feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

addressed review comments part 1

Browse Source
This commit is contained in:
Hideki Miyazaki
2021-03-11 15:43:54 +09:00
parent f9c9de5855
commit 4650aaf4fb
11 changed files with 142 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
examples/client/client.c
View File

@ -1121,7 +1121,7 @@ static const char* client_usage_msg[][67] = {
"-8 Use X448 for key exchange\n", /* 66 */
#endif
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
(defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
"-9 Use hash dir look up for certificate loading\n"
" loading from <wolfSSL home>/certs folder\n"
@ -1306,7 +1306,7 @@ static const char* client_usage_msg[][67] = {
"-8 Use X448 for key exchange\n", /* 66 */
#endif
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
(defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
"-9 証明書の読み込みに hash dir 機能を使用する\n"
" <wolfSSL home>/certs フォルダーからロードします\n"
@ -1488,7 +1488,7 @@ static void Usage(void)
printf("%s", msg[++msgid]); /* -8 */
#endif
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
(defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
printf("%s", msg[++msgid]); /* -9 */
#endif
@ -1627,7 +1627,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
const char* wnrConfigFile = wnrConfig;
#endif
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
(defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
int useCertFolder = 0;
#endif
@ -2193,7 +2193,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
break;
case '9' :
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
(defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
useCertFolder = 1;
break;
@ -2658,7 +2658,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
if (!usePsk && !useAnon && !useVerifyCb && myVerifyAction != VERIFY_FORCE_FAIL) {
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
(defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
if (useCertFolder) {
WOLFSSL_X509_STORE *store;
@ -2728,7 +2728,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
}
#endif /* WOLFSSL_TRUST_PEER_CERT && !NO_FILESYSTEM */
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
(defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
}
#endif

14
examples/server/server.c
View File

@ -707,7 +707,7 @@ static const char* server_usage_msg[][57] = {
"-8 Pre-generate Key share using Curve448 only\n", /* 56 */
#endif
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
(defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
"-9 Use hash dir look up for certificate loading\n"
" loading from <wolfSSL home>/certs folder\n"
@ -850,7 +850,7 @@ static const char* server_usage_msg[][57] = {
"-8 Pre-generate Key share using Curve448 only\n", /* 56 */
#endif
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
(defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
"-9 証明書の読み込みに hash dir 機能を使用する\n"
" <wolfSSL home>/certs フォルダーからロードします\n"
@ -991,7 +991,7 @@ static void Usage(void)
printf("%s", msg[++msgId]); /* -8 */
#endif
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
(defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
printf("%s", msg[++msgId]); /* -9 */
#endif
@ -1153,7 +1153,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
int disallowETM = 0;
#endif
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
(defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
int useCertFolder = 0;
#endif
@ -1653,7 +1653,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
break;
case '9' :
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
(defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
useCertFolder = 1;
break;
@ -2049,7 +2049,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
verify_flags |= WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY;
#endif
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
(defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
if (useCertFolder) {
WOLFSSL_X509_STORE *store;
@ -2086,7 +2086,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
}
#endif /* WOLFSSL_TRUST_PEER_CERT */
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
(defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
}
#endif

2
src/crl.c
View File

@ -365,7 +365,7 @@ int CheckCertCRL(WOLFSSL_CRL* crl, DecodedCert* cert)
#endif
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
(defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
if (foundEntry == 0) {
if (crl->cm->x509_store_p != NULL) {

54
src/internal.c
View File

@ -1820,16 +1820,18 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap)
return MEMORY_E;
}
XMEMSET(ctx->param, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM));
/* WOLFSS_X509_LOOKUP */
/* WOLFSSL_X509_LOOKUP */
if ((ctx->x509_store.lookup.dirs =
(WOLFSSL_BY_DIR*)XMALLOC(sizeof(WOLFSSL_BY_DIR),
heap, DYNAMIC_TYPE_OPENSSL)) == NULL) {
WOLFSSL_MSG("ctx-x509_store.lookup.dir memory allocation error");
XFREE(ctx->param, heap, DYNAMIC_TYPE_OPENSSL);
return MEMORY_E;
}
XMEMSET(ctx->x509_store.lookup.dirs, 0, sizeof(WOLFSSL_BY_DIR));
if (wc_InitMutex(&ctx->x509_store.lookup.dirs->lock) != 0) {
WOLFSSL_MSG("Bad mutex init");
XFREE(ctx->param, heap, DYNAMIC_TYPE_OPENSSL);
XFREE(ctx->x509_store.lookup.dirs, heap, DYNAMIC_TYPE_OPENSSL);
return BAD_MUTEX_E;
}
@ -10582,17 +10584,18 @@ static void FreeProcPeerCertArgs(WOLFSSL* ssl, void* pArgs)
}
}
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
(defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
/* load certificate file which has the form <hash>.(r)N[0..N] */
/* in the folder. */
/* (r), in the case of CRL file */
/* @param store a pointer to X509_STORE structure */
/* @param issuer a pointer to X509_NAME that presents issuer */
/* @param issuer a pointer to X509_NAME that presents an issuer */
/* @param type X509_LU_X509 or X509_LU_CRL */
/* @return WOLFSSL_SUCCESS on successful, otherwise WOLFSSL_FAILURE */
int LoadCrlCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type)
{
const int MAX_SUFFIX = 10;
const int MAX_SUFFIX = 10;/* The number comes from CA_TABLE_SIZE=10 */
int ret = WOLFSSL_SUCCESS;
WOLFSSL_X509_LOOKUP* lookup = &store->lookup;
WOLFSSL_BY_DIR_entry* entry;
@ -10622,7 +10625,7 @@ int LoadCrlCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type)
retHash = wc_ShaHash((const byte*)pbuf, len, dgt);
#endif
if (retHash == 0) {
/* 4 bytes in small endian as unsigned long */
/* 4 bytes in little endian as unsigned long */
hash = (((unsigned long)dgt[3] << 24) |
((unsigned long)dgt[2] << 16) |
((unsigned long)dgt[1] << 8) |
@ -10635,7 +10638,7 @@ int LoadCrlCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type)
}
/* try to load each hashed name file in path */
#if !defined(NO_FILESYSTE) && !defined(NO_WOLFSSL_DIR)
#if !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
if (type == X509_LU_CRL) {
post = "r";
@ -10646,19 +10649,6 @@ int LoadCrlCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type)
for (i=0; i<num; i++) {
entry = wolfSSL_sk_BY_DIR_entry_value(lookup->dirs->dir_entry, i);
/*/<hash value:8>.(r)N\0 */
/*112345678 1 1 1 1 => 13 */
len = (int)XSTRLEN(entry->dir_name) + 13;
if (filename != NULL) {
XFREE(filename, NULL, DYNAMIC_TYPE_OPENSSL);
}
filename = (char*)XMALLOC(len, NULL, DYNAMIC_TYPE_OPENSSL);
if (filename == NULL) {
WOLFSSL_MSG("memory allcation error");
return MEMORY_E;
}
if (type == X509_LU_CRL && entry->hashes != NULL &&
wolfSSL_sk_BY_DIR_HASH_num(entry->hashes) > 0) {
@ -10682,7 +10672,25 @@ int LoadCrlCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type)
wc_UnLockMutex(&lookup->dirs->lock);
}
for (; suffix < MAX_SUFFIX;suffix++) {
/* Additional buffer length for file name memory allocation : */
/* / <hashvalue>.(r)N\0 */
/*|1| 8 |1|1|1|1| => 13 */
len = (int)XSTRLEN(entry->dir_name) + 13;
if (filename != NULL) {
XFREE(filename, NULL, DYNAMIC_TYPE_OPENSSL);
}
filename = (char*)XMALLOC(len, NULL, DYNAMIC_TYPE_OPENSSL);
if (filename == NULL) {
WOLFSSL_MSG("memory allocation error");
return MEMORY_E;
}
/* set as FAILURE, if successfuly loading cert of CRL, this becomes */
/* WOLFSSL_SUCCESS */
ret = WOLFSSL_FAILURE;
for (; suffix < MAX_SUFFIX; suffix++) {
/* /folder-path/<hash>.(r)N[0..9] */
XSNPRINTF(filename, len, "%s/%08lx.%s%d", entry->dir_name,
hash, post, suffix);
@ -10720,7 +10728,7 @@ int LoadCrlCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type)
break;
}
if (suffix == MAX_SUFFIX) {
if (ret != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("not found file");
ret = WOLFSSL_FAILURE;
} else {
@ -11291,7 +11299,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
!ssl->options.verifyNone ? VERIFY : NO_VERIFY,
&subjectHash, &alreadySigner);
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
(defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
if (ret == ASN_NO_SIGNER_E) {
WOLFSSL_MSG("try to load certificate if hash dir is set");
@ -11509,7 +11517,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
!ssl->options.verifyNone ? VERIFY : NO_VERIFY,
&subjectHash, &alreadySigner);
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
(defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
if (ret == ASN_NO_SIGNER_E) {
WOLFSSL_MSG("try to load certificate if hash dir is set");

107
src/ssl.c
View File

@ -24829,6 +24829,13 @@ WOLFSSL_X509_LOOKUP_METHOD* wolfSSL_X509_LOOKUP_file(void)
return &meth;
}
/* set directory path to load certificate or CRL which have the hash.N form */
/* for late use */
/* @param ctx a pointer to WOLFSSL_BY_DIR structure */
/* @param argc directory path */
/* @param argl file type, either WOLFSSL_FILETYPE_PEM or */
/* WOLFSSL_FILETYPE_ASN1 */
/* @return WOLFSSL_SUCCESS on successful, othewise negative or zero */
static int x509AddCertDir(void *p, const char *argc, long argl)
{
WOLFSSL_ENTER("x509AddCertDir");
@ -24885,6 +24892,9 @@ static int x509AddCertDir(void *p, const char *argc, long argl)
if (ctx->dir_entry == NULL) {
WOLFSSL_MSG("failed to allocate dir_entry");
#ifdef WOLFSSL_SMALL_STACK
XFREE(buf, 0, DYNAMIC_TYPE_OPENSSL);
#endif
return 0;
}
}
@ -24892,6 +24902,9 @@ static int x509AddCertDir(void *p, const char *argc, long argl)
entry = wolfSSL_BY_DIR_entry_new();
if (entry == NULL) {
WOLFSSL_MSG("failed to allocate dir entry");
#ifdef WOLFSSL_SMALL_STACK
XFREE(buf, 0, DYNAMIC_TYPE_OPENSSL);
#endif
return 0;
}
entry->dir_type = (int)argl;
@ -24901,6 +24914,9 @@ static int x509AddCertDir(void *p, const char *argc, long argl)
if (entry->dir_name == NULL || entry->hashes == NULL) {
WOLFSSL_MSG("failed to allocate dir name");
wolfSSL_BY_DIR_entry_free(entry);
#ifdef WOLFSSL_SMALL_STACK
XFREE(buf, 0, DYNAMIC_TYPE_OPENSSL);
#endif
return 0;
}
@ -24910,6 +24926,9 @@ static int x509AddCertDir(void *p, const char *argc, long argl)
if (wolfSSL_sk_BY_DIR_entry_push(ctx->dir_entry, entry)
!= WOLFSSL_SUCCESS) {
wolfSSL_BY_DIR_entry_free(entry);
#ifdef WOLFSSL_SMALL_STACK
XFREE(buf, 0, DYNAMIC_TYPE_OPENSSL);
#endif
return 0;
}
}
@ -24935,20 +24954,25 @@ static int x509AddCertDir(void *p, const char *argc, long argl)
#endif
}
/* set additional data to X509_LOOKUP */
/* @param ctx a pointer to X509_LOOKUP structure */
/* @param cmd control command : */
/* X509_L_FILE_LOAD, X509_L_ADD_DIR X509_L_ADD_STORE or */
/* X509_L_LOAD_STORE */
/* @param argc arguments for the control command */
/* @param argl arguments for the control command */
/* @param **ret return value of the control command */
/* @return WOLFSSL_SUCCESS on successful, othewise WOLFSSL_FAILURE */
/* note: WOLFSSL_X509_L_ADD_STORE and WOLFSSL_X509_L_LOAD_STORE have not*/
/* yet implemented. It retutns WOLFSSL_NOT_IMPLEMENTED */
/* when those control commands are passed. */
int wolfSSL_X509_LOOKUP_ctrl(WOLFSSL_X509_LOOKUP *ctx, int cmd,
const char *argc, long argl, char **ret)
{
/* control commands:
* X509_L_FILE_LOAD, X509_L_ADD_DIR
* X509_L_ADD_STORE, X509_L_LOAD_STORE
*/
int lret = WOLFSSL_FAILURE;
WOLFSSL_ENTER("wolfSSL_X509_LOOKUP_ctrl");
#if !defined(NO_FILESYSTEM)
/* returns FAILURE
*if the X509_LOOKUP doesn't have an associated X509_LOOKUP_METHOD */
if (ctx != NULL) {
switch (cmd) {
case WOLFSSL_X509_L_FILE_LOAD:
@ -24990,7 +25014,7 @@ WOLFSSL_X509_LOOKUP* wolfSSL_X509_STORE_add_lookup(WOLFSSL_X509_STORE* store,
WOLFSSL_X509_LOOKUP_METHOD* m)
{
WOLFSSL_ENTER("SSL_X509_STORE_add_lookup");
if (store == NULL)
if (store == NULL || m == NULL)
return NULL;
/* Make sure the lookup has a back reference to the store. */
@ -26311,7 +26335,11 @@ WOLFSSL_X509 *wolfSSL_d2i_X509_fp(XFILE fp, WOLFSSL_X509 **x509)
WOLFSSL_ENTER("wolfSSL_d2i_X509_fp");
return (WOLFSSL_X509 *)wolfSSL_d2i_X509_fp_ex(fp, (void **)x509, CERT_TYPE);
}
/* load certificate or CRL file, and add it to the STORE */
/* @param ctx a pointer to X509_LOOKUP structure */
/* @param file file name to load */
/* @param type WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1 */
/* @return a number of loading CRL or certificate, otherwise zero */
WOLFSSL_API int wolfSSL_X509_load_cert_crl_file(WOLFSSL_X509_LOOKUP *ctx,
const char *file, int type)
{
@ -26324,7 +26352,13 @@ WOLFSSL_API int wolfSSL_X509_load_cert_crl_file(WOLFSSL_X509_LOOKUP *ctx,
int cnt = 0;
int num = 0;
WOLFSSL_ENTER("wolfSSL_X509_load_ceretificate_crl_file");
WOLFSSL_ENTER("wolfSSL_X509_load_cert_crl_file");
/* stanity check */
if (ctx == NULL || file == NULL) {
WOLFSSL_MSG("bad arguments");
return 0;
}
if (type != WOLFSSL_FILETYPE_PEM) {
x509 = wolfSSL_X509_load_certificate_file(file, type);
@ -41558,6 +41592,14 @@ static int ConvertNIDToWolfSSL(int nid)
}
#if defined(OPENSSL_ALL)
/* Convert ASN1 input string into canonical ASN1 string */
/* , which has the following rules: */
/* convert to UTF8 */
/* convert to lower case */
/* multi-spaces collapsed */
/* @param asn_out a pointer to ASN1_STRING to be converted */
/* @param asn_in a pointer to input ASN1_STRING */
/* @return WOLFSSL_SUCCESS on successful converted, otherwise <=0 error code*/
static int wolfSSL_ASN1_STRING_canon(WOLFSSL_ASN1_STRING* asn_out,
const WOLFSSL_ASN1_STRING* asn_in)
{
@ -41565,6 +41607,14 @@ static int wolfSSL_ASN1_STRING_canon(WOLFSSL_ASN1_STRING* asn_out,
char* src;
int i, len;
WOLFSSL_ENTER("wolfSSL_ASN1_STRING_canon");
/* sanity check */
if (asn_out == NULL || asn_in == NULL) {
WOLFSSL_MSG("invalid function arguments");
return BAD_FUNC_ARG;
}
switch (asn_in->type) {
case MBSTRING_UTF8:
case V_ASN1_PRINTABLESTRING:
@ -41594,7 +41644,7 @@ static int wolfSSL_ASN1_STRING_canon(WOLFSSL_ASN1_STRING* asn_out,
for (; (len > 0 && XISSPACE(*dst));len--) {
dst--;
}
for (; (len > 0 && XISSPACE(*src));len--){
for (; (len > 0 && XISSPACE(*src));len--) {
src++;
}
@ -41618,16 +41668,15 @@ static int wolfSSL_ASN1_STRING_canon(WOLFSSL_ASN1_STRING* asn_out,
return WOLFSSL_SUCCESS;
}
/* this is to converts the x509 name structure into canonical DER format
* , which has the following rules:
* convert to UTF8
* convert to lower case
* multi-spaces collapsed
* leading SEQUENCE hader is skipped
* @param name a pointer to X509_NAME that is to be converted
* @param out a pointer to conveted data
* @return a number of converted bytes, otherwise <0 error code
*/
/* This is to convert the x509 name structure into canonical DER format */
/* , which has the following rules: */
/* convert to UTF8 */
/* convert to lower case */
/* multi-spaces collapsed */
/* leading SEQUENCE hader is skipped */
/* @param name a pointer to X509_NAME that is to be converted */
/* @param out a pointer to conveted data */
/* @return a number of converted bytes, otherwise <=0 error code */
int wolfSSL_i2d_X509_NAME_canon(WOLFSSL_X509_NAME* name, unsigned char** out)
{
int totalBytes = 0, i, idx;
@ -41661,8 +41710,12 @@ int wolfSSL_i2d_X509_NAME_canon(WOLFSSL_X509_NAME* name, unsigned char** out)
WOLFSSL_ASN1_STRING* cano_data;
cano_data = wolfSSL_ASN1_STRING_new();
if (cano_data == NULL)
if (cano_data == NULL) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return MEMORY_E;
}
data = wolfSSL_X509_NAME_ENTRY_get_data(entry);
if (data == NULL) {
@ -41678,7 +41731,7 @@ int wolfSSL_i2d_X509_NAME_canon(WOLFSSL_X509_NAME* name, unsigned char** out)
}
nameStr = (const char*)wolfSSL_ASN1_STRING_data(cano_data);
ret = wc_EncodeName_cano(&names[i], nameStr, CTC_UTF8,
ret = wc_EncodeNameCanonical(&names[i], nameStr, CTC_UTF8,
ConvertNIDToWolfSSL(entry->nid));
if (ret < 0) {
#ifdef WOLFSSL_SMALL_STACK
@ -46371,7 +46424,7 @@ int wolfSSL_sk_BY_DIR_HASH_find(
/* return a number of WOLFSSL_BY_DIR_HASH in stack */
int wolfSSL_sk_BY_DIR_HASH_num(const WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *sk)
{
WOLFSSL_ENTER("wolfSSL_sk_WOLFSSL_BY_DIR_HASH_num");
WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_HASH_num");
if (sk == NULL)
return -1;
@ -46421,8 +46474,10 @@ WOLFSSL_BY_DIR_HASH* wolfSSL_sk_BY_DIR_HASH_pop(
return hash;
}
/* release all contents in stack, and then release stack itself */
/* it uses function when it is passed */
/* release all contents in stack, and then release stack itself. */
/* Second argument is a function pointer to release resouces. */
/* It calls the function to release resouces when t is passed */
/* instead of wolfSSL_BY_DIR_HASH_free(). */
void wolfSSL_sk_BY_DIR_HASH_pop_free(WOLF_STACK_OF(BY_DIR_HASH)* sk,
void (*f) (WOLFSSL_BY_DIR_HASH*))
{

2
tests/api.c
View File

@ -28104,7 +28104,7 @@ static void test_wolfSSL_X509_Name_canon(void)
#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && !defined(NO_SHA) && \
defined(WOLFSSL_CERT_GEN) && \
(defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT))
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT))
const long ex_hash1 = 0x0fdb2da4;
const long ex_hash2 = 0x9f3e8c9e;

4
wolfcrypt/src/asn.c
View File

@ -13174,7 +13174,7 @@ static int wc_EncodeName_ex(EncodedName* name, const char* nameStr, char nameTyp
}
/* canonical encoding one attribute of the name (issuer/subject)
* call we_EncodeName_ex with CTC_UTF8 for email type
* call wc_EncodeName_ex with CTC_UTF8 for email type
*
* name structure to hold result of encoding
* nameStr value to be encoded
@ -13183,7 +13183,7 @@ static int wc_EncodeName_ex(EncodedName* name, const char* nameStr, char nameTyp
*
* returns length on success
*/
int wc_EncodeName_cano(EncodedName* name, const char* nameStr, char nameType,
int wc_EncodeNameCanonical(EncodedName* name, const char* nameStr, char nameType,
byte type)
{
return wc_EncodeName_ex(name, nameStr, nameType, type, 0x0c/* CTC_UTF8 */);

2
wolfcrypt/src/wc_port.c
View File

@ -427,7 +427,7 @@ int wc_FileExists(const char* fname)
if (XSTAT(fname, &ctx.s) != 0) {
WOLFSSL_MSG("stat on name failed");
return BAD_PATH_ERROR;
}else
} else
#if defined(USE_WINDOWS_API)
if (ctx.s.st_mode & _S_IFREG) {
return 0;

2
wolfssl/internal.h
View File

@ -4819,7 +4819,7 @@ WOLFSSL_LOCAL void FreeKey(WOLFSSL* ssl, int type, void** pKey);
#endif
#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
(defined(WOLFSSL_CERT_REQ) || defined(OLFSSL_CERT_EXT)) && \
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
WOLFSSL_LOCAL int LoadCrlCertByIssuer(WOLFSSL_X509_STORE* store,
X509_NAME* issuer, int Type);

2
wolfssl/wolfcrypt/asn.h
View File

@ -1173,7 +1173,7 @@ WOLFSSL_LOCAL int wc_OBJ_sn2nid(const char *sn);
WOLFSSL_LOCAL int wc_EncodeName(EncodedName* name, const char* nameStr,
char nameType, byte type);
WOLFSSL_LOCAL int wc_EncodeName_cano(EncodedName* name, const char* nameStr,
WOLFSSL_LOCAL int wc_EncodeNameCanonical(EncodedName* name, const char* nameStr,
char nameType, byte type);
/* ASN.1 helper functions */
#ifdef WOLFSSL_CERT_GEN

2
wolfssl/wolfcrypt/wc_port.h
View File

@ -684,8 +684,10 @@ WOLFSSL_API int wolfCrypt_Cleanup(void);
#define SEPARATOR_CHAR ';'
#elif defined(WOLFSSL_ZEPHYR)
#define XSTAT fs_stat
#define SEPARATOR_CHAR ':'
#elif defined(WOLFSSL_TELIT_M2MB)
#define XSTAT m2mb_fs_stat
#define SEPARATOR_CHAR ':'
#else
#include <dirent.h>
#include <unistd.h>