdCK6bcvDoVb5
yfQgvwBJ32tZSRjHdSeOoVqm//K+NErJbW4kox8VfjSQtoG/FYDDrA==
-----END X509 CRL-----

1
certs/crl/include.am
View File

@@ -3,6 +3,7 @@
# #
EXTRA_DIST += \ EXTRA_DIST += \
certs/crl/0fdb2da4.r0 \
certs/crl/crl.pem \ certs/crl/crl.pem \
certs/crl/cliCrl.pem \ certs/crl/cliCrl.pem \
certs/crl/eccSrvCRL.pem \ certs/crl/eccSrvCRL.pem \

4
src/x509_str.c
View File

@@ -736,6 +736,10 @@ WOLFSSL_X509_STORE* wolfSSL_X509_STORE_new(void)
#endif #endif
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
/* Link store's new Certificate Manager to self by default */
store->cm->x509_store_p = store;
if ((store->param = (WOLFSSL_X509_VERIFY_PARAM*)XMALLOC( if ((store->param = (WOLFSSL_X509_VERIFY_PARAM*)XMALLOC(
sizeof(WOLFSSL_X509_VERIFY_PARAM), sizeof(WOLFSSL_X509_VERIFY_PARAM),
NULL, DYNAMIC_TYPE_OPENSSL)) == NULL) { NULL, DYNAMIC_TYPE_OPENSSL)) == NULL) {

76
tests/api.c
View File

@@ -437,7 +437,6 @@ static int testDevId = WOLFSSL_CAAM_DEVID;
static int testDevId = INVALID_DEVID; static int testDevId = INVALID_DEVID;
#endif #endif
/*----------------------------------------------------------------------------* /*----------------------------------------------------------------------------*
| Setup | Setup
*----------------------------------------------------------------------------*/ *----------------------------------------------------------------------------*/
@@ -50593,6 +50592,77 @@ static int test_wolfSSL_SMIME_write_PKCS7(void)
#endif /* HAVE_SMIME */ #endif /* HAVE_SMIME */
#endif /* !NO_BIO */ #endif /* !NO_BIO */
/* Test of X509 store use outside of SSL context w/ CRL lookup (ALWAYS
returns 0) */
static int test_X509_STORE_No_SSL_CTX(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && \
!defined(NO_WOLFSSL_DIR) && defined(HAVE_CRL) && \
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
(defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL))
X509_STORE *store;
X509_STORE_CTX *storeCtx;
X509_CRL *crl;
X509 *ca, *cert;
const char cliCrlPem[] = "./certs/crl/cliCrl.pem";
const char srvCert[] = "./certs/server-cert.pem";
const char caCert[] = "./certs/ca-cert.pem";
const char caDir[] = "./certs/crl";
XFILE fp;
X509_LOOKUP *lookup;
printf(testingFmt, "test_X509_STORE_No_SSL_CTX");
AssertNotNull(store = (X509_STORE *)X509_STORE_new());
/* Set up store with CA */
AssertNotNull((ca = wolfSSL_X509_load_certificate_file(caCert,
SSL_FILETYPE_PEM)));
AssertIntEQ(X509_STORE_add_cert(store, ca), SSL_SUCCESS);
/* Add CRL lookup directory to store
NOTE: test uses ./certs/crl/0fdb2da4.r0, which is a copy of crl.pem */
AssertNotNull((lookup = X509_STORE_add_lookup(store,
X509_LOOKUP_hash_dir())));
AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_ADD_DIR, caDir,
X509_FILETYPE_PEM, NULL), SSL_SUCCESS);
AssertIntEQ(X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK),
SSL_SUCCESS);
/* Add CRL to store NOT containing the verified certificate, which
forces use of the CRL lookup directory */
fp = XFOPEN(cliCrlPem, "rb");
AssertTrue((fp != XBADFILE));
AssertNotNull(crl = (X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)NULL,
NULL, NULL));
XFCLOSE(fp);
AssertIntEQ(X509_STORE_add_crl(store, crl), SSL_SUCCESS);
/* Create verification context outside of an SSL session */
AssertNotNull((storeCtx = X509_STORE_CTX_new()));
AssertNotNull((cert = wolfSSL_X509_load_certificate_file(srvCert,
SSL_FILETYPE_PEM)));
AssertIntEQ(X509_STORE_CTX_init(storeCtx, store, cert, NULL), SSL_SUCCESS);
/* Perform verification, which should NOT indicate CRL missing due to the
store CM's X509 store pointer being NULL */
AssertIntNE(X509_verify_cert(storeCtx), CRL_MISSING);
X509_CRL_free(crl);
X509_STORE_free(store);
X509_STORE_CTX_free(storeCtx);
X509_free(cert);
X509_free(ca);
printf(resultFmt, passed);
#endif
return 0;
}
/*----------------------------------------------------------------------------* /*----------------------------------------------------------------------------*
| Certificate Failure Checks | Certificate Failure Checks
*----------------------------------------------------------------------------*/ *----------------------------------------------------------------------------*/
@@ -56560,7 +56630,6 @@ static int test_stubs_are_stubs(void)
return 0; return 0;
} }
static int test_CONF_modules_xxx(void) static int test_CONF_modules_xxx(void)
{ {
#if defined(OPENSSL_EXTRA) #if defined(OPENSSL_EXTRA)
@@ -60730,6 +60799,9 @@ TEST_CASE testCases[] = {
#endif /* HAVE_SMIME */ #endif /* HAVE_SMIME */
#endif /* !NO_BIO */ #endif /* !NO_BIO */
/* OpenSSL compatibility outside SSL context w/ CRL lookup directory */
TEST_DECL(test_X509_STORE_No_SSL_CTX),
/* wolfCrypt ASN tests */ /* wolfCrypt ASN tests */
TEST_DECL(test_wc_CreateEncryptedPKCS8Key), TEST_DECL(test_wc_CreateEncryptedPKCS8Key),
TEST_DECL(test_wc_GetPkcs8TraditionalOffset), TEST_DECL(test_wc_GetPkcs8TraditionalOffset),