feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

addressed review comments part 1

Browse Source
This commit is contained in:
Hideki Miyazaki
2021-03-11 15:43:54 +09:00
parent f9c9de5855
commit 4650aaf4fb
11 changed files with 142 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
examples/client/client.c
View File

@@ -1121,7 +1121,7 @@ static const char* client_usage_msg[][67] = {
"-8 Use X448 for key exchange\n", /* 66 */ "-8 Use X448 for key exchange\n", /* 66 */
#endif #endif
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
(defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
"-9 Use hash dir look up for certificate loading\n" "-9 Use hash dir look up for certificate loading\n"
" loading from <wolfSSL home>/certs folder\n" " loading from <wolfSSL home>/certs folder\n"
@@ -1306,7 +1306,7 @@ static const char* client_usage_msg[][67] = {
"-8 Use X448 for key exchange\n", /* 66 */ "-8 Use X448 for key exchange\n", /* 66 */
#endif #endif
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
(defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
"-9 証明書の読み込みに hash dir 機能を使用する\n" "-9 証明書の読み込みに hash dir 機能を使用する\n"
" <wolfSSL home>/certs フォルダーからロードします\n" " <wolfSSL home>/certs フォルダーからロードします\n"
@@ -1488,7 +1488,7 @@ static void Usage(void)
printf("%s", msg[++msgid]); /* -8 */ printf("%s", msg[++msgid]); /* -8 */
#endif #endif
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
(defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
printf("%s", msg[++msgid]); /* -9 */ printf("%s", msg[++msgid]); /* -9 */
#endif #endif
@@ -1627,7 +1627,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
const char* wnrConfigFile = wnrConfig; const char* wnrConfigFile = wnrConfig;
#endif #endif
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
(defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
int useCertFolder = 0; int useCertFolder = 0;
#endif #endif
@@ -2193,7 +2193,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
break; break;
case '9' : case '9' :
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
(defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
useCertFolder = 1; useCertFolder = 1;
break; break;
@@ -2658,7 +2658,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
if (!usePsk && !useAnon && !useVerifyCb && myVerifyAction != VERIFY_FORCE_FAIL) { if (!usePsk && !useAnon && !useVerifyCb && myVerifyAction != VERIFY_FORCE_FAIL) {
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
(defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
if (useCertFolder) { if (useCertFolder) {
WOLFSSL_X509_STORE *store; WOLFSSL_X509_STORE *store;
@@ -2728,7 +2728,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
} }
#endif /* WOLFSSL_TRUST_PEER_CERT && !NO_FILESYSTEM */ #endif /* WOLFSSL_TRUST_PEER_CERT && !NO_FILESYSTEM */
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
(defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
} }
#endif #endif

14
examples/server/server.c
View File

@@ -707,7 +707,7 @@ static const char* server_usage_msg[][57] = {
"-8 Pre-generate Key share using Curve448 only\n", /* 56 */ "-8 Pre-generate Key share using Curve448 only\n", /* 56 */
#endif #endif
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
(defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
"-9 Use hash dir look up for certificate loading\n" "-9 Use hash dir look up for certificate loading\n"
" loading from <wolfSSL home>/certs folder\n" " loading from <wolfSSL home>/certs folder\n"
@@ -850,7 +850,7 @@ static const char* server_usage_msg[][57] = {
"-8 Pre-generate Key share using Curve448 only\n", /* 56 */ "-8 Pre-generate Key share using Curve448 only\n", /* 56 */
#endif #endif
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
(defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
"-9 証明書の読み込みに hash dir 機能を使用する\n" "-9 証明書の読み込みに hash dir 機能を使用する\n"
" <wolfSSL home>/certs フォルダーからロードします\n" " <wolfSSL home>/certs フォルダーからロードします\n"
@@ -991,7 +991,7 @@ static void Usage(void)
printf("%s", msg[++msgId]); /* -8 */ printf("%s", msg[++msgId]); /* -8 */
#endif #endif
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
(defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
printf("%s", msg[++msgId]); /* -9 */ printf("%s", msg[++msgId]); /* -9 */
#endif #endif
@@ -1153,7 +1153,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
int disallowETM = 0; int disallowETM = 0;
#endif #endif
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
(defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
int useCertFolder = 0; int useCertFolder = 0;
#endif #endif
@@ -1653,7 +1653,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
break; break;
case '9' : case '9' :
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
(defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
useCertFolder = 1; useCertFolder = 1;
break; break;
@@ -2049,7 +2049,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
verify_flags |= WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY; verify_flags |= WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY;
#endif #endif
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
(defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
if (useCertFolder) { if (useCertFolder) {
WOLFSSL_X509_STORE *store; WOLFSSL_X509_STORE *store;
@@ -2086,7 +2086,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
} }
#endif /* WOLFSSL_TRUST_PEER_CERT */ #endif /* WOLFSSL_TRUST_PEER_CERT */
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
(defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
} }
#endif #endif

2
src/crl.c
View File

@@ -365,7 +365,7 @@ int CheckCertCRL(WOLFSSL_CRL* crl, DecodedCert* cert)
#endif #endif
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
(defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
if (foundEntry == 0) { if (foundEntry == 0) {
if (crl->cm->x509_store_p != NULL) { if (crl->cm->x509_store_p != NULL) {

66
src/internal.c
View File

@@ -1820,16 +1820,18 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap)
return MEMORY_E; return MEMORY_E;
} }
XMEMSET(ctx->param, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM)); XMEMSET(ctx->param, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM));
/* WOLFSS_X509_LOOKUP */ /* WOLFSSL_X509_LOOKUP */
if ((ctx->x509_store.lookup.dirs = if ((ctx->x509_store.lookup.dirs =
(WOLFSSL_BY_DIR*)XMALLOC(sizeof(WOLFSSL_BY_DIR), (WOLFSSL_BY_DIR*)XMALLOC(sizeof(WOLFSSL_BY_DIR),
heap, DYNAMIC_TYPE_OPENSSL)) == NULL) { heap, DYNAMIC_TYPE_OPENSSL)) == NULL) {
WOLFSSL_MSG("ctx-x509_store.lookup.dir memory allocation error"); WOLFSSL_MSG("ctx-x509_store.lookup.dir memory allocation error");
XFREE(ctx->param, heap, DYNAMIC_TYPE_OPENSSL);
return MEMORY_E; return MEMORY_E;
} }
XMEMSET(ctx->x509_store.lookup.dirs, 0, sizeof(WOLFSSL_BY_DIR)); XMEMSET(ctx->x509_store.lookup.dirs, 0, sizeof(WOLFSSL_BY_DIR));
if (wc_InitMutex(&ctx->x509_store.lookup.dirs->lock) != 0) { if (wc_InitMutex(&ctx->x509_store.lookup.dirs->lock) != 0) {
WOLFSSL_MSG("Bad mutex init"); WOLFSSL_MSG("Bad mutex init");
XFREE(ctx->param, heap, DYNAMIC_TYPE_OPENSSL);
XFREE(ctx->x509_store.lookup.dirs, heap, DYNAMIC_TYPE_OPENSSL); XFREE(ctx->x509_store.lookup.dirs, heap, DYNAMIC_TYPE_OPENSSL);
return BAD_MUTEX_E; return BAD_MUTEX_E;
} }
@@ -10582,17 +10584,18 @@ static void FreeProcPeerCertArgs(WOLFSSL* ssl, void* pArgs)
} }
} }
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
(defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
/* load certificate file which has the form <hash>.(r)N[0..N] */ /* load certificate file which has the form <hash>.(r)N[0..N] */
/* in the folder. */ /* in the folder. */
/* (r), in the case of CRL file */ /* (r), in the case of CRL file */
/* @param store a pointer to X509_STORE structure */ /* @param store a pointer to X509_STORE structure */
/* @param issuer a pointer to X509_NAME that presents issuer */ /* @param issuer a pointer to X509_NAME that presents an issuer */
/* @param type X509_LU_X509 or X509_LU_CRL */ /* @param type X509_LU_X509 or X509_LU_CRL */
/* @return WOLFSSL_SUCCESS on successful, otherwise WOLFSSL_FAILURE */
int LoadCrlCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type) int LoadCrlCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type)
{ {
const int MAX_SUFFIX = 10; const int MAX_SUFFIX = 10;/* The number comes from CA_TABLE_SIZE=10 */
int ret = WOLFSSL_SUCCESS; int ret = WOLFSSL_SUCCESS;
WOLFSSL_X509_LOOKUP* lookup = &store->lookup; WOLFSSL_X509_LOOKUP* lookup = &store->lookup;
WOLFSSL_BY_DIR_entry* entry; WOLFSSL_BY_DIR_entry* entry;
@@ -10622,7 +10625,7 @@ int LoadCrlCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type)
retHash = wc_ShaHash((const byte*)pbuf, len, dgt); retHash = wc_ShaHash((const byte*)pbuf, len, dgt);
#endif #endif
if (retHash == 0) { if (retHash == 0) {
/* 4 bytes in small endian as unsigned long */ /* 4 bytes in little endian as unsigned long */
hash = (((unsigned long)dgt[3] << 24) | hash = (((unsigned long)dgt[3] << 24) |
((unsigned long)dgt[2] << 16) | ((unsigned long)dgt[2] << 16) |
((unsigned long)dgt[1] << 8) | ((unsigned long)dgt[1] << 8) |
@@ -10635,7 +10638,7 @@ int LoadCrlCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type)
} }
/* try to load each hashed name file in path */ /* try to load each hashed name file in path */
#if !defined(NO_FILESYSTE) && !defined(NO_WOLFSSL_DIR) #if !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
if (type == X509_LU_CRL) { if (type == X509_LU_CRL) {
post = "r"; post = "r";
@@ -10646,19 +10649,6 @@ int LoadCrlCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type)
for (i=0; i<num; i++) { for (i=0; i<num; i++) {
entry = wolfSSL_sk_BY_DIR_entry_value(lookup->dirs->dir_entry, i); entry = wolfSSL_sk_BY_DIR_entry_value(lookup->dirs->dir_entry, i);
/*/<hash value:8>.(r)N\0 */
/*112345678 1 1 1 1 => 13 */
len = (int)XSTRLEN(entry->dir_name) + 13;
if (filename != NULL) {
XFREE(filename, NULL, DYNAMIC_TYPE_OPENSSL);
}
filename = (char*)XMALLOC(len, NULL, DYNAMIC_TYPE_OPENSSL);
if (filename == NULL) {
WOLFSSL_MSG("memory allcation error");
return MEMORY_E;
}
if (type == X509_LU_CRL && entry->hashes != NULL && if (type == X509_LU_CRL && entry->hashes != NULL &&
wolfSSL_sk_BY_DIR_HASH_num(entry->hashes) > 0) { wolfSSL_sk_BY_DIR_HASH_num(entry->hashes) > 0) {
@@ -10682,7 +10672,25 @@ int LoadCrlCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type)
wc_UnLockMutex(&lookup->dirs->lock); wc_UnLockMutex(&lookup->dirs->lock);
} }
for (; suffix < MAX_SUFFIX;suffix++) { /* Additional buffer length for file name memory allocation : */
/* / <hashvalue>.(r)N\0 */
/*|1| 8 |1|1|1|1| => 13 */
len = (int)XSTRLEN(entry->dir_name) + 13;
if (filename != NULL) {
XFREE(filename, NULL, DYNAMIC_TYPE_OPENSSL);
}
filename = (char*)XMALLOC(len, NULL, DYNAMIC_TYPE_OPENSSL);
if (filename == NULL) {
WOLFSSL_MSG("memory allocation error");
return MEMORY_E;
}
/* set as FAILURE, if successfuly loading cert of CRL, this becomes */
/* WOLFSSL_SUCCESS */
ret = WOLFSSL_FAILURE;
for (; suffix < MAX_SUFFIX; suffix++) {
/* /folder-path/<hash>.(r)N[0..9] */ /* /folder-path/<hash>.(r)N[0..9] */
XSNPRINTF(filename, len, "%s/%08lx.%s%d", entry->dir_name, XSNPRINTF(filename, len, "%s/%08lx.%s%d", entry->dir_name,
hash, post, suffix); hash, post, suffix);
@@ -10720,7 +10728,7 @@ int LoadCrlCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type)
break; break;
} }
if (suffix == MAX_SUFFIX) { if (ret != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("not found file"); WOLFSSL_MSG("not found file");
ret = WOLFSSL_FAILURE; ret = WOLFSSL_FAILURE;
} else { } else {
@@ -11291,7 +11299,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
!ssl->options.verifyNone ? VERIFY : NO_VERIFY, !ssl->options.verifyNone ? VERIFY : NO_VERIFY,
&subjectHash, &alreadySigner); &subjectHash, &alreadySigner);
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
(defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
if (ret == ASN_NO_SIGNER_E) { if (ret == ASN_NO_SIGNER_E) {
WOLFSSL_MSG("try to load certificate if hash dir is set"); WOLFSSL_MSG("try to load certificate if hash dir is set");
@@ -11312,7 +11320,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
!ssl->options.verifyNone ? VERIFY : NO_VERIFY, !ssl->options.verifyNone ? VERIFY : NO_VERIFY,
&subjectHash, &alreadySigner); &subjectHash, &alreadySigner);
} else } else
ret = ASN_NO_SIGNER_E; ret = ASN_NO_SIGNER_E;
} }
#endif #endif
#ifdef WOLFSSL_ASYNC_CRYPT #ifdef WOLFSSL_ASYNC_CRYPT
@@ -11509,7 +11517,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
!ssl->options.verifyNone ? VERIFY : NO_VERIFY, !ssl->options.verifyNone ? VERIFY : NO_VERIFY,
&subjectHash, &alreadySigner); &subjectHash, &alreadySigner);
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
(defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
if (ret == ASN_NO_SIGNER_E) { if (ret == ASN_NO_SIGNER_E) {
WOLFSSL_MSG("try to load certificate if hash dir is set"); WOLFSSL_MSG("try to load certificate if hash dir is set");

107
src/ssl.c
View File

@@ -24829,6 +24829,13 @@ WOLFSSL_X509_LOOKUP_METHOD* wolfSSL_X509_LOOKUP_file(void)
return &meth; return &meth;
} }
/* set directory path to load certificate or CRL which have the hash.N form */
/* for late use */
/* @param ctx a pointer to WOLFSSL_BY_DIR structure */
/* @param argc directory path */
/* @param argl file type, either WOLFSSL_FILETYPE_PEM or */
/* WOLFSSL_FILETYPE_ASN1 */
/* @return WOLFSSL_SUCCESS on successful, othewise negative or zero */
static int x509AddCertDir(void *p, const char *argc, long argl) static int x509AddCertDir(void *p, const char *argc, long argl)
{ {
WOLFSSL_ENTER("x509AddCertDir"); WOLFSSL_ENTER("x509AddCertDir");
@@ -24885,6 +24892,9 @@ static int x509AddCertDir(void *p, const char *argc, long argl)
if (ctx->dir_entry == NULL) { if (ctx->dir_entry == NULL) {
WOLFSSL_MSG("failed to allocate dir_entry"); WOLFSSL_MSG("failed to allocate dir_entry");
#ifdef WOLFSSL_SMALL_STACK
XFREE(buf, 0, DYNAMIC_TYPE_OPENSSL);
#endif
return 0; return 0;
} }
} }
@@ -24892,6 +24902,9 @@ static int x509AddCertDir(void *p, const char *argc, long argl)
entry = wolfSSL_BY_DIR_entry_new(); entry = wolfSSL_BY_DIR_entry_new();
if (entry == NULL) { if (entry == NULL) {
WOLFSSL_MSG("failed to allocate dir entry"); WOLFSSL_MSG("failed to allocate dir entry");
#ifdef WOLFSSL_SMALL_STACK
XFREE(buf, 0, DYNAMIC_TYPE_OPENSSL);
#endif
return 0; return 0;
} }
entry->dir_type = (int)argl; entry->dir_type = (int)argl;
@@ -24901,6 +24914,9 @@ static int x509AddCertDir(void *p, const char *argc, long argl)
if (entry->dir_name == NULL || entry->hashes == NULL) { if (entry->dir_name == NULL || entry->hashes == NULL) {
WOLFSSL_MSG("failed to allocate dir name"); WOLFSSL_MSG("failed to allocate dir name");
wolfSSL_BY_DIR_entry_free(entry); wolfSSL_BY_DIR_entry_free(entry);
#ifdef WOLFSSL_SMALL_STACK
XFREE(buf, 0, DYNAMIC_TYPE_OPENSSL);
#endif
return 0; return 0;
} }
@@ -24910,6 +24926,9 @@ static int x509AddCertDir(void *p, const char *argc, long argl)
if (wolfSSL_sk_BY_DIR_entry_push(ctx->dir_entry, entry) if (wolfSSL_sk_BY_DIR_entry_push(ctx->dir_entry, entry)
!= WOLFSSL_SUCCESS) { != WOLFSSL_SUCCESS) {
wolfSSL_BY_DIR_entry_free(entry); wolfSSL_BY_DIR_entry_free(entry);
#ifdef WOLFSSL_SMALL_STACK
XFREE(buf, 0, DYNAMIC_TYPE_OPENSSL);
#endif
return 0; return 0;
} }
} }
@@ -24935,20 +24954,25 @@ static int x509AddCertDir(void *p, const char *argc, long argl)
#endif #endif
} }
/* set additional data to X509_LOOKUP */
/* @param ctx a pointer to X509_LOOKUP structure */
/* @param cmd control command : */
/* X509_L_FILE_LOAD, X509_L_ADD_DIR X509_L_ADD_STORE or */
/* X509_L_LOAD_STORE */
/* @param argc arguments for the control command */
/* @param argl arguments for the control command */
/* @param **ret return value of the control command */
/* @return WOLFSSL_SUCCESS on successful, othewise WOLFSSL_FAILURE */
/* note: WOLFSSL_X509_L_ADD_STORE and WOLFSSL_X509_L_LOAD_STORE have not*/
/* yet implemented. It retutns WOLFSSL_NOT_IMPLEMENTED */
/* when those control commands are passed. */
int wolfSSL_X509_LOOKUP_ctrl(WOLFSSL_X509_LOOKUP *ctx, int cmd, int wolfSSL_X509_LOOKUP_ctrl(WOLFSSL_X509_LOOKUP *ctx, int cmd,
const char *argc, long argl, char **ret) const char *argc, long argl, char **ret)
{ {
/* control commands:
* X509_L_FILE_LOAD, X509_L_ADD_DIR
* X509_L_ADD_STORE, X509_L_LOAD_STORE
*/
int lret = WOLFSSL_FAILURE; int lret = WOLFSSL_FAILURE;
WOLFSSL_ENTER("wolfSSL_X509_LOOKUP_ctrl"); WOLFSSL_ENTER("wolfSSL_X509_LOOKUP_ctrl");
#if !defined(NO_FILESYSTEM) #if !defined(NO_FILESYSTEM)
/* returns FAILURE
*if the X509_LOOKUP doesn't have an associated X509_LOOKUP_METHOD */
if (ctx != NULL) { if (ctx != NULL) {
switch (cmd) { switch (cmd) {
case WOLFSSL_X509_L_FILE_LOAD: case WOLFSSL_X509_L_FILE_LOAD:
@@ -24990,7 +25014,7 @@ WOLFSSL_X509_LOOKUP* wolfSSL_X509_STORE_add_lookup(WOLFSSL_X509_STORE* store,
WOLFSSL_X509_LOOKUP_METHOD* m) WOLFSSL_X509_LOOKUP_METHOD* m)
{ {
WOLFSSL_ENTER("SSL_X509_STORE_add_lookup"); WOLFSSL_ENTER("SSL_X509_STORE_add_lookup");
if (store == NULL) if (store == NULL || m == NULL)
return NULL; return NULL;
/* Make sure the lookup has a back reference to the store. */ /* Make sure the lookup has a back reference to the store. */
@@ -26311,7 +26335,11 @@ WOLFSSL_X509 *wolfSSL_d2i_X509_fp(XFILE fp, WOLFSSL_X509 **x509)
WOLFSSL_ENTER("wolfSSL_d2i_X509_fp"); WOLFSSL_ENTER("wolfSSL_d2i_X509_fp");
return (WOLFSSL_X509 *)wolfSSL_d2i_X509_fp_ex(fp, (void **)x509, CERT_TYPE); return (WOLFSSL_X509 *)wolfSSL_d2i_X509_fp_ex(fp, (void **)x509, CERT_TYPE);
} }
/* load certificate or CRL file, and add it to the STORE */
/* @param ctx a pointer to X509_LOOKUP structure */
/* @param file file name to load */
/* @param type WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1 */
/* @return a number of loading CRL or certificate, otherwise zero */
WOLFSSL_API int wolfSSL_X509_load_cert_crl_file(WOLFSSL_X509_LOOKUP *ctx, WOLFSSL_API int wolfSSL_X509_load_cert_crl_file(WOLFSSL_X509_LOOKUP *ctx,
const char *file, int type) const char *file, int type)
{ {
@@ -26324,7 +26352,13 @@ WOLFSSL_API int wolfSSL_X509_load_cert_crl_file(WOLFSSL_X509_LOOKUP *ctx,
int cnt = 0; int cnt = 0;
int num = 0; int num = 0;
WOLFSSL_ENTER("wolfSSL_X509_load_ceretificate_crl_file"); WOLFSSL_ENTER("wolfSSL_X509_load_cert_crl_file");
/* stanity check */
if (ctx == NULL || file == NULL) {
WOLFSSL_MSG("bad arguments");
return 0;
}
if (type != WOLFSSL_FILETYPE_PEM) { if (type != WOLFSSL_FILETYPE_PEM) {
x509 = wolfSSL_X509_load_certificate_file(file, type); x509 = wolfSSL_X509_load_certificate_file(file, type);
@@ -41558,6 +41592,14 @@ static int ConvertNIDToWolfSSL(int nid)
} }
#if defined(OPENSSL_ALL) #if defined(OPENSSL_ALL)
/* Convert ASN1 input string into canonical ASN1 string */
/* , which has the following rules: */
/* convert to UTF8 */
/* convert to lower case */
/* multi-spaces collapsed */
/* @param asn_out a pointer to ASN1_STRING to be converted */
/* @param asn_in a pointer to input ASN1_STRING */
/* @return WOLFSSL_SUCCESS on successful converted, otherwise <=0 error code*/
static int wolfSSL_ASN1_STRING_canon(WOLFSSL_ASN1_STRING* asn_out, static int wolfSSL_ASN1_STRING_canon(WOLFSSL_ASN1_STRING* asn_out,
const WOLFSSL_ASN1_STRING* asn_in) const WOLFSSL_ASN1_STRING* asn_in)
{ {
@@ -41565,6 +41607,14 @@ static int wolfSSL_ASN1_STRING_canon(WOLFSSL_ASN1_STRING* asn_out,
char* src; char* src;
int i, len; int i, len;
WOLFSSL_ENTER("wolfSSL_ASN1_STRING_canon");
/* sanity check */
if (asn_out == NULL || asn_in == NULL) {
WOLFSSL_MSG("invalid function arguments");
return BAD_FUNC_ARG;
}
switch (asn_in->type) { switch (asn_in->type) {
case MBSTRING_UTF8: case MBSTRING_UTF8:
case V_ASN1_PRINTABLESTRING: case V_ASN1_PRINTABLESTRING:
@@ -41594,7 +41644,7 @@ static int wolfSSL_ASN1_STRING_canon(WOLFSSL_ASN1_STRING* asn_out,
for (; (len > 0 && XISSPACE(*dst));len--) { for (; (len > 0 && XISSPACE(*dst));len--) {
dst--; dst--;
} }
for (; (len > 0 && XISSPACE(*src));len--){ for (; (len > 0 && XISSPACE(*src));len--) {
src++; src++;
} }
@@ -41618,16 +41668,15 @@ static int wolfSSL_ASN1_STRING_canon(WOLFSSL_ASN1_STRING* asn_out,
return WOLFSSL_SUCCESS; return WOLFSSL_SUCCESS;
} }
/* this is to converts the x509 name structure into canonical DER format /* This is to convert the x509 name structure into canonical DER format */
* , which has the following rules: /* , which has the following rules: */
* convert to UTF8 /* convert to UTF8 */
* convert to lower case /* convert to lower case */
* multi-spaces collapsed /* multi-spaces collapsed */
* leading SEQUENCE hader is skipped /* leading SEQUENCE hader is skipped */
* @param name a pointer to X509_NAME that is to be converted /* @param name a pointer to X509_NAME that is to be converted */
* @param out a pointer to conveted data /* @param out a pointer to conveted data */
* @return a number of converted bytes, otherwise <0 error code /* @return a number of converted bytes, otherwise <=0 error code */
*/
int wolfSSL_i2d_X509_NAME_canon(WOLFSSL_X509_NAME* name, unsigned char** out) int wolfSSL_i2d_X509_NAME_canon(WOLFSSL_X509_NAME* name, unsigned char** out)
{ {
int totalBytes = 0, i, idx; int totalBytes = 0, i, idx;
@@ -41661,8 +41710,12 @@ int wolfSSL_i2d_X509_NAME_canon(WOLFSSL_X509_NAME* name, unsigned char** out)
WOLFSSL_ASN1_STRING* cano_data; WOLFSSL_ASN1_STRING* cano_data;
cano_data = wolfSSL_ASN1_STRING_new(); cano_data = wolfSSL_ASN1_STRING_new();
if (cano_data == NULL) if (cano_data == NULL) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return MEMORY_E; return MEMORY_E;
}
data = wolfSSL_X509_NAME_ENTRY_get_data(entry); data = wolfSSL_X509_NAME_ENTRY_get_data(entry);
if (data == NULL) { if (data == NULL) {
@@ -41678,7 +41731,7 @@ int wolfSSL_i2d_X509_NAME_canon(WOLFSSL_X509_NAME* name, unsigned char** out)
} }
nameStr = (const char*)wolfSSL_ASN1_STRING_data(cano_data); nameStr = (const char*)wolfSSL_ASN1_STRING_data(cano_data);
ret = wc_EncodeName_cano(&names[i], nameStr, CTC_UTF8, ret = wc_EncodeNameCanonical(&names[i], nameStr, CTC_UTF8,
ConvertNIDToWolfSSL(entry->nid)); ConvertNIDToWolfSSL(entry->nid));
if (ret < 0) { if (ret < 0) {
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
@@ -46371,7 +46424,7 @@ int wolfSSL_sk_BY_DIR_HASH_find(
/* return a number of WOLFSSL_BY_DIR_HASH in stack */ /* return a number of WOLFSSL_BY_DIR_HASH in stack */
int wolfSSL_sk_BY_DIR_HASH_num(const WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *sk) int wolfSSL_sk_BY_DIR_HASH_num(const WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *sk)
{ {
WOLFSSL_ENTER("wolfSSL_sk_WOLFSSL_BY_DIR_HASH_num"); WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_HASH_num");
if (sk == NULL) if (sk == NULL)
return -1; return -1;
@@ -46421,8 +46474,10 @@ WOLFSSL_BY_DIR_HASH* wolfSSL_sk_BY_DIR_HASH_pop(
return hash; return hash;
} }
/* release all contents in stack, and then release stack itself */ /* release all contents in stack, and then release stack itself. */
/* it uses function when it is passed */ /* Second argument is a function pointer to release resouces. */
/* It calls the function to release resouces when t is passed */
/* instead of wolfSSL_BY_DIR_HASH_free(). */
void wolfSSL_sk_BY_DIR_HASH_pop_free(WOLF_STACK_OF(BY_DIR_HASH)* sk, void wolfSSL_sk_BY_DIR_HASH_pop_free(WOLF_STACK_OF(BY_DIR_HASH)* sk,
void (*f) (WOLFSSL_BY_DIR_HASH*)) void (*f) (WOLFSSL_BY_DIR_HASH*))
{ {

2
tests/api.c
View File

@@ -28104,7 +28104,7 @@ static void test_wolfSSL_X509_Name_canon(void)
#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \ #if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && !defined(NO_SHA) && \ !defined(NO_FILESYSTEM) && !defined(NO_SHA) && \
defined(WOLFSSL_CERT_GEN) && \ defined(WOLFSSL_CERT_GEN) && \
(defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT))
const long ex_hash1 = 0x0fdb2da4; const long ex_hash1 = 0x0fdb2da4;
const long ex_hash2 = 0x9f3e8c9e; const long ex_hash2 = 0x9f3e8c9e;

4
wolfcrypt/src/asn.c
View File

@@ -13174,7 +13174,7 @@ static int wc_EncodeName_ex(EncodedName* name, const char* nameStr, char nameTyp
} }
/* canonical encoding one attribute of the name (issuer/subject) /* canonical encoding one attribute of the name (issuer/subject)
* call we_EncodeName_ex with CTC_UTF8 for email type * call wc_EncodeName_ex with CTC_UTF8 for email type
* *
* name structure to hold result of encoding * name structure to hold result of encoding
* nameStr value to be encoded * nameStr value to be encoded
@@ -13183,7 +13183,7 @@ static int wc_EncodeName_ex(EncodedName* name, const char* nameStr, char nameTyp
* *
* returns length on success * returns length on success
*/ */
int wc_EncodeName_cano(EncodedName* name, const char* nameStr, char nameType, int wc_EncodeNameCanonical(EncodedName* name, const char* nameStr, char nameType,
byte type) byte type)
{ {
return wc_EncodeName_ex(name, nameStr, nameType, type, 0x0c/* CTC_UTF8 */); return wc_EncodeName_ex(name, nameStr, nameType, type, 0x0c/* CTC_UTF8 */);

2
wolfcrypt/src/wc_port.c
View File

@@ -427,7 +427,7 @@ int wc_FileExists(const char* fname)
if (XSTAT(fname, &ctx.s) != 0) { if (XSTAT(fname, &ctx.s) != 0) {
WOLFSSL_MSG("stat on name failed"); WOLFSSL_MSG("stat on name failed");
return BAD_PATH_ERROR; return BAD_PATH_ERROR;
}else } else
#if defined(USE_WINDOWS_API) #if defined(USE_WINDOWS_API)
if (ctx.s.st_mode & _S_IFREG) { if (ctx.s.st_mode & _S_IFREG) {
return 0; return 0;

2
wolfssl/internal.h
View File

@@ -4819,7 +4819,7 @@ WOLFSSL_LOCAL void FreeKey(WOLFSSL* ssl, int type, void** pKey);
#endif #endif
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
(defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \ (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
WOLFSSL_LOCAL int LoadCrlCertByIssuer(WOLFSSL_X509_STORE* store, WOLFSSL_LOCAL int LoadCrlCertByIssuer(WOLFSSL_X509_STORE* store,
X509_NAME* issuer, int Type); X509_NAME* issuer, int Type);

2
wolfssl/wolfcrypt/asn.h
View File

@@ -1173,7 +1173,7 @@ WOLFSSL_LOCAL int wc_OBJ_sn2nid(const char *sn);
WOLFSSL_LOCAL int wc_EncodeName(EncodedName* name, const char* nameStr, WOLFSSL_LOCAL int wc_EncodeName(EncodedName* name, const char* nameStr,
char nameType, byte type); char nameType, byte type);
WOLFSSL_LOCAL int wc_EncodeName_cano(EncodedName* name, const char* nameStr, WOLFSSL_LOCAL int wc_EncodeNameCanonical(EncodedName* name, const char* nameStr,
char nameType, byte type); char nameType, byte type);
/* ASN.1 helper functions */ /* ASN.1 helper functions */
#ifdef WOLFSSL_CERT_GEN #ifdef WOLFSSL_CERT_GEN

2
wolfssl/wolfcrypt/wc_port.h
View File

@@ -684,8 +684,10 @@ WOLFSSL_API int wolfCrypt_Cleanup(void);
#define SEPARATOR_CHAR ';' #define SEPARATOR_CHAR ';'
#elif defined(WOLFSSL_ZEPHYR) #elif defined(WOLFSSL_ZEPHYR)
#define XSTAT fs_stat #define XSTAT fs_stat
#define SEPARATOR_CHAR ':'
#elif defined(WOLFSSL_TELIT_M2MB) #elif defined(WOLFSSL_TELIT_M2MB)
#define XSTAT m2mb_fs_stat #define XSTAT m2mb_fs_stat
#define SEPARATOR_CHAR ':'
#else #else
#include <dirent.h> #include <dirent.h>
#include <unistd.h> #include <unistd.h>