From 753a3babc8411ce65bc078f393643ac0eb8c081a Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Tue, 28 Jul 2020 23:05:37 +0200 Subject: [PATCH] OpenSSL Compat layer Implement/stub: - wolfSSL_NCONF_get_number - wolfSSL_EVP_PKEY_CTX_ctrl_str - wolfSSL_PKCS12_verify_mac - wc_PKCS12_verify_ex - wolfSSL_BIO_new_fd - wolfSSL_X509_sign_ctx - wolfSSL_ASN1_STRING_cmp - wolfSSL_ASN1_TIME_set_string - X509V3_EXT_add_nconf - X509V3_set_nconf Implement TXT_DB functionality: - wolfSSL_TXT_DB_read - wolfSSL_TXT_DB_free - wolfSSL_TXT_DB_create_index - wolfSSL_TXT_DB_get_by_index --- src/bio.c | 19 ++ src/ssl.c | 355 +++++++++++++++++++++++++++++++++++- wolfcrypt/src/evp.c | 14 +- wolfcrypt/src/pkcs12.c | 10 +- wolfssl/openssl/bio.h | 2 + wolfssl/openssl/conf.h | 5 + wolfssl/openssl/evp.h | 4 + wolfssl/openssl/pkcs12.h | 1 + wolfssl/openssl/ssl.h | 16 ++ wolfssl/openssl/txt_db.h | 22 ++- wolfssl/openssl/x509v3.h | 9 + wolfssl/ssl.h | 11 +- wolfssl/wolfcrypt/pkcs12.h | 2 + wolfssl/wolfcrypt/wc_port.h | 1 + 14 files changed, 465 insertions(+), 6 deletions(-) diff --git a/src/bio.c b/src/bio.c index dbf29bcbe..89a3e9d29 100644 --- a/src/bio.c +++ b/src/bio.c @@ -1322,6 +1322,25 @@ int wolfSSL_BIO_reset(WOLFSSL_BIO *bio) } #ifndef NO_FILESYSTEM +WOLFSSL_BIO *wolfSSL_BIO_new_fd(int fd, int close_flag) +{ + WOLFSSL_BIO* bio; + + bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file()); + if (!bio) { + WOLFSSL_MSG("wolfSSL_BIO_new error"); + return NULL; + } + + if (wolfSSL_BIO_set_fd(bio, fd, close_flag) != WOLFSSL_SUCCESS) { + wolfSSL_BIO_free(bio); + WOLFSSL_MSG("wolfSSL_BIO_set_fp error"); + return NULL; + } + + return bio; +} + long wolfSSL_BIO_set_fp(WOLFSSL_BIO *bio, XFILE fp, int c) { WOLFSSL_ENTER("wolfSSL_BIO_set_fp"); diff --git a/src/ssl.c b/src/ssl.c index e23cd196b..76a9f0392 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -111,6 +111,7 @@ #if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) #include #include + #include #endif /* WITH_STUNNEL */ #if defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384) #include @@ -9832,6 +9833,14 @@ int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext, int lo return WOLFSSL_FAILURE; } +WOLFSSL_X509_EXTENSION *wolfSSL_X509_delete_ext(WOLFSSL_X509 *x509, int loc) +{ + WOLFSSL_STUB("wolfSSL_X509_delete_ext"); + (void)x509; + (void)loc; + return NULL; +} + /* currently LHASH is not implemented (and not needed for Apache port) */ WOLFSSL_X509_EXTENSION* wolfSSL_X509V3_EXT_conf_nid( WOLF_LHASH_OF(CONF_VALUE)* conf, WOLFSSL_X509V3_CTX* ctx, int nid, @@ -15493,6 +15502,13 @@ int wolfSSL_set_compression(WOLFSSL* ssl) WOLFSSL_ENTER("wolfSSL_BIO_set_fd"); if (b != NULL) { + if (b->type == WOLFSSL_BIO_FILE) { + b->ptr = XFDOPEN(fd, "rw"); + if (!b->ptr) { + WOLFSSL_MSG("Error opening file descriptor"); + return WOLFSSL_FAILURE; + } + } b->num = fd; b->shutdown = (byte)closeF; } @@ -19414,6 +19430,26 @@ char *wolfSSL_NCONF_get_string(const WOLFSSL_CONF *conf, return NULL; } +int wolfSSL_NCONF_get_number(const CONF *conf, const char *group, + const char *name, long *result) +{ + char *str; + WOLFSSL_ENTER("wolfSSL_NCONF_get_number"); + + if (!conf || !group || !name || !result) { + WOLFSSL_MSG("Bad parameter"); + return WOLFSSL_FAILURE; + } + + if (!(str = wolfSSL_NCONF_get_string(conf, group, name))) { + WOLFSSL_MSG("wolfSSL_NCONF_get_string error"); + return WOLFSSL_FAILURE; + } + + *result = atol(str); + return WOLFSSL_SUCCESS; +} + /** * The WOLFSSL_CONF->value member is treated as a * WOLFSSL_STACK_OF(WOLFSSL_CONF_VALUE) which becomes @@ -20495,6 +20531,44 @@ int wolfSSL_ASN1_STRING_to_UTF8(unsigned char **out, WOLFSSL_ASN1_STRING *in) return inLen; } +int wolfSSL_ASN1_UNIVERSALSTRING_to_string(WOLFSSL_ASN1_STRING *s) +{ + char *idx; + char *copy; + WOLFSSL_ENTER("wolfSSL_ASN1_UNIVERSALSTRING_to_string"); + + if (!s) { + WOLFSSL_MSG("Bad parameter"); + return WOLFSSL_FAILURE; + } + + if (s->type != V_ASN1_UNIVERSALSTRING) { + WOLFSSL_MSG("Input is not a universal string"); + return WOLFSSL_FAILURE; + } + + if ((s->length % 4) != 0) { + WOLFSSL_MSG("Input string must be divisible by 4"); + return WOLFSSL_FAILURE; + } + + for (idx = s->data; idx < s->data + s->length; idx += 4) + if ((idx[0] != '\0') || (idx[1] != '\0') || (idx[2] != '\0')) + break; + + if (idx != s->data + s->length) { + WOLFSSL_MSG("Wrong string format"); + return WOLFSSL_FAILURE; + } + + for (copy = idx = s->data; idx < s->data + s->length; idx += 4) + *copy++ = idx[3]; + *copy = '\0'; + s->length /= 4; + s->type = V_ASN1_PRINTABLESTRING; + return WOLFSSL_SUCCESS; +} + /* Returns string representation of ASN1_STRING */ char* wolfSSL_i2s_ASN1_STRING(WOLFSSL_v3_ext_method *method, const WOLFSSL_ASN1_STRING *s) @@ -21012,6 +21086,175 @@ void wolfSSL_sk_CIPHER_free(WOLF_STACK_OF(WOLFSSL_CIPHER)* sk) /* free head of stack */ XFREE(sk, NULL, DYNAMIC_TYPE_ASN1); } + +/** + * This function reads a tab delimetered CSV input and returns + * a populated WOLFSSL_TXT_DB structure. + * @param in Tab delimetered CSV input + * @param num Number of fields in each row. + * @return + */ +WOLFSSL_TXT_DB *wolfSSL_TXT_DB_read(WOLFSSL_BIO *in, int num) +{ + WOLFSSL_TXT_DB *ret = NULL; + char *buf = NULL; + char *bufEnd = NULL; + char *idx = NULL; + char* lineEnd = NULL; + int bufSz; + int failed = 1; + /* Space in front of str reserved for field pointers + \0 */ + int fieldsSz = (num + 1) * sizeof(char *); + WOLFSSL_ENTER("wolfSSL_TXT_DB_read"); + + if (!in || num <= 0 || num > WOLFSSL_TXT_DB_MAX_FIELDS) { + WOLFSSL_MSG("Bad parameter or too many fields"); + return NULL; + } + + if (!(ret = (WOLFSSL_TXT_DB*)XMALLOC(sizeof(WOLFSSL_TXT_DB), NULL, + DYNAMIC_TYPE_OPENSSL))) { + WOLFSSL_MSG("malloc error"); + goto error; + } + XMEMSET (ret, 0, sizeof(WOLFSSL_TXT_DB)); + ret->num_fields = num; + + if (!(ret->data = wolfSSL_sk_WOLFSSL_STRING_new())) { + WOLFSSL_MSG("wolfSSL_sk_WOLFSSL_STRING_new error"); + goto error; + } + + bufSz = wolfSSL_BIO_get_len(in); + if (bufSz <= 0 || + !(buf = (char*)XMALLOC(sizeof(bufSz+1), NULL, + DYNAMIC_TYPE_TMP_BUFFER))) { + WOLFSSL_MSG("malloc error or no data in BIO"); + goto error; + } + + if (wolfSSL_BIO_read(in, buf, bufSz) != bufSz) { + WOLFSSL_MSG("malloc error or no data in BIO"); + goto error; + } + + buf[bufSz] = '\0'; + for (bufEnd = buf + bufSz; idx < bufEnd; idx = lineEnd + 1) { + char* strBuf = NULL; + char** fieldPtr = NULL; + int fieldPtrIdx = 0; + char* fieldCheckIdx = NULL; + lineEnd = XSTRNSTR(idx, "\n", bufEnd - idx); + if (!lineEnd) + lineEnd = bufEnd; + if (idx == lineEnd) /* empty line */ + continue; + if (*idx == '#') + continue; + *lineEnd = '\0'; + strBuf = (char*)XMALLOC(fieldsSz + lineEnd - idx + 1, NULL, + DYNAMIC_TYPE_OPENSSL); + if (!strBuf) { + WOLFSSL_MSG("malloc error"); + goto error; + } + XMEMCPY(strBuf + fieldsSz, idx, lineEnd - idx + 1); /* + 1 for NULL */ + /* Check for appropriate number of fields */ + fieldPtr = (char**)strBuf; + fieldCheckIdx = strBuf + fieldsSz; + fieldPtr[fieldPtrIdx++] = fieldCheckIdx; + while (*fieldCheckIdx != '\0') { + if (*fieldCheckIdx == '\t') { + fieldPtr[fieldPtrIdx++] = fieldCheckIdx + 1; + *fieldCheckIdx = '\0'; + if (fieldPtrIdx > num) { + WOLFSSL_MSG("too many fields"); + XFREE(strBuf, NULL, DYNAMIC_TYPE_OPENSSL); + goto error; + } + } + fieldCheckIdx++; + } + if (fieldPtrIdx != num) { + WOLFSSL_MSG("wrong number of fields"); + XFREE(strBuf, NULL, DYNAMIC_TYPE_OPENSSL); + goto error; + } + if (wolfSSL_sk_push(ret->data, strBuf) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("wolfSSL_sk_push error"); + XFREE(strBuf, NULL, DYNAMIC_TYPE_OPENSSL); + goto error; + } + } + + failed = 0; +error: + if (failed && ret) { + XFREE(ret, NULL, DYNAMIC_TYPE_OPENSSL); + ret = NULL; + } + if (buf) { + XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } + return ret; +} + +void wolfSSL_TXT_DB_free(WOLFSSL_TXT_DB *db) +{ + if (db) { + if (db->data) { + wolfSSL_sk_free(db->data); + } + XFREE(db, NULL, DYNAMIC_TYPE_OPENSSL); + } +} + +int wolfSSL_TXT_DB_create_index(WOLFSSL_TXT_DB *db, int field, + void* qual, wolf_sk_hash_cb hash, wolf_sk_compare_cb cmp) +{ + WOLFSSL_ENTER("wolfSSL_TXT_DB_create_index"); + (void)qual; + + if (!db || !hash || !cmp || field >= db->num_fields || field < 0) { + WOLFSSL_MSG("Bad parameter"); + return WOLFSSL_FAILURE; + } + + db->hash_fn[field] = hash; + db->comp[field] = cmp; + + return WOLFSSL_SUCCESS; +} + +WOLFSSL_STRING *wolfSSL_TXT_DB_get_by_index(WOLFSSL_TXT_DB *db, int idx, + WOLFSSL_STRING *value) +{ + WOLF_STACK_OF(WOLFSSL_STRING)* data; + WOLFSSL_ENTER("wolfSSL_TXT_DB_get_by_index"); + + if (!db || idx < 0 || idx >= db->num_fields) { + WOLFSSL_MSG("Bad parameter"); + return NULL; + } + + if (!db->hash_fn[idx] || !db->comp[idx]) { + WOLFSSL_MSG("Missing hash or cmp functions"); + return NULL; + } + + /* Set the hash and comp functions */ + data = db->data; + while (data) { + if (data->comp != db->comp[idx] || data->hash_fn != db->hash_fn[idx]) { + data->comp = db->comp[idx]; + data->hash_fn = db->hash_fn[idx]; + data->hash = 0; + } + data= data->next; + } + + return (WOLFSSL_STRING*) wolfSSL_lh_retrieve(db->data, value); +} #endif #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448) || \ @@ -21713,6 +21956,26 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b) XFREE(asn1, NULL, DYNAMIC_TYPE_OPENSSL); } } + + int wolfSSL_ASN1_STRING_cmp(const WOLFSSL_ASN1_STRING *a, const WOLFSSL_ASN1_STRING *b) + { + int i; + WOLFSSL_ENTER("wolfSSL_ASN1_STRING_cmp"); + + if (!a || !b) { + return WOLFSSL_FATAL_ERROR; + } + + if (a->length != b->length) { + return a->length - b->length; + } + + if ((i = XMEMCMP(a->data, b->data, a->length)) != 0) { + return i; + } + + return a->type - b->type; + } #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ #if !defined(NO_CERTS) && (defined(OPENSSL_EXTRA) || \ @@ -24024,6 +24287,19 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, return WOLFSSL_SUCCESS; } + +int wolfSSL_PKCS12_verify_mac(WC_PKCS12 *pkcs12, const char *psw, + int pswLen) +{ + WOLFSSL_ENTER("wolfSSL_PKCS12_verify_mac"); + + if (!pkcs12) { + return WOLFSSL_FAILURE; + } + + return wc_PKCS12_verify_ex(pkcs12, (const byte*)psw, pswLen) == 0 ? + WOLFSSL_SUCCESS : WOLFSSL_FAILURE; +} #endif /* !NO_ASN && !NO_PWDBASED */ @@ -28264,13 +28540,21 @@ int wolfSSL_ASN1_TIME_diff(int *pday, int *psec, return 0; } -WOLFSSL_API WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_set(WOLFSSL_ASN1_TIME *s, time_t t) +WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_set(WOLFSSL_ASN1_TIME *s, time_t t) { WOLFSSL_STUB("wolfSSL_ASN1_TIME_set"); (void)s; (void)t; return s; } + +int wolfSSL_ASN1_TIME_set_string(WOLFSSL_ASN1_TIME *s, const char *str) +{ + WOLFSSL_STUB("wolfSSL_ASN1_TIME_set_string"); + (void)s; + (void)str; + return WOLFSSL_FAILURE; +} #endif /* !NO_WOLFSSL_STUB */ #ifndef NO_BIO @@ -39220,6 +39504,64 @@ cleanup: } #endif /* WOLFSSL_CERT_GEN */ + int wolfSSL_X509_sign_ctx(WOLFSSL_X509 *x509, WOLFSSL_EVP_MD_CTX *ctx) + { + WOLFSSL_ENTER("wolfSSL_X509_sign_ctx"); + + if (!x509 || !ctx || !ctx->pctx || !ctx->pctx->pkey) { + WOLFSSL_MSG("Bad parameter"); + return WOLFSSL_FAILURE; + } + + return wolfSSL_X509_sign(x509, ctx->pctx->pkey, wolfSSL_EVP_MD_CTX_md(ctx)); + } + + /* Converts the x509 name structure into DER format. + * + * out pointer to either a pre setup buffer or a pointer to null for + * creating a dynamic buffer. In the case that a pre-existing buffer is + * used out will be incremented the size of the DER buffer on success. + * + * returns the size of the buffer on success, or negative value with failure + */ + int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* name, unsigned char** out) + { + CertName cName; + unsigned char buf[256]; /* ASN_MAX_NAME */ + int sz; + WOLFSSL_ENTER("wolfSSL_i2d_X509_NAME"); + + if (out == NULL || name == NULL) { + return BAD_FUNC_ARG; + } + XMEMSET(&cName, 0, sizeof(CertName)); + + if (CopyX509NameToCertName(name, &cName) != SSL_SUCCESS) { + WOLFSSL_MSG("Error converting x509 name to internal CertName"); + return SSL_FATAL_ERROR; + } + + sz = SetName(buf, sizeof(buf), &cName); + if (sz < 0) { + return sz; + } + + /* using buffer passed in */ + if (*out != NULL) { + XMEMCPY(*out, buf, sz); + *out += sz; + } + else { + *out = (unsigned char*)XMALLOC(sz, NULL, DYNAMIC_TYPE_OPENSSL); + if (*out == NULL) { + return MEMORY_E; + } + XMEMCPY(*out, buf, sz); + } + + return sz; + } +#endif /* WOLFSSL_CERT_GEN */ #if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) WOLFSSL_X509_NAME *wolfSSL_d2i_X509_NAME(WOLFSSL_X509_NAME **name, @@ -46022,6 +46364,17 @@ WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509 *x) return wolfSSL_X509_d2i(NULL, x->derCert->buffer, x->derCert->length); } +WOLF_STACK_OF(WOLFSSL_STRING)* wolfSSL_sk_WOLFSSL_STRING_new(void) +{ + WOLF_STACK_OF(WOLFSSL_STRING)* ret = wolfSSL_sk_new_node(NULL); + + if (ret) { + ret->type = STACK_TYPE_STRING; + } + + return ret; +} + char* wolfSSL_sk_WOLFSSL_STRING_value(WOLF_STACK_OF(WOLFSSL_STRING)* strings, int idx) { diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index 77d579349..7215b13b7 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -1432,7 +1432,19 @@ int wolfSSL_EVP_PKEY_derive_set_peer(WOLFSSL_EVP_PKEY_CTX *ctx, WOLFSSL_EVP_PKEY return WOLFSSL_SUCCESS; } -#if !defined(NO_DH) || defined(HAVE_ECC) +#ifndef NO_WOLFSSL_STUB +int wolfSSL_EVP_PKEY_CTX_ctrl_str(WOLFSSL_EVP_PKEY_CTX *ctx, + const char *name, const char *value) +{ + WOLFSSL_STUB("wolfSSL_EVP_PKEY_CTX_ctrl_str"); + (void)ctx; + (void)name; + (void)value; + return WOLFSSL_FAILURE; +} +#endif /* NO_WOLFSSL_STUB */ + +#if !defined(NO_DH) && defined(HAVE_ECC) #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION!=2)) int wolfSSL_EVP_PKEY_derive(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen) { diff --git a/wolfcrypt/src/pkcs12.c b/wolfcrypt/src/pkcs12.c index 705c63bfb..ca9a4e53e 100644 --- a/wolfcrypt/src/pkcs12.c +++ b/wolfcrypt/src/pkcs12.c @@ -569,7 +569,6 @@ static int wc_PKCS12_create_mac(WC_PKCS12* pkcs12, byte* data, word32 dataSz, return kLen; /* same as digest size */ } - /* check mac on pkcs12, pkcs12->mac has been sanity checked before entering * * returns the result of comparison, success is 0 */ static int wc_PKCS12_verify(WC_PKCS12* pkcs12, byte* data, word32 dataSz, @@ -613,6 +612,15 @@ static int wc_PKCS12_verify(WC_PKCS12* pkcs12, byte* data, word32 dataSz, return XMEMCMP(digest, mac->digest, mac->digestSz); } +int wc_PKCS12_verify_ex(WC_PKCS12* pkcs12, const byte* psw, word32 pswSz) +{ + if (pkcs12 == NULL || pkcs12->safe == NULL) { + return BAD_FUNC_ARG; + } + return wc_PKCS12_verify(pkcs12, pkcs12->safe->data, pkcs12->safe->dataSz, + psw, pswSz); +} + /* Convert DER format stored in der buffer to WC_PKCS12 struct * Puts the raw contents of Content Info into structure without completely diff --git a/wolfssl/openssl/bio.h b/wolfssl/openssl/bio.h index 3218ad69f..d112f038f 100644 --- a/wolfssl/openssl/bio.h +++ b/wolfssl/openssl/bio.h @@ -57,6 +57,7 @@ #define BIO_set_write_buf_size wolfSSL_BIO_set_write_buf_size #define BIO_make_bio_pair wolfSSL_BIO_make_bio_pair +#define BIO_new_fd wolfSSL_BIO_new_fd #define BIO_set_fp wolfSSL_BIO_set_fp #define BIO_get_fp wolfSSL_BIO_get_fp #define BIO_seek wolfSSL_BIO_seek @@ -123,6 +124,7 @@ #define BIO_meth_set_create wolfSSL_BIO_meth_set_create #define BIO_meth_set_destroy wolfSSL_BIO_meth_set_destroy +#define BIO_snprintf XSNPRINTF /* BIO CTRL */ #define BIO_CTRL_RESET 1 diff --git a/wolfssl/openssl/conf.h b/wolfssl/openssl/conf.h index 9898b44e7..9dbe20ae0 100644 --- a/wolfssl/openssl/conf.h +++ b/wolfssl/openssl/conf.h @@ -67,6 +67,8 @@ WOLFSSL_API int wolfSSL_sk_CONF_VALUE_push(WOLF_STACK_OF(WOLFSSL_CONF_VALUE)* sk WOLFSSL_API WOLFSSL_CONF *wolfSSL_NCONF_new(void *meth); WOLFSSL_API char *wolfSSL_NCONF_get_string(const WOLFSSL_CONF *conf, const char *group, const char *name); +WOLFSSL_API int wolfSSL_NCONF_get_number(const CONF *conf, const char *group, + const char *name, long *result); WOLFSSL_API WOLFSSL_STACK *wolfSSL_NCONF_get_section( const WOLFSSL_CONF *conf, const char *section); WOLFSSL_API int wolfSSL_NCONF_load(WOLFSSL_CONF *conf, const char *file, long *eline); @@ -92,8 +94,11 @@ WOLFSSL_API WOLFSSL_CONF_VALUE *wolfSSL_CONF_get_section(WOLFSSL_CONF *conf, #define lh_CONF_VALUE_insert wolfSSL_sk_CONF_VALUE_push #define NCONF_new wolfSSL_NCONF_new +#define NCONF_free wolfSSL_NCONF_free #define NCONF_get_string wolfSSL_NCONF_get_string #define NCONF_get_section wolfSSL_NCONF_get_section +#define NCONF_get_number wolfSSL_NCONF_get_number +#define NCONF_load wolfSSL_NCONF_load #define CONF_modules_load wolfSSL_CONF_modules_load diff --git a/wolfssl/openssl/evp.h b/wolfssl/openssl/evp.h index fa1065a9d..d928becc7 100644 --- a/wolfssl/openssl/evp.h +++ b/wolfssl/openssl/evp.h @@ -557,6 +557,9 @@ WOLFSSL_API int wolfSSL_EVP_PKEY_derive_init(WOLFSSL_EVP_PKEY_CTX *ctx); WOLFSSL_API int wolfSSL_EVP_PKEY_derive_set_peer(WOLFSSL_EVP_PKEY_CTX *ctx, WOLFSSL_EVP_PKEY *peer); WOLFSSL_API int wolfSSL_EVP_PKEY_derive(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); +WOLFSSL_API int wolfSSL_EVP_PKEY_CTX_ctrl_str(WOLFSSL_EVP_PKEY_CTX *ctx, + const char *name, const char *value); + WOLFSSL_API int wolfSSL_EVP_PKEY_decrypt(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, const unsigned char *in, size_t inlen); @@ -830,6 +833,7 @@ typedef WOLFSSL_EVP_CIPHER_CTX EVP_CIPHER_CTX; #define EVP_PKEY_type wolfSSL_EVP_PKEY_type #define EVP_PKEY_base_id wolfSSL_EVP_PKEY_base_id #define EVP_PKEY_id wolfSSL_EVP_PKEY_id +#define EVP_PKEY_CTX_ctrl_str wolfSSL_EVP_PKEY_CTX_ctrl_str #define EVP_SignFinal wolfSSL_EVP_SignFinal #define EVP_SignInit wolfSSL_EVP_SignInit #define EVP_SignInit_ex wolfSSL_EVP_SignInit_ex diff --git a/wolfssl/openssl/pkcs12.h b/wolfssl/openssl/pkcs12.h index bcd994c57..8f4011319 100644 --- a/wolfssl/openssl/pkcs12.h +++ b/wolfssl/openssl/pkcs12.h @@ -42,6 +42,7 @@ /* wolfSSL level using structs from ssl.h and calls down to wolfCrypt */ #define d2i_PKCS12_bio wolfSSL_d2i_PKCS12_bio #define PKCS12_parse wolfSSL_PKCS12_parse +#define PKCS12_verify_mac wolfSSL_PKCS12_verify_mac #define PKCS12_create wolfSSL_PKCS12_create #define PKCS12_PBE_add wolfSSL_PKCS12_PBE_add diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index bd1f7bc92..f390be82f 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -436,7 +436,9 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define X509_set_version wolfSSL_X509_set_version #define X509_REQ_set_version wolfSSL_X509_set_version #define X509_sign wolfSSL_X509_sign +#define X509_sign_ctx wolfSSL_X509_sign_ctx #define X509_print wolfSSL_X509_print +#define X509_REQ_print wolfSSL_X509_print #define X509_print_ex wolfSSL_X509_print_ex #define X509_print_fp wolfSSL_X509_print_fp #define X509_REQ_print_fp wolfSSL_X509_print_fp @@ -445,6 +447,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define X509_verify wolfSSL_X509_verify #define X509_REQ_verify wolfSSL_X509_REQ_verify #define X509_check_private_key wolfSSL_X509_check_private_key +#define X509_REQ_check_private_key wolfSSL_X509_check_private_key #define X509_check_ca wolfSSL_X509_check_ca #define X509_check_host wolfSSL_X509_check_host #define X509_check_ip_asc wolfSSL_X509_check_ip_asc @@ -452,6 +455,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define X509_check_issued wolfSSL_X509_check_issued #define X509_dup wolfSSL_X509_dup #define X509_add_ext wolfSSL_X509_add_ext +#define X509_delete_ext wolfSSL_X509_delete_ext #define X509_EXTENSION_get_object wolfSSL_X509_EXTENSION_get_object #define X509_EXTENSION_get_data wolfSSL_X509_EXTENSION_get_data @@ -686,10 +690,16 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define sk_ASN1_OBJECT_free wolfSSL_sk_ASN1_OBJECT_free +#define ASN1_TIME_new wolfSSL_ASN1_TIME_new +#define ASN1_UTCTIME_new wolfSSL_ASN1_TIME_new #define ASN1_TIME_free wolfSSL_ASN1_TIME_free +#define ASN1_UTCTIME_free wolfSSL_ASN1_TIME_free #define ASN1_TIME_adj wolfSSL_ASN1_TIME_adj #define ASN1_TIME_print wolfSSL_ASN1_TIME_print #define ASN1_TIME_to_generalizedtime wolfSSL_ASN1_TIME_to_generalizedtime +#define ASN1_TIME_set wolfSSL_ASN1_TIME_set +#define ASN1_TIME_set_string wolfSSL_ASN1_TIME_set_string +#define ASN1_TIME_to_string wolfSSL_ASN1_TIME_to_string #define ASN1_GENERALIZEDTIME_print wolfSSL_ASN1_GENERALIZEDTIME_print #define ASN1_GENERALIZEDTIME_free wolfSSL_ASN1_GENERALIZEDTIME_free @@ -707,14 +717,20 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define i2a_ASN1_OBJECT wolfSSL_i2a_ASN1_OBJECT #define i2d_ASN1_OBJECT wolfSSL_i2d_ASN1_OBJECT +#define ASN1_STRING_new wolfSSL_ASN1_STRING_new +#define ASN1_STRING_free wolfSSL_ASN1_STRING_free +#define ASN1_STRING_cmp wolfSSL_ASN1_STRING_cmp #define ASN1_STRING_data wolfSSL_ASN1_STRING_data #define ASN1_STRING_get0_data wolfSSL_ASN1_STRING_data #define ASN1_STRING_length wolfSSL_ASN1_STRING_length #define ASN1_STRING_to_UTF8 wolfSSL_ASN1_STRING_to_UTF8 +#define ASN1_UNIVERSALSTRING_to_string wolfSSL_ASN1_UNIVERSALSTRING_to_string #define ASN1_STRING_print_ex wolfSSL_ASN1_STRING_print_ex #define ASN1_STRING_print(x, y) wolfSSL_ASN1_STRING_print ((WOLFSSL_BIO*)(x), (WOLFSSL_ASN1_STRING*)(y)) #define d2i_DISPLAYTEXT wolfSSL_d2i_DISPLAYTEXT +#define ASN1_PRINTABLE_type(...) V_ASN1_PRINTABLESTRING + #define ASN1_UTCTIME_pr wolfSSL_ASN1_UTCTIME_pr #define ASN1_IA5STRING WOLFSSL_ASN1_STRING diff --git a/wolfssl/openssl/txt_db.h b/wolfssl/openssl/txt_db.h index 578463e34..7fcc29f94 100644 --- a/wolfssl/openssl/txt_db.h +++ b/wolfssl/openssl/txt_db.h @@ -24,14 +24,32 @@ #include +#define WOLFSSL_TXT_DB_MAX_FIELDS 10 + struct WOLFSSL_TXT_DB { + int num_fields; WOLF_STACK_OF(WOLFSSL_STRING) *data; - WOLF_LHASH_OF(WOLFSSL_STRING) **index; long error; long arg1; long arg2; + wolf_sk_compare_cb comp[WOLFSSL_TXT_DB_MAX_FIELDS]; + wolf_sk_hash_cb hash_fn[WOLFSSL_TXT_DB_MAX_FIELDS]; }; -typedef struct WOLFSSL_TXT_DB TXT_DB; +typedef struct WOLFSSL_TXT_DB WOLFSSL_TXT_DB; + +WOLFSSL_API WOLFSSL_TXT_DB *wolfSSL_TXT_DB_read(WOLFSSL_BIO *in, int num); +WOLFSSL_API void wolfSSL_TXT_DB_free(WOLFSSL_TXT_DB *db); +WOLFSSL_API int wolfSSL_TXT_DB_create_index(WOLFSSL_TXT_DB *db, int field, + void* qual, wolf_sk_hash_cb hash, wolf_sk_compare_cb cmp); +WOLFSSL_API WOLFSSL_STRING *wolfSSL_TXT_DB_get_by_index(WOLFSSL_TXT_DB *db, + int idx, WOLFSSL_STRING *value); + +#define TXT_DB WOLFSSL_TXT_DB + +#define TXT_DB_read wolfSSL_TXT_DB_read +#define TXT_DB_free wolfSSL_TXT_DB_free +#define TXT_DB_create_index wolfSSL_TXT_DB_create_index +#define TXT_DB_get_by_index wolfSSL_TXT_DB_get_by_index #endif /* WOLFSSL_TXT_DB_H_ */ diff --git a/wolfssl/openssl/x509v3.h b/wolfssl/openssl/x509v3.h index cf4691a4d..406481bf4 100644 --- a/wolfssl/openssl/x509v3.h +++ b/wolfssl/openssl/x509v3.h @@ -83,6 +83,8 @@ struct WOLFSSL_X509_EXTENSION { #define X509V3_CTX WOLFSSL_X509V3_CTX +#define CTX_TEST 0x1 + typedef struct WOLFSSL_AUTHORITY_KEYID AUTHORITY_KEYID; typedef struct WOLFSSL_BASIC_CONSTRAINTS BASIC_CONSTRAINTS; typedef struct WOLFSSL_ACCESS_DESCRIPTION ACCESS_DESCRIPTION; @@ -107,10 +109,17 @@ WOLFSSL_API int wolfSSL_X509V3_EXT_print(WOLFSSL_BIO *out, #define ASN1_OCTET_STRING WOLFSSL_ASN1_STRING #define X509V3_EXT_get wolfSSL_X509V3_EXT_get #define X509V3_EXT_d2i wolfSSL_X509V3_EXT_d2i +#ifndef NO_WOLFSSL_STUB +#define X509V3_EXT_add_nconf(...) 0 +#endif #define i2s_ASN1_OCTET_STRING wolfSSL_i2s_ASN1_STRING #define X509V3_EXT_print wolfSSL_X509V3_EXT_print #define X509V3_EXT_conf_nid wolfSSL_X509V3_EXT_conf_nid #define X509V3_set_ctx wolfSSL_X509V3_set_ctx +#ifndef NO_WOLFSSL_STUB +#define X509V3_set_nconf(...) +#endif +#define X509V3_set_ctx_test(ctx) wolfSSL_X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST) #define X509V3_set_ctx_nodb wolfSSL_X509V3_set_ctx_nodb #define X509v3_get_ext_count wolfSSL_sk_num diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index c9633ea7b..68dbe1950 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1171,6 +1171,7 @@ WOLFSSL_API void wolfSSL_sk_ASN1_OBJECT_pop_free( WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk, void (*f)(WOLFSSL_ASN1_OBJECT*)); WOLFSSL_API int wolfSSL_ASN1_STRING_to_UTF8(unsigned char **out, WOLFSSL_ASN1_STRING *in); +WOLFSSL_API int wolfSSL_ASN1_UNIVERSALSTRING_to_string(WOLFSSL_ASN1_STRING *s); WOLFSSL_API int wolfSSL_sk_X509_EXTENSION_num(WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk); WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_sk_X509_EXTENSION_value( WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk, int idx); @@ -1286,6 +1287,7 @@ WOLFSSL_API void wolfSSL_set_bio(WOLFSSL*, WOLFSSL_BIO* rd, WOLFSSL_BIO* wr); #ifndef NO_FILESYSTEM WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_file(void); +WOLFSSL_API WOLFSSL_BIO *wolfSSL_BIO_new_fd(int fd, int close_flag); #endif WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_bio(void); @@ -1396,6 +1398,7 @@ WOLFSSL_API int wolfSSL_X509_set_serialNumber(WOLFSSL_X509* x509, WOLFSSL_API int wolfSSL_X509_set_version(WOLFSSL_X509* x509, long v); WOLFSSL_API int wolfSSL_X509_sign(WOLFSSL_X509* x509, WOLFSSL_EVP_PKEY* pkey, const WOLFSSL_EVP_MD* md); +WOLFSSL_API int wolfSSL_X509_sign_ctx(WOLFSSL_X509 *x509, WOLFSSL_EVP_MD_CTX *ctx); WOLFSSL_API int wolfSSL_X509_NAME_entry_count(WOLFSSL_X509_NAME*); @@ -1410,6 +1413,7 @@ WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_ASN1_STRING_dup(WOLFSSL_ASN1_STRING* as WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_ASN1_STRING_type_new(int type); WOLFSSL_API int wolfSSL_ASN1_STRING_type(const WOLFSSL_ASN1_STRING* asn1); WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_d2i_DISPLAYTEXT(WOLFSSL_ASN1_STRING **asn, const unsigned char **in, long len); +WOLFSSL_API int wolfSSL_ASN1_STRING_cmp(const WOLFSSL_ASN1_STRING *a, const WOLFSSL_ASN1_STRING *b); WOLFSSL_API void wolfSSL_ASN1_STRING_free(WOLFSSL_ASN1_STRING* asn1); WOLFSSL_API int wolfSSL_ASN1_STRING_set(WOLFSSL_ASN1_STRING* asn1, const void* data, int dataSz); @@ -1454,7 +1458,7 @@ WOLFSSL_API void wolfSSL_X509_STORE_CTX_cleanup(WOLFSSL_X509_STORE_CTX*); WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_lastUpdate(WOLFSSL_X509_CRL*); WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_nextUpdate(WOLFSSL_X509_CRL*); -WOLFSSL_ASN1_TIME* wolfSSL_X509_gmtime_adj(WOLFSSL_ASN1_TIME *s, long adj); +WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_X509_gmtime_adj(WOLFSSL_ASN1_TIME *s, long adj); WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509*); WOLFSSL_API int wolfSSL_X509_CRL_verify(WOLFSSL_X509_CRL*, WOLFSSL_EVP_PKEY*); @@ -2086,6 +2090,7 @@ WOLFSSL_API int wolfSSL_ASN1_TIME_diff(int *pday, int *psec, const WOLFSSL_ASN1_TIME *from, const WOLFSSL_ASN1_TIME *to); #ifdef OPENSSL_EXTRA WOLFSSL_API WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_set(WOLFSSL_ASN1_TIME *s, time_t t); +WOLFSSL_API int wolfSSL_ASN1_TIME_set_string(WOLFSSL_ASN1_TIME *s, const char *str); #endif WOLFSSL_API int wolfSSL_sk_num(const WOLFSSL_STACK* sk); @@ -2238,6 +2243,8 @@ WOLFSSL_API WOLFSSL_X509_PKCS12* wolfSSL_d2i_PKCS12_fp(XFILE fp, WOLFSSL_API int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, WOLFSSL_EVP_PKEY** pkey, WOLFSSL_X509** cert, WOLF_STACK_OF(WOLFSSL_X509)** ca); +WOLFSSL_API int wolfSSL_PKCS12_verify_mac(WC_PKCS12 *pkcs12, const char *psw, + int pswLen); WOLFSSL_API WC_PKCS12* wolfSSL_PKCS12_create(char* pass, char* name, WOLFSSL_EVP_PKEY* pkey, WOLFSSL_X509* cert, WOLF_STACK_OF(WOLFSSL_X509)* ca, @@ -3385,6 +3392,7 @@ WOLFSSL_API int wolfSSL_X509_get_ext_by_NID(const WOLFSSL_X509 *x, int nid, int WOLFSSL_API int wolfSSL_X509_add_ext(WOLFSSL_X509 *x, WOLFSSL_X509_EXTENSION *ex, int loc); WOLFSSL_API WOLFSSL_X509_EXTENSION *wolfSSL_X509V3_EXT_i2d(int nid, int crit, void *data); +WOLFSSL_API WOLFSSL_X509_EXTENSION *wolfSSL_X509_delete_ext(WOLFSSL_X509 *x509, int loc); WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509V3_EXT_conf_nid( WOLF_LHASH_OF(CONF_VALUE)* conf, WOLFSSL_X509V3_CTX* ctx, int nid, char* value); @@ -3900,6 +3908,7 @@ WOLFSSL_API WOLF_STACK_OF(WOLFSSL_STRING) *wolfSSL_X509_get1_ocsp(WOLFSSL_X509 * WOLFSSL_API int wolfSSL_X509_check_issued(WOLFSSL_X509 *issuer, WOLFSSL_X509 *subject); +WOLFSSL_API WOLF_STACK_OF(WOLFSSL_STRING)* wolfSSL_sk_WOLFSSL_STRING_new(void); WOLFSSL_API char* wolfSSL_sk_WOLFSSL_STRING_value( WOLF_STACK_OF(WOLFSSL_STRING)* strings, int idx); WOLFSSL_API int wolfSSL_sk_WOLFSSL_STRING_num( diff --git a/wolfssl/wolfcrypt/pkcs12.h b/wolfssl/wolfcrypt/pkcs12.h index 7082b6279..362c8bf57 100644 --- a/wolfssl/wolfcrypt/pkcs12.h +++ b/wolfssl/wolfcrypt/pkcs12.h @@ -53,6 +53,8 @@ WOLFSSL_API int wc_i2d_PKCS12(WC_PKCS12* pkcs12, byte** der, int* derSz); WOLFSSL_API int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, byte** pkey, word32* pkeySz, byte** cert, word32* certSz, WC_DerCertList** ca); +WOLFSSL_LOCAL int wc_PKCS12_verify_ex(WC_PKCS12* pkcs12, + const byte* psw, word32 pswSz); WOLFSSL_API WC_PKCS12* wc_PKCS12_create(char* pass, word32 passSz, char* name, byte* key, word32 keySz, byte* cert, word32 certSz, WC_DerCertList* ca, int nidKey, int nidCert, int iter, int macIter, diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h index 2657739ca..b00cb9ff0 100644 --- a/wolfssl/wolfcrypt/wc_port.h +++ b/wolfssl/wolfcrypt/wc_port.h @@ -599,6 +599,7 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); #else #define XFOPEN fopen #endif + #define XFDOPEN fdopen #define XFSEEK fseek #define XFTELL ftell #define XREWIND rewind