diff --git a/examples/client/client.c b/examples/client/client.c index 11f2c92b6..1944ea447 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -1121,7 +1121,7 @@ static const char* client_usage_msg[][67] = { "-8 Use X448 for key exchange\n", /* 66 */ #endif #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ - (defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ + (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) "-9 Use hash dir look up for certificate loading\n" " loading from /certs folder\n" @@ -1306,7 +1306,7 @@ static const char* client_usage_msg[][67] = { "-8 Use X448 for key exchange\n", /* 66 */ #endif #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ - (defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ + (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) "-9 証明書の読み込みに hash dir 機能を使用する\n" " /certs フォルダーからロードします\n" @@ -1488,7 +1488,7 @@ static void Usage(void) printf("%s", msg[++msgid]); /* -8 */ #endif #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ - (defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ + (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) printf("%s", msg[++msgid]); /* -9 */ #endif @@ -1627,7 +1627,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) const char* wnrConfigFile = wnrConfig; #endif #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ - (defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ + (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) int useCertFolder = 0; #endif @@ -2193,7 +2193,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) break; case '9' : #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ - (defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ + (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) useCertFolder = 1; break; @@ -2658,7 +2658,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) if (!usePsk && !useAnon && !useVerifyCb && myVerifyAction != VERIFY_FORCE_FAIL) { #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ - (defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ + (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) if (useCertFolder) { WOLFSSL_X509_STORE *store; @@ -2728,7 +2728,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) } #endif /* WOLFSSL_TRUST_PEER_CERT && !NO_FILESYSTEM */ #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ - (defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ + (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) } #endif diff --git a/examples/server/server.c b/examples/server/server.c index 092f86345..ae5fe4eab 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -707,7 +707,7 @@ static const char* server_usage_msg[][57] = { "-8 Pre-generate Key share using Curve448 only\n", /* 56 */ #endif #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ - (defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ + (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) "-9 Use hash dir look up for certificate loading\n" " loading from /certs folder\n" @@ -850,7 +850,7 @@ static const char* server_usage_msg[][57] = { "-8 Pre-generate Key share using Curve448 only\n", /* 56 */ #endif #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ - (defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ + (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) "-9 証明書の読み込みに hash dir 機能を使用する\n" " /certs フォルダーからロードします\n" @@ -991,7 +991,7 @@ static void Usage(void) printf("%s", msg[++msgId]); /* -8 */ #endif #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ - (defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ + (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) printf("%s", msg[++msgId]); /* -9 */ #endif @@ -1153,7 +1153,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) int disallowETM = 0; #endif #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ - (defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ + (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) int useCertFolder = 0; #endif @@ -1653,7 +1653,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) break; case '9' : #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ - (defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ + (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) useCertFolder = 1; break; @@ -2049,7 +2049,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) verify_flags |= WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY; #endif #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ - (defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ + (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) if (useCertFolder) { WOLFSSL_X509_STORE *store; @@ -2086,7 +2086,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) } #endif /* WOLFSSL_TRUST_PEER_CERT */ #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ - (defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ + (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) } #endif diff --git a/src/crl.c b/src/crl.c index 5d6c7da61..fd96c4390 100644 --- a/src/crl.c +++ b/src/crl.c @@ -365,7 +365,7 @@ int CheckCertCRL(WOLFSSL_CRL* crl, DecodedCert* cert) #endif #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ - (defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ + (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) if (foundEntry == 0) { if (crl->cm->x509_store_p != NULL) { diff --git a/src/internal.c b/src/internal.c index 3bb4c8eb7..01e905de7 100644 --- a/src/internal.c +++ b/src/internal.c @@ -1820,16 +1820,18 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap) return MEMORY_E; } XMEMSET(ctx->param, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM)); - /* WOLFSS_X509_LOOKUP */ + /* WOLFSSL_X509_LOOKUP */ if ((ctx->x509_store.lookup.dirs = (WOLFSSL_BY_DIR*)XMALLOC(sizeof(WOLFSSL_BY_DIR), heap, DYNAMIC_TYPE_OPENSSL)) == NULL) { WOLFSSL_MSG("ctx-x509_store.lookup.dir memory allocation error"); + XFREE(ctx->param, heap, DYNAMIC_TYPE_OPENSSL); return MEMORY_E; } XMEMSET(ctx->x509_store.lookup.dirs, 0, sizeof(WOLFSSL_BY_DIR)); if (wc_InitMutex(&ctx->x509_store.lookup.dirs->lock) != 0) { WOLFSSL_MSG("Bad mutex init"); + XFREE(ctx->param, heap, DYNAMIC_TYPE_OPENSSL); XFREE(ctx->x509_store.lookup.dirs, heap, DYNAMIC_TYPE_OPENSSL); return BAD_MUTEX_E; } @@ -10582,17 +10584,18 @@ static void FreeProcPeerCertArgs(WOLFSSL* ssl, void* pArgs) } } #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ - (defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ + (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) -/* load certificate file which has the form .(r)N[0..N] */ -/* in the folder. */ -/* (r), in the case of CRL file */ -/* @param store a pointer to X509_STORE structure */ -/* @param issuer a pointer to X509_NAME that presents issuer */ -/* @param type X509_LU_X509 or X509_LU_CRL */ +/* load certificate file which has the form .(r)N[0..N] */ +/* in the folder. */ +/* (r), in the case of CRL file */ +/* @param store a pointer to X509_STORE structure */ +/* @param issuer a pointer to X509_NAME that presents an issuer */ +/* @param type X509_LU_X509 or X509_LU_CRL */ +/* @return WOLFSSL_SUCCESS on successful, otherwise WOLFSSL_FAILURE */ int LoadCrlCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type) { - const int MAX_SUFFIX = 10; + const int MAX_SUFFIX = 10;/* The number comes from CA_TABLE_SIZE=10 */ int ret = WOLFSSL_SUCCESS; WOLFSSL_X509_LOOKUP* lookup = &store->lookup; WOLFSSL_BY_DIR_entry* entry; @@ -10622,7 +10625,7 @@ int LoadCrlCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type) retHash = wc_ShaHash((const byte*)pbuf, len, dgt); #endif if (retHash == 0) { - /* 4 bytes in small endian as unsigned long */ + /* 4 bytes in little endian as unsigned long */ hash = (((unsigned long)dgt[3] << 24) | ((unsigned long)dgt[2] << 16) | ((unsigned long)dgt[1] << 8) | @@ -10635,7 +10638,7 @@ int LoadCrlCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type) } /* try to load each hashed name file in path */ -#if !defined(NO_FILESYSTE) && !defined(NO_WOLFSSL_DIR) +#if !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) if (type == X509_LU_CRL) { post = "r"; @@ -10646,19 +10649,6 @@ int LoadCrlCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type) for (i=0; idirs->dir_entry, i); - /*/.(r)N\0 */ - /*112345678 1 1 1 1 => 13 */ - len = (int)XSTRLEN(entry->dir_name) + 13; - - if (filename != NULL) { - XFREE(filename, NULL, DYNAMIC_TYPE_OPENSSL); - } - - filename = (char*)XMALLOC(len, NULL, DYNAMIC_TYPE_OPENSSL); - if (filename == NULL) { - WOLFSSL_MSG("memory allcation error"); - return MEMORY_E; - } if (type == X509_LU_CRL && entry->hashes != NULL && wolfSSL_sk_BY_DIR_HASH_num(entry->hashes) > 0) { @@ -10682,7 +10672,25 @@ int LoadCrlCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type) wc_UnLockMutex(&lookup->dirs->lock); } - for (; suffix < MAX_SUFFIX;suffix++) { + /* Additional buffer length for file name memory allocation : */ + /* / .(r)N\0 */ + /*|1| 8 |1|1|1|1| => 13 */ + len = (int)XSTRLEN(entry->dir_name) + 13; + if (filename != NULL) { + XFREE(filename, NULL, DYNAMIC_TYPE_OPENSSL); + } + + filename = (char*)XMALLOC(len, NULL, DYNAMIC_TYPE_OPENSSL); + if (filename == NULL) { + WOLFSSL_MSG("memory allocation error"); + return MEMORY_E; + } + + /* set as FAILURE, if successfuly loading cert of CRL, this becomes */ + /* WOLFSSL_SUCCESS */ + ret = WOLFSSL_FAILURE; + + for (; suffix < MAX_SUFFIX; suffix++) { /* /folder-path/.(r)N[0..9] */ XSNPRINTF(filename, len, "%s/%08lx.%s%d", entry->dir_name, hash, post, suffix); @@ -10720,7 +10728,7 @@ int LoadCrlCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type) break; } - if (suffix == MAX_SUFFIX) { + if (ret != WOLFSSL_SUCCESS) { WOLFSSL_MSG("not found file"); ret = WOLFSSL_FAILURE; } else { @@ -11291,7 +11299,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, !ssl->options.verifyNone ? VERIFY : NO_VERIFY, &subjectHash, &alreadySigner); #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ - (defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ + (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) if (ret == ASN_NO_SIGNER_E) { WOLFSSL_MSG("try to load certificate if hash dir is set"); @@ -11312,7 +11320,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, !ssl->options.verifyNone ? VERIFY : NO_VERIFY, &subjectHash, &alreadySigner); } else - ret = ASN_NO_SIGNER_E; + ret = ASN_NO_SIGNER_E; } #endif #ifdef WOLFSSL_ASYNC_CRYPT @@ -11509,7 +11517,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, !ssl->options.verifyNone ? VERIFY : NO_VERIFY, &subjectHash, &alreadySigner); #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ - (defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ + (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) if (ret == ASN_NO_SIGNER_E) { WOLFSSL_MSG("try to load certificate if hash dir is set"); diff --git a/src/ssl.c b/src/ssl.c index 9e3ddef3a..ac8cef9fb 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -24829,6 +24829,13 @@ WOLFSSL_X509_LOOKUP_METHOD* wolfSSL_X509_LOOKUP_file(void) return &meth; } +/* set directory path to load certificate or CRL which have the hash.N form */ +/* for late use */ +/* @param ctx a pointer to WOLFSSL_BY_DIR structure */ +/* @param argc directory path */ +/* @param argl file type, either WOLFSSL_FILETYPE_PEM or */ +/* WOLFSSL_FILETYPE_ASN1 */ +/* @return WOLFSSL_SUCCESS on successful, othewise negative or zero */ static int x509AddCertDir(void *p, const char *argc, long argl) { WOLFSSL_ENTER("x509AddCertDir"); @@ -24885,6 +24892,9 @@ static int x509AddCertDir(void *p, const char *argc, long argl) if (ctx->dir_entry == NULL) { WOLFSSL_MSG("failed to allocate dir_entry"); + #ifdef WOLFSSL_SMALL_STACK + XFREE(buf, 0, DYNAMIC_TYPE_OPENSSL); + #endif return 0; } } @@ -24892,6 +24902,9 @@ static int x509AddCertDir(void *p, const char *argc, long argl) entry = wolfSSL_BY_DIR_entry_new(); if (entry == NULL) { WOLFSSL_MSG("failed to allocate dir entry"); + #ifdef WOLFSSL_SMALL_STACK + XFREE(buf, 0, DYNAMIC_TYPE_OPENSSL); + #endif return 0; } entry->dir_type = (int)argl; @@ -24901,6 +24914,9 @@ static int x509AddCertDir(void *p, const char *argc, long argl) if (entry->dir_name == NULL || entry->hashes == NULL) { WOLFSSL_MSG("failed to allocate dir name"); wolfSSL_BY_DIR_entry_free(entry); + #ifdef WOLFSSL_SMALL_STACK + XFREE(buf, 0, DYNAMIC_TYPE_OPENSSL); + #endif return 0; } @@ -24910,6 +24926,9 @@ static int x509AddCertDir(void *p, const char *argc, long argl) if (wolfSSL_sk_BY_DIR_entry_push(ctx->dir_entry, entry) != WOLFSSL_SUCCESS) { wolfSSL_BY_DIR_entry_free(entry); + #ifdef WOLFSSL_SMALL_STACK + XFREE(buf, 0, DYNAMIC_TYPE_OPENSSL); + #endif return 0; } } @@ -24935,20 +24954,25 @@ static int x509AddCertDir(void *p, const char *argc, long argl) #endif } +/* set additional data to X509_LOOKUP */ +/* @param ctx a pointer to X509_LOOKUP structure */ +/* @param cmd control command : */ +/* X509_L_FILE_LOAD, X509_L_ADD_DIR X509_L_ADD_STORE or */ +/* X509_L_LOAD_STORE */ +/* @param argc arguments for the control command */ +/* @param argl arguments for the control command */ +/* @param **ret return value of the control command */ +/* @return WOLFSSL_SUCCESS on successful, othewise WOLFSSL_FAILURE */ +/* note: WOLFSSL_X509_L_ADD_STORE and WOLFSSL_X509_L_LOAD_STORE have not*/ +/* yet implemented. It retutns WOLFSSL_NOT_IMPLEMENTED */ +/* when those control commands are passed. */ int wolfSSL_X509_LOOKUP_ctrl(WOLFSSL_X509_LOOKUP *ctx, int cmd, const char *argc, long argl, char **ret) { - /* control commands: - * X509_L_FILE_LOAD, X509_L_ADD_DIR - * X509_L_ADD_STORE, X509_L_LOAD_STORE - */ int lret = WOLFSSL_FAILURE; WOLFSSL_ENTER("wolfSSL_X509_LOOKUP_ctrl"); #if !defined(NO_FILESYSTEM) - /* returns FAILURE - *if the X509_LOOKUP doesn't have an associated X509_LOOKUP_METHOD */ - if (ctx != NULL) { switch (cmd) { case WOLFSSL_X509_L_FILE_LOAD: @@ -24990,7 +25014,7 @@ WOLFSSL_X509_LOOKUP* wolfSSL_X509_STORE_add_lookup(WOLFSSL_X509_STORE* store, WOLFSSL_X509_LOOKUP_METHOD* m) { WOLFSSL_ENTER("SSL_X509_STORE_add_lookup"); - if (store == NULL) + if (store == NULL || m == NULL) return NULL; /* Make sure the lookup has a back reference to the store. */ @@ -26311,7 +26335,11 @@ WOLFSSL_X509 *wolfSSL_d2i_X509_fp(XFILE fp, WOLFSSL_X509 **x509) WOLFSSL_ENTER("wolfSSL_d2i_X509_fp"); return (WOLFSSL_X509 *)wolfSSL_d2i_X509_fp_ex(fp, (void **)x509, CERT_TYPE); } - +/* load certificate or CRL file, and add it to the STORE */ +/* @param ctx a pointer to X509_LOOKUP structure */ +/* @param file file name to load */ +/* @param type WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1 */ +/* @return a number of loading CRL or certificate, otherwise zero */ WOLFSSL_API int wolfSSL_X509_load_cert_crl_file(WOLFSSL_X509_LOOKUP *ctx, const char *file, int type) { @@ -26324,8 +26352,14 @@ WOLFSSL_API int wolfSSL_X509_load_cert_crl_file(WOLFSSL_X509_LOOKUP *ctx, int cnt = 0; int num = 0; - WOLFSSL_ENTER("wolfSSL_X509_load_ceretificate_crl_file"); - + WOLFSSL_ENTER("wolfSSL_X509_load_cert_crl_file"); + + /* stanity check */ + if (ctx == NULL || file == NULL) { + WOLFSSL_MSG("bad arguments"); + return 0; + } + if (type != WOLFSSL_FILETYPE_PEM) { x509 = wolfSSL_X509_load_certificate_file(file, type); if (x509 != NULL) { @@ -41558,6 +41592,14 @@ static int ConvertNIDToWolfSSL(int nid) } #if defined(OPENSSL_ALL) +/* Convert ASN1 input string into canonical ASN1 string */ +/* , which has the following rules: */ +/* convert to UTF8 */ +/* convert to lower case */ +/* multi-spaces collapsed */ +/* @param asn_out a pointer to ASN1_STRING to be converted */ +/* @param asn_in a pointer to input ASN1_STRING */ +/* @return WOLFSSL_SUCCESS on successful converted, otherwise <=0 error code*/ static int wolfSSL_ASN1_STRING_canon(WOLFSSL_ASN1_STRING* asn_out, const WOLFSSL_ASN1_STRING* asn_in) { @@ -41565,6 +41607,14 @@ static int wolfSSL_ASN1_STRING_canon(WOLFSSL_ASN1_STRING* asn_out, char* src; int i, len; + WOLFSSL_ENTER("wolfSSL_ASN1_STRING_canon"); + + /* sanity check */ + if (asn_out == NULL || asn_in == NULL) { + WOLFSSL_MSG("invalid function arguments"); + return BAD_FUNC_ARG; + } + switch (asn_in->type) { case MBSTRING_UTF8: case V_ASN1_PRINTABLESTRING: @@ -41594,7 +41644,7 @@ static int wolfSSL_ASN1_STRING_canon(WOLFSSL_ASN1_STRING* asn_out, for (; (len > 0 && XISSPACE(*dst));len--) { dst--; } - for (; (len > 0 && XISSPACE(*src));len--){ + for (; (len > 0 && XISSPACE(*src));len--) { src++; } @@ -41618,16 +41668,15 @@ static int wolfSSL_ASN1_STRING_canon(WOLFSSL_ASN1_STRING* asn_out, return WOLFSSL_SUCCESS; } -/* this is to converts the x509 name structure into canonical DER format -* , which has the following rules: -* convert to UTF8 -* convert to lower case -* multi-spaces collapsed -* leading SEQUENCE hader is skipped -* @param name a pointer to X509_NAME that is to be converted -* @param out a pointer to conveted data -* @return a number of converted bytes, otherwise <0 error code -*/ +/* This is to convert the x509 name structure into canonical DER format */ +/* , which has the following rules: */ +/* convert to UTF8 */ +/* convert to lower case */ +/* multi-spaces collapsed */ +/* leading SEQUENCE hader is skipped */ +/* @param name a pointer to X509_NAME that is to be converted */ +/* @param out a pointer to conveted data */ +/* @return a number of converted bytes, otherwise <=0 error code */ int wolfSSL_i2d_X509_NAME_canon(WOLFSSL_X509_NAME* name, unsigned char** out) { int totalBytes = 0, i, idx; @@ -41661,8 +41710,12 @@ int wolfSSL_i2d_X509_NAME_canon(WOLFSSL_X509_NAME* name, unsigned char** out) WOLFSSL_ASN1_STRING* cano_data; cano_data = wolfSSL_ASN1_STRING_new(); - if (cano_data == NULL) + if (cano_data == NULL) { + #ifdef WOLFSSL_SMALL_STACK + XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER); + #endif return MEMORY_E; + } data = wolfSSL_X509_NAME_ENTRY_get_data(entry); if (data == NULL) { @@ -41678,7 +41731,7 @@ int wolfSSL_i2d_X509_NAME_canon(WOLFSSL_X509_NAME* name, unsigned char** out) } nameStr = (const char*)wolfSSL_ASN1_STRING_data(cano_data); - ret = wc_EncodeName_cano(&names[i], nameStr, CTC_UTF8, + ret = wc_EncodeNameCanonical(&names[i], nameStr, CTC_UTF8, ConvertNIDToWolfSSL(entry->nid)); if (ret < 0) { #ifdef WOLFSSL_SMALL_STACK @@ -46371,7 +46424,7 @@ int wolfSSL_sk_BY_DIR_HASH_find( /* return a number of WOLFSSL_BY_DIR_HASH in stack */ int wolfSSL_sk_BY_DIR_HASH_num(const WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *sk) { - WOLFSSL_ENTER("wolfSSL_sk_WOLFSSL_BY_DIR_HASH_num"); + WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_HASH_num"); if (sk == NULL) return -1; @@ -46421,8 +46474,10 @@ WOLFSSL_BY_DIR_HASH* wolfSSL_sk_BY_DIR_HASH_pop( return hash; } -/* release all contents in stack, and then release stack itself */ -/* it uses function when it is passed */ +/* release all contents in stack, and then release stack itself. */ +/* Second argument is a function pointer to release resouces. */ +/* It calls the function to release resouces when t is passed */ +/* instead of wolfSSL_BY_DIR_HASH_free(). */ void wolfSSL_sk_BY_DIR_HASH_pop_free(WOLF_STACK_OF(BY_DIR_HASH)* sk, void (*f) (WOLFSSL_BY_DIR_HASH*)) { diff --git a/tests/api.c b/tests/api.c index 823c4033b..8f7b7121b 100644 --- a/tests/api.c +++ b/tests/api.c @@ -28104,7 +28104,7 @@ static void test_wolfSSL_X509_Name_canon(void) #if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && !defined(NO_SHA) && \ defined(WOLFSSL_CERT_GEN) && \ - (defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) + (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) const long ex_hash1 = 0x0fdb2da4; const long ex_hash2 = 0x9f3e8c9e; diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index ed93c64f3..c2af80e85 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -13174,7 +13174,7 @@ static int wc_EncodeName_ex(EncodedName* name, const char* nameStr, char nameTyp } /* canonical encoding one attribute of the name (issuer/subject) - * call we_EncodeName_ex with CTC_UTF8 for email type + * call wc_EncodeName_ex with CTC_UTF8 for email type * * name structure to hold result of encoding * nameStr value to be encoded @@ -13183,7 +13183,7 @@ static int wc_EncodeName_ex(EncodedName* name, const char* nameStr, char nameTyp * * returns length on success */ -int wc_EncodeName_cano(EncodedName* name, const char* nameStr, char nameType, +int wc_EncodeNameCanonical(EncodedName* name, const char* nameStr, char nameType, byte type) { return wc_EncodeName_ex(name, nameStr, nameType, type, 0x0c/* CTC_UTF8 */); diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index aada029ae..3a30d198a 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -427,7 +427,7 @@ int wc_FileExists(const char* fname) if (XSTAT(fname, &ctx.s) != 0) { WOLFSSL_MSG("stat on name failed"); return BAD_PATH_ERROR; - }else + } else #if defined(USE_WINDOWS_API) if (ctx.s.st_mode & _S_IFREG) { return 0; diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 2b5a492b3..14a95d165 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -4819,7 +4819,7 @@ WOLFSSL_LOCAL void FreeKey(WOLFSSL* ssl, int type, void** pKey); #endif #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ - (defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ + (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) WOLFSSL_LOCAL int LoadCrlCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int Type); diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 1ad8176b2..446148a7a 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -1173,7 +1173,7 @@ WOLFSSL_LOCAL int wc_OBJ_sn2nid(const char *sn); WOLFSSL_LOCAL int wc_EncodeName(EncodedName* name, const char* nameStr, char nameType, byte type); -WOLFSSL_LOCAL int wc_EncodeName_cano(EncodedName* name, const char* nameStr, +WOLFSSL_LOCAL int wc_EncodeNameCanonical(EncodedName* name, const char* nameStr, char nameType, byte type); /* ASN.1 helper functions */ #ifdef WOLFSSL_CERT_GEN diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h index e91e64d25..3da8f90c8 100644 --- a/wolfssl/wolfcrypt/wc_port.h +++ b/wolfssl/wolfcrypt/wc_port.h @@ -684,8 +684,10 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); #define SEPARATOR_CHAR ';' #elif defined(WOLFSSL_ZEPHYR) #define XSTAT fs_stat + #define SEPARATOR_CHAR ':' #elif defined(WOLFSSL_TELIT_M2MB) #define XSTAT m2mb_fs_stat + #define SEPARATOR_CHAR ':' #else #include #include