feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Jenkins fixes

Browse Source
This commit is contained in:
Juliusz Sosinowicz
2020-10-28 11:57:18 +01:00
parent 25f5427bdd
commit 77c730361e
16 changed files with 294 additions and 180 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
certs/include.am
View File

@@ -52,7 +52,10 @@ EXTRA_DIST += \
certs/ecc-privOnlyCert.pem \
certs/dh3072.pem \
certs/dh4096.pem \
certs/client-cert-ext.pem
certs/client-cert-ext.pem \
certs/csr.attr.der \
certs/csr.dsa.pem \
certs/csr.signed.der
EXTRA_DIST += \
certs/ca-key.der \

16
src/bio.c
View File

@@ -231,8 +231,11 @@ int wolfSSL_BIO_read(WOLFSSL_BIO* bio, void* buf, int len)
if (bio && bio->type == WOLFSSL_BIO_FILE) {
if (bio->ptr)
ret = (int)XFREAD(buf, 1, len, (XFILE)bio->ptr);
#if !defined(USE_WINDOWS_API) && !defined(NO_WOLFSSL_DIR)\
&& !defined(WOLFSSL_NUCLEUS) && !defined(WOLFSSL_NUCLEUS_1_2)
else
ret = XREAD(bio->num, buf, len);
ret = (int)XREAD(bio->num, buf, len);
#endif
}
#endif
@@ -586,8 +589,11 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len)
if (bio && bio->type == WOLFSSL_BIO_FILE) {
if (bio->ptr)
ret = (int)XFWRITE(data, 1, len, (XFILE)bio->ptr);
#if !defined(USE_WINDOWS_API) && !defined(NO_WOLFSSL_DIR)\
&& !defined(WOLFSSL_NUCLEUS) && !defined(WOLFSSL_NUCLEUS_1_2)
else
ret = XWRITE(bio->num, data, len);
ret = (int)XWRITE(bio->num, data, len);
#endif
}
#endif
@@ -1328,6 +1334,12 @@ int wolfSSL_BIO_reset(WOLFSSL_BIO *bio)
}
#ifndef NO_FILESYSTEM
/**
* Creates a new file BIO object
* @param fd file descriptor for to use for the new object
* @param close_flag BIO_NOCLOSE or BIO_CLOSE
* @return New BIO object or NULL on failure
*/
WOLFSSL_BIO *wolfSSL_BIO_new_fd(int fd, int close_flag)
{
WOLFSSL_BIO* bio;

267
src/ssl.c
View File

@@ -8065,7 +8065,11 @@ int wolfSSL_X509_get_ext_count(const WOLFSSL_X509* passedCert)
}
InitDecodedCert(&cert, rawCert, (word32)outSz, 0);
if (ParseCert(&cert, passedCert->isCSR ? CERTREQ_TYPE : CA_TYPE,
if (ParseCert(&cert,
#ifdef WOLFSSL_CERT_REQ
passedCert->isCSR ? CERTREQ_TYPE :
#endif
CA_TYPE,
NO_VERIFY, NULL) < 0) {
WOLFSSL_MSG("\tCertificate parsing failed");
return WOLFSSL_FAILURE;
@@ -8080,7 +8084,10 @@ int wolfSSL_X509_get_ext_count(const WOLFSSL_X509* passedCert)
return WOLFSSL_FAILURE;
}
if (!passedCert->isCSR) {
#ifdef WOLFSSL_CERT_REQ
if (!passedCert->isCSR)
#endif
{
if (input[idx++] != ASN_EXTENSIONS) {
WOLFSSL_MSG("\tfail: should be an EXTENSIONS");
FreeDecodedCert(&cert);
@@ -8403,7 +8410,11 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
InitDecodedCert( &cert, rawCert, (word32)outSz, 0);
if (ParseCert(&cert, x509->isCSR ? CERTREQ_TYPE : CA_TYPE,
if (ParseCert(&cert,
#ifdef WOLFSSL_CERT_REQ
x509->isCSR ? CERTREQ_TYPE :
#endif
CA_TYPE,
NO_VERIFY, NULL) < 0) {
WOLFSSL_MSG("\tCertificate parsing failed");
wolfSSL_X509_EXTENSION_free(ext);
@@ -8420,7 +8431,10 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
return NULL;
}
if (!x509->isCSR) {
#ifdef WOLFSSL_CERT_REQ
if (!x509->isCSR)
#endif
{
if (input[idx++] != ASN_EXTENSIONS) {
WOLFSSL_MSG("\tfail: should be an EXTENSIONS");
wolfSSL_X509_EXTENSION_free(ext);
@@ -9412,7 +9426,11 @@ int wolfSSL_X509_get_ext_by_NID(const WOLFSSL_X509* x509, int nid, int lastPos)
InitDecodedCert( &cert, rawCert, (word32)outSz, 0);
if (ParseCert(&cert, x509->isCSR ? CERTREQ_TYPE : CA_TYPE,
if (ParseCert(&cert,
#ifdef WOLFSSL_CERT_REQ
x509->isCSR ? CERTREQ_TYPE :
#endif
CA_TYPE,
NO_VERIFY, NULL) < 0) {
WOLFSSL_MSG("\tCertificate parsing failed");
return WOLFSSL_FATAL_ERROR;
@@ -9427,7 +9445,10 @@ int wolfSSL_X509_get_ext_by_NID(const WOLFSSL_X509* x509, int nid, int lastPos)
return WOLFSSL_FATAL_ERROR;
}
if (!x509->isCSR) {
#ifdef WOLFSSL_CERT_REQ
if (!x509->isCSR)
#endif
{
if (input[idx++] != ASN_EXTENSIONS) {
WOLFSSL_MSG("\tfail: should be an EXTENSIONS");
FreeDecodedCert(&cert);
@@ -13454,7 +13475,7 @@ int AddSession(WOLFSSL* ssl)
session = &SessionCache[row].Sessions[idx];
}
session->side = ssl->options.side;
session->side = (byte)ssl->options.side;
#ifdef WOLFSSL_TLS13
if (ssl->options.tls1_3) {
@@ -15653,6 +15674,12 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
return bio;
}
/**
* Create new socket BIO object. This is a pure TCP connection with
* no SSL or TLS protection.
* @param str IP address to connect to
* @return New BIO object or NULL on failure
*/
WOLFSSL_BIO *wolfSSL_BIO_new_connect(const char *str)
{
WOLFSSL_BIO *bio;
@@ -15665,6 +15692,12 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
return bio;
}
/**
* Set the port to connect to in the BIO object
* @param b BIO object
* @param port destination port
* @return WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure
*/
long wolfSSL_BIO_set_conn_port(WOLFSSL_BIO *b, char* port)
{
int p;
@@ -15685,6 +15718,12 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
return WOLFSSL_SUCCESS;
}
#ifdef HAVE_HTTP_CLIENT
/**
* Attempt to connect to the destination address and port
* @param b BIO object
* @return WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure
*/
long wolfSSL_BIO_do_connect(WOLFSSL_BIO *b)
{
SOCKET_T sfd = SOCKET_INVALID;
@@ -15704,7 +15743,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
b->shutdown = BIO_CLOSE;
return WOLFSSL_SUCCESS;
}
#endif /* HAVE_HTTP_CLIENT */
int wolfSSL_BIO_eof(WOLFSSL_BIO* b)
{
@@ -15881,9 +15920,12 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
if (bio->ptr) {
XFCLOSE((XFILE)bio->ptr);
}
#if !defined(USE_WINDOWS_API) && !defined(NO_WOLFSSL_DIR)\
&& !defined(WOLFSSL_NUCLEUS) && !defined(WOLFSSL_NUCLEUS_1_2)
else if (bio->num != -1) {
XCLOSE(bio->num);
}
#endif
}
#endif
@@ -16229,8 +16271,8 @@ int wolfSSL_CTX_set_min_proto_version(WOLFSSL_CTX* ctx, int version)
}
switch (version) {
#ifdef WOLFSSL_TLS13
case TLS1_3_VERSION:
#ifdef WOLFSSL_TLS13
wolfSSL_CTX_set_options(ctx, WOLFSSL_OP_NO_TLSv1_2);
FALL_THROUGH;
#else
@@ -19446,7 +19488,8 @@ static int wolfSSL_CONF_VALUE_cmp(const WOLFSSL_CONF_VALUE *a,
}
}
/* Use MD5 for hashing */
/* Use MD5 for hashing as it is fast and should
* be good enough for database indexing */
unsigned long wolfSSL_LH_strhash(const char *str)
{
unsigned long ret = 0;
@@ -19458,16 +19501,16 @@ unsigned long wolfSSL_LH_strhash(const char *str)
return 0;
#ifndef NO_MD5
strLen = XSTRLEN(str);
strLen = (int)XSTRLEN(str);
if (wc_Md5Hash((const byte*)str, strLen, digest) != 0) {
WOLFSSL_MSG("wc_Md5Hash error");
return 0;
}
/* Take first 4 bytes in small endian as unsigned long */
ret = digest[0];
ret |= digest[1] << 8;
ret |= digest[2] << 16;
ret |= digest[3] << 24;
ret = (unsigned int)digest[0];
ret |= ((unsigned int)digest[1] << 8 );
ret |= ((unsigned int)digest[2] << 16);
ret |= ((unsigned int)digest[3] << 24);
#else
WOLFSSL_MSG("No md5 available for wolfSSL_LH_strhash");
#endif
@@ -19551,7 +19594,7 @@ WOLFSSL_CONF_VALUE *wolfSSL_CONF_new_section(WOLFSSL_CONF *conf,
return NULL;
}
slen = XSTRLEN(section);
slen = (int)XSTRLEN(section);
if (!(ret = wolfSSL_CONF_VALUE_new())) {
WOLFSSL_MSG("wolfSSL_CONF_new error");
@@ -19606,7 +19649,7 @@ WOLFSSL_CONF_VALUE *wolfSSL_CONF_get_section(WOLFSSL_CONF *conf,
while (sk) {
WOLFSSL_CONF_VALUE* val = sk->data.conf;
if (val) {
if (XSTRCMP(section, val->section) == 0) {
if (!val->name && XSTRCMP(section, val->section) == 0) {
return val;
}
}
@@ -19741,7 +19784,7 @@ static WOLFSSL_CONF_VALUE *wolfSSL_CONF_VALUE_new_values(char* section,
}
if (section) {
len = XSTRLEN(section);
len = (int)XSTRLEN(section);
ret->section = (char*)XMALLOC(len+1, NULL, DYNAMIC_TYPE_OPENSSL);
if (!ret->section) {
WOLFSSL_MSG("malloc error");
@@ -19752,7 +19795,7 @@ static WOLFSSL_CONF_VALUE *wolfSSL_CONF_VALUE_new_values(char* section,
}
if (name) {
len = XSTRLEN(name);
len = (int)XSTRLEN(name);
ret->name = (char*)XMALLOC(len+1, NULL, DYNAMIC_TYPE_OPENSSL);
if (!ret->name) {
WOLFSSL_MSG("malloc error");
@@ -19763,7 +19806,7 @@ static WOLFSSL_CONF_VALUE *wolfSSL_CONF_VALUE_new_values(char* section,
}
if (value) {
len = XSTRLEN(value);
len = (int)XSTRLEN(value);
ret->value = (char*)XMALLOC(len+1, NULL, DYNAMIC_TYPE_OPENSSL);
if (!ret->value) {
WOLFSSL_MSG("malloc error");
@@ -19779,7 +19822,7 @@ static WOLFSSL_CONF_VALUE *wolfSSL_CONF_VALUE_new_values(char* section,
static char* expandValue(WOLFSSL_CONF *conf, const char* section,
char *str)
{
int strLen = XSTRLEN(str);
int strLen = (int)XSTRLEN(str);
char* ret = NULL;
/* Check to see if there is anything to expand */
@@ -19806,7 +19849,7 @@ static char* expandValue(WOLFSSL_CONF *conf, const char* section,
* format: ${section_name::var_name} */
s = ++startIdx;
while (*strIdx && *strIdx != ':') strIdx++;
if (!strIdx || s == strIdx || strIdx[1] != ':') {
if (!*strIdx || s == strIdx || strIdx[1] != ':') {
WOLFSSL_MSG("invalid section name in "
"variable expansion");
goto expand_cleanup;
@@ -19838,7 +19881,7 @@ static char* expandValue(WOLFSSL_CONF *conf, const char* section,
*endIdx = prevValue;
/* Skip copy if no value or zero-length value */
if (value && *value) {
int valueLen = XSTRLEN(value);
int valueLen = (int)XSTRLEN(value);
char* newRet;
/* This will allocate slightly more memory than necessary
* but better be safe */
@@ -19900,7 +19943,7 @@ int wolfSSL_NCONF_load(WOLFSSL_CONF *conf, const char *file, long *eline)
WOLFSSL_MSG("wolfSSL_BIO_get_len error");
goto cleanup;
}
if (!(buf = (char*)XMALLOC(bufLen, NULL, DYNAMIC_TYPE_TMP_BUFFER))) {
if (!(buf = (char*)XMALLOC(bufLen + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER))) {
WOLFSSL_MSG("malloc error");
goto cleanup;
}
@@ -19918,11 +19961,11 @@ int wolfSSL_NCONF_load(WOLFSSL_CONF *conf, const char *file, long *eline)
idx = buf;
bufEnd = buf + bufLen;
while (idx < bufEnd) {
char* lineEnd = XSTRNSTR(idx, "\n", bufEnd - idx);
char* lineEnd = XSTRNSTR(idx, "\n", (unsigned int)(bufEnd - idx));
char* maxIdx;
if (!lineEnd)
lineEnd = bufEnd; /* Last line in file */
maxIdx = XSTRNSTR(idx, "#", lineEnd - idx);
maxIdx = XSTRNSTR(idx, "#", (unsigned int)(lineEnd - idx));
if (!maxIdx)
maxIdx = lineEnd;
line++;
@@ -19950,7 +19993,7 @@ int wolfSSL_NCONF_load(WOLFSSL_CONF *conf, const char *file, long *eline)
/* Find end of section name */
while (idx < maxIdx && *idx != ' ' && *idx != ']')
idx++;
sectionNameLen = idx - sectionName;
sectionNameLen = (int)(idx - sectionName);
SKIP_WHITESPACE(idx, maxIdx);
if (*idx != ']') {
@@ -19976,7 +20019,7 @@ int wolfSSL_NCONF_load(WOLFSSL_CONF *conf, const char *file, long *eline)
/* Find end of name */
while (idx < maxIdx && *idx != ' ' && *idx != '=')
idx++;
nameLen = idx - name;
nameLen = (int)(idx - name);
SKIP_WHITESPACE(idx, maxIdx);
if (*idx != '=') {
WOLFSSL_MSG("Missing equals sign");
@@ -19989,7 +20032,7 @@ int wolfSSL_NCONF_load(WOLFSSL_CONF *conf, const char *file, long *eline)
idx = maxIdx-1;
while (idx >= value && (*idx == ' ' || *idx == '\t'))
idx--;
valueLen = idx - value + 1;
valueLen = (int)(idx - value + 1);
/* Sanity checks */
if (nameLen <= 0 || valueLen <= 0) {
@@ -21565,7 +21608,7 @@ WOLFSSL_TXT_DB *wolfSSL_TXT_DB_read(WOLFSSL_BIO *in, int num)
char** fieldPtr = NULL;
int fieldPtrIdx = 0;
char* fieldCheckIdx = NULL;
lineEnd = XSTRNSTR(idx, "\n", bufEnd - idx);
lineEnd = XSTRNSTR(idx, "\n", (unsigned int)(bufEnd - idx));
if (!lineEnd)
lineEnd = bufEnd;
if (idx == lineEnd) /* empty line */
@@ -21675,7 +21718,7 @@ long wolfSSL_TXT_DB_write(WOLFSSL_BIO *out, WOLFSSL_TXT_DB *db)
}
}
idx[-1] = '\n';
sz = idx - buf;
sz = (int)(idx - buf);
if (wolfSSL_BIO_write(out, buf, sz) != sz) {
WOLFSSL_MSG("wolfSSL_BIO_write error");
@@ -23320,6 +23363,7 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b)
return wolfSSL_X509_print_ex(bio, x509, 0, 0);
}
#ifndef NO_FILESYSTEM
int wolfSSL_X509_print_fp(XFILE fp, WOLFSSL_X509 *x509)
{
WOLFSSL_BIO* bio;
@@ -23348,6 +23392,7 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b)
return ret;
}
#endif /* NO_FILESYSTEM */
#endif /* XSNPRINTF */
#endif /* !NO_BIO */
@@ -24179,8 +24224,13 @@ WOLFSSL_X509_LOOKUP* wolfSSL_X509_STORE_add_lookup(WOLFSSL_X509_STORE* store,
return &store->lookup;
}
#if !defined(NO_CERTS) && defined(WOLFSSL_CERT_GEN)
static int wolfSSL_X509_make_der(WOLFSSL_X509* x509, int req,
unsigned char* der, int* derSz, int includeSig);
#endif
#ifndef NO_CERTS
#ifdef WOLFSSL_CERT_GEN
#ifndef NO_BIO
/* Converts the X509 to DER format and outputs it into bio.
*
@@ -24250,6 +24300,7 @@ int wolfSSL_i2d_X509_REQ_bio(WOLFSSL_BIO* bio, WOLFSSL_X509* x509)
return wolfSSL_i2d_X509_X509_REQ_bio(bio, x509, 1);
}
#endif /* WOLFSSL_CERT_REQ */
#endif /* WOLFSSL_CERT_GEN */
/* Converts an internal structure to a DER buffer
*
@@ -25299,6 +25350,8 @@ static int wolfSSL_X509_X509_REQ_verify(WOLFSSL_X509* x509, WOLFSSL_EVP_PKEY* pk
int derSz = 0;
int type;
(void)req;
if (x509 == NULL || pkey == NULL) {
return WOLFSSL_FATAL_ERROR;
}
@@ -27668,7 +27721,7 @@ WOLFSSL_ASN1_OBJECT *wolfSSL_d2i_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT **a,
{
const unsigned char *d;
long len;
int tag, class;
int tag, cls;
WOLFSSL_ASN1_OBJECT* ret = NULL;
WOLFSSL_ENTER("wolfSSL_d2i_ASN1_OBJECT");
@@ -27680,7 +27733,7 @@ WOLFSSL_ASN1_OBJECT *wolfSSL_d2i_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT **a,
d = *der;
if (wolfSSL_ASN1_get_object(&d, &len, &tag, &class, length) & 0x80) {
if (wolfSSL_ASN1_get_object(&d, &len, &tag, &cls, length) & 0x80) {
WOLFSSL_MSG("wolfSSL_ASN1_get_object error");
return NULL;
}
@@ -27702,7 +27755,7 @@ WOLFSSL_ASN1_OBJECT *wolfSSL_d2i_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT **a,
* @param in ASN1 encoded data. *in is moved to the value of the ASN1 object
* @param len Length of parsed ASN1 object
* @param tag Tag value of parsed ASN1 object
* @param class Class of parsed ASN1 object
* @param cls Class of parsed ASN1 object
* @param inLen Length of *in buffer
* @return int Depends on which bits are set in the returned int:
* 0x80 an error occurred during parsing
@@ -27710,7 +27763,7 @@ WOLFSSL_ASN1_OBJECT *wolfSSL_d2i_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT **a,
* 0x01 the parsed object length is infinite
*/
int wolfSSL_ASN1_get_object(const unsigned char **in, long *len, int *tag,
int *class, long inLen)
int *cls, long inLen)
{
word32 inOutIdx = 0;
int l;
@@ -27719,27 +27772,27 @@ int wolfSSL_ASN1_get_object(const unsigned char **in, long *len, int *tag,
WOLFSSL_ENTER("wolfSSL_ASN1_get_object");
if (!in || !*in || !len || !tag || !class || inLen == 0) {
if (!in || !*in || !len || !tag || !cls || inLen == 0) {
WOLFSSL_MSG("Bad parameter");
return ret;
}
if (GetASNTag(*in, &inOutIdx, &t, inLen) != 0) {
if (GetASNTag(*in, &inOutIdx, &t, (word32)inLen) != 0) {
WOLFSSL_MSG("GetASNTag error");
return ret;
}
if (GetLength(*in, &inOutIdx, &l, inLen) < 0) {
if (GetLength(*in, &inOutIdx, &l, (word32)inLen) < 0) {
WOLFSSL_MSG("GetLength error");
return ret;
}
*tag = t & 0x1F; /* Tag number is 5 lsb */
*class = t & 0xC0; /* Class is 2 msb */
*cls = t & 0xC0; /* Class is 2 msb */
*len = l;
ret = t & ASN_CONSTRUCTED;
if (l > inLen - inOutIdx) {
if (l > (int)(inLen - inOutIdx)) {
/* Still return other values but indicate error in msb */
ret |= 0x80;
}
@@ -27773,7 +27826,7 @@ WOLFSSL_ASN1_OBJECT *wolfSSL_c2i_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT **a,
}
XMEMCPY((byte*)ret->obj, *pp, len);
ret->objSz = len;
ret->objSz = (unsigned int)len;
ret->dynamic |= WOLFSSL_ASN1_DYNAMIC_DATA;
*pp += len;
@@ -29122,7 +29175,7 @@ int wolfSSL_ASN1_TIME_set_string(WOLFSSL_ASN1_TIME *s, const char *str)
WOLFSSL_MSG("Bad parameter");
return WOLFSSL_FAILURE;
}
slen = XSTRLEN(str)+1;
slen = (int)XSTRLEN(str)+1;
if (slen > CTC_DATE_SIZE) {
WOLFSSL_MSG("Date string too long");
return WOLFSSL_FAILURE;
@@ -39856,7 +39909,7 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
* updates derSz with certificate body size on success
* return WOLFSSL_SUCCESS on success
*/
int wolfSSL_X509_make_der(WOLFSSL_X509* x509, int req,
static int wolfSSL_X509_make_der(WOLFSSL_X509* x509, int req,
unsigned char* der, int* derSz, int includeSig)
{
int ret = WOLFSSL_FAILURE;
@@ -40046,6 +40099,8 @@ cleanup:
int sigType;
WC_RNG rng;
(void)req;
sigType = wolfSSL_sigTypeFromPKEY(md, pkey);
if (sigType == WOLFSSL_FAILURE)
return WOLFSSL_FATAL_ERROR;
@@ -40065,7 +40120,7 @@ cleanup:
}
#endif
/* Sign the certificate request body. */
/* Sign the certificate (request) body. */
ret = wc_InitRng(&rng);
if (ret != 0)
return ret;
@@ -40309,7 +40364,7 @@ cleanup:
XFREE(pem, 0, DYNAMIC_TYPE_PEM);
return NULL;
}
footerSz = XSTRLEN(footer);
footerSz = (long)XSTRLEN(footer);
/* TODO: Inefficient
* reading in one byte at a time until see the footer
@@ -40532,6 +40587,7 @@ err:
}
#endif
#ifdef WOLFSSL_CERT_GEN
#ifndef NO_BIO
int wolfSSL_PEM_write_X509(XFILE fp, WOLFSSL_X509* x)
{
@@ -40558,6 +40614,7 @@ err:
return ret;
}
#endif /* !NO_BIO */
#endif /* WOLFSSL_CERT_GEN */
#endif /* !NO_FILESYSTEM */
#define PEM_BEGIN "-----BEGIN "
@@ -41063,12 +41120,13 @@ err:
while ((l = wolfSSL_BIO_read(bio, &pem[i], 1)) == 1) {
i++;
if (!header)
header = XSTRNSTR(pem, "-----BEGIN ", i);
header = XSTRNSTR(pem, "-----BEGIN ", (unsigned int)i);
else if (header) {
if (!headerEnd) {
headerEnd = XSTRNSTR(header + XSTR_SIZEOF("-----BEGIN "),
"-----",
i - (header + XSTR_SIZEOF("-----BEGIN ") - pem));
(unsigned int)
(i - (header + XSTR_SIZEOF("-----BEGIN ") - pem)));
if (headerEnd) {
headerEnd += XSTR_SIZEOF("-----");
/* Read in the newline */
@@ -41082,12 +41140,12 @@ err:
}
else if (!footer) {
footer = XSTRNSTR(headerEnd, "-----END ",
i - (headerEnd - pem));
(unsigned int)(i - (headerEnd - pem)));
}
else if (!footerEnd) {
footerEnd = XSTRNSTR(footer + XSTR_SIZEOF("-----"),
"-----", i -
(footer + XSTR_SIZEOF("-----") - pem));
"-----", (unsigned int)(i -
(footer + XSTR_SIZEOF("-----") - pem)));
if (footerEnd) {
footerEnd += XSTR_SIZEOF("-----");
/* Now check that footer matches header */
@@ -41121,12 +41179,13 @@ err:
WOLFSSL_MSG("Parsing x509 cert");
*x509 = wolfSSL_X509_load_certificate_buffer(
(const unsigned char*) header,
footerEnd - header, WOLFSSL_FILETYPE_PEM);
(int)(footerEnd - header), WOLFSSL_FILETYPE_PEM);
if (!*x509) {
WOLFSSL_MSG("wolfSSL_X509_load_certificate_buffer error");
goto err;
}
}
#ifdef HAVE_CRL
else if (headerEnd - header ==
XSTR_SIZEOF("-----BEGIN X509 CRL-----") &&
XMEMCMP(header, "-----BEGIN X509 CRL-----",
@@ -41144,6 +41203,7 @@ err:
goto err;
}
}
#endif
else {
/* TODO support WOLFSSL_X509_PKEY as well */
WOLFSSL_MSG("Unsupported PEM structure");
@@ -41216,7 +41276,9 @@ err:
}
if (ret != WOLFSSL_SUCCESS) {
wolfSSL_X509_free(x509);
#ifdef HAVE_CRL
wolfSSL_X509_CRL_free(crl);
#endif
wolfSSL_X509_PKEY_free(x_pkey);
}
else {
@@ -42194,7 +42256,7 @@ err:
if (ret == ASN_OBJECT_ID_E) {
/* Put ASN object tag in front and try again */
int len = SetObjectId(o->objSz, NULL) + o->objSz;
byte* buf = XMALLOC(len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
byte* buf = (byte*)XMALLOC(len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (!buf) {
WOLFSSL_MSG("malloc error");
return -1;
@@ -42269,35 +42331,34 @@ err:
{
WOLFSSL_ENTER("wolfSSL_OBJ_cmp");
if (a != NULL && b != NULL &&
a->obj != NULL && b->obj != NULL &&
a->objSz == b->objSz) {
return XMEMCMP(a->obj, b->obj, a->objSz);
}
else if (a != NULL && b != NULL && a->objSz != b->objSz &&
(a->type == EXT_KEY_USAGE_OID
|| b->type == EXT_KEY_USAGE_OID)) {
/* Special case for EXT_KEY_USAGE_OID so that
* cmp will be treated as a substring search */
/* Used in libest to check for id-kp-cmcRA in
* EXT_KEY_USAGE extension */
unsigned int idx;
const byte* s; /* shorter */
unsigned int sLen;
const byte* l; /* longer */
unsigned int lLen;
if (a->objSz > b->objSz) {
s = b->obj; sLen = b->objSz;
l = a->obj; lLen = a->objSz;
if (a && b && a->obj && b->obj) {
if (a->objSz == b->objSz) {
return XMEMCMP(a->obj, b->obj, a->objSz);
}
else {
s = a->obj; sLen = a->objSz;
l = b->obj; lLen = b->objSz;
}
for (idx = 0; idx <= lLen - sLen; idx++) {
if (XMEMCMP(l + idx, s, sLen) == 0) {
/* Found substring */
return 0;
else if (a->type == EXT_KEY_USAGE_OID ||
b->type == EXT_KEY_USAGE_OID) {
/* Special case for EXT_KEY_USAGE_OID so that
* cmp will be treated as a substring search */
/* Used in libest to check for id-kp-cmcRA in
* EXT_KEY_USAGE extension */
unsigned int idx;
const byte* s; /* shorter */
unsigned int sLen;
const byte* l; /* longer */
unsigned int lLen;
if (a->objSz > b->objSz) {
s = b->obj; sLen = b->objSz;
l = a->obj; lLen = a->objSz;
}
else {
s = a->obj; sLen = a->objSz;
l = b->obj; lLen = b->objSz;
}
for (idx = 0; idx <= lLen - sLen; idx++) {
if (XMEMCMP(l + idx, s, sLen) == 0) {
/* Found substring */
return 0;
}
}
}
}
@@ -42554,18 +42615,6 @@ err:
return ret == 1 ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
}
#ifndef NO_WOLFSSL_STUB
WOLF_STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_dup_CA_list(
WOLF_STACK_OF(WOLFSSL_X509_NAME) *sk)
{
(void) sk;
WOLFSSL_ENTER("wolfSSL_dup_CA_list");
WOLFSSL_STUB("SSL_dup_CA_list");
return NULL;
}
#endif
/* wolfSSL uses negative values for error states. This function returns an
* unsigned type so the value returned is the absolute value of the error.
*/
@@ -42935,7 +42984,7 @@ size_t wolfSSL_strlcpy(char *dst, const char *src, size_t dstSize)
{
size_t i;
if (!dstSize)
if (!dstSize || !dst || !src)
return 0;
/* Always have to leave a space for NULL */
@@ -43615,7 +43664,6 @@ int wolfSSL_PEM_write_bio_X509_AUX(WOLFSSL_BIO *bp, WOLFSSL_X509 *x)
if (ret <= 0) return WOLFSSL_FAILURE;
return WOLFSSL_SUCCESS;
}
#endif /* WOLFSSL_CERT_GEN */
int wolfSSL_PEM_write_bio_X509(WOLFSSL_BIO *bio, WOLFSSL_X509 *cert)
{
@@ -43679,10 +43727,10 @@ error:
XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return WOLFSSL_FAILURE;
}
#endif /* WOLFSSL_CERT_GEN */
#endif /* !NO_BIO */
#if defined(OPENSSL_EXTRA) && !defined(NO_DH)
/* Initialize ctx->dh with dh's params. Return WOLFSSL_SUCCESS on ok */
long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX* ctx, WOLFSSL_DH* dh)
@@ -46742,6 +46790,7 @@ int wolfSSL_SSL_CTX_remove_session(WOLFSSL_CTX *ctx, WOLFSSL_SESSION *s)
return 0;
}
#ifndef NO_BIO
BIO *wolfSSL_SSL_get_rbio(const WOLFSSL *s)
{
WOLFSSL_ENTER("wolfSSL_SSL_get_rbio");
@@ -46898,7 +46947,7 @@ int wolfSSL_a2i_ASN1_INTEGER(WOLFSSL_BIO *bio, WOLFSSL_ASN1_INTEGER *asn1,
if (len > (int)(sizeof(asn1->intData) - extraTagSz)) {
/* Allocate mem for data */
if (asn1->isDynamic) {
byte* tmp = XREALLOC(asn1->data, len + extraTagSz, NULL,
byte* tmp = (byte*)XREALLOC(asn1->data, len + extraTagSz, NULL,
DYNAMIC_TYPE_OPENSSL);
if (!tmp) {
WOLFSSL_MSG("realloc error");
@@ -46907,7 +46956,7 @@ int wolfSSL_a2i_ASN1_INTEGER(WOLFSSL_BIO *bio, WOLFSSL_ASN1_INTEGER *asn1,
asn1->data = tmp;
}
else {
asn1->data = XMALLOC(len + extraTagSz, NULL,
asn1->data = (byte*)XMALLOC(len + extraTagSz, NULL,
DYNAMIC_TYPE_OPENSSL);
if (!asn1->data) {
WOLFSSL_MSG("malloc error");
@@ -47425,7 +47474,7 @@ WOLFSSL_STRING wolfSSL_sk_WOLFSSL_STRING_value(WOLF_STACK_OF(WOLFSSL_STRING)* st
int wolfSSL_sk_WOLFSSL_STRING_num(WOLF_STACK_OF(WOLFSSL_STRING)* strings)
{
if (strings)
return strings->num;
return (int)strings->num;
return 0;
}
#endif /* WOLFSSL_NGINX || WOLFSSL_HAPROXY || OPENSSL_EXTRA || OPENSSL_ALL */
@@ -47712,7 +47761,7 @@ void *wolfSSL_OPENSSL_memdup(const void *data, size_t siz, const char* file, int
void wolfSSL_OPENSSL_cleanse(void *ptr, size_t len)
{
if (ptr)
ForceZero(ptr, len);
ForceZero(ptr, (word32)len);
}
int wolfSSL_CTX_set_alpn_protos(WOLFSSL_CTX *ctx, const unsigned char *p,
@@ -48130,6 +48179,7 @@ int oid2nid(word32 oid, int grp)
}
break;
#ifdef WOLFSSL_CERT_REQ
case oidCsrAttrType:
switch (oid) {
case CHALLENGE_PASSWORD_OID:
@@ -48138,6 +48188,7 @@ int oid2nid(word32 oid, int grp)
return NID_serialNumber;
}
break;
#endif
default:
WOLFSSL_MSG("NID not in table");
@@ -51032,7 +51083,7 @@ int wolfSSL_PKCS7_encode_certs(PKCS7* pkcs7, WOLFSSL_STACK* certs,
#endif /* !NO_BIO */
/**
* This API was added as a helper functio for libest. It
* This API was added as a helper function for libest. It
* extracts a stack of certificates from the pkcs7 object.
* @param pkcs7 PKCS7 parameter object
* @return WOLFSSL_STACK_OF(WOLFSSL_X509)*
@@ -51047,7 +51098,7 @@ WOLFSSL_STACK* wolfSSL_PKCS7_to_stack(PKCS7* pkcs7)
if (!p7) {
WOLFSSL_MSG("Bad parameter");
return WOLFSSL_FAILURE;
return NULL;
}
if (p7->certs)
@@ -51714,7 +51765,6 @@ int wolfSSL_X509_set_serialNumber(WOLFSSL_X509* x509, WOLFSSL_ASN1_INTEGER* s)
int wolfSSL_X509_set_pubkey(WOLFSSL_X509 *cert, WOLFSSL_EVP_PKEY *pkey)
{
byte* p = NULL;
int pLen;
WOLFSSL_ENTER("wolfSSL_X509_set_pubkey");
if (cert == NULL || pkey == NULL)
@@ -51729,7 +51779,10 @@ int wolfSSL_X509_set_pubkey(WOLFSSL_X509 *cert, WOLFSSL_EVP_PKEY *pkey)
else
return WOLFSSL_FAILURE;
#if !defined(HAVE_FAST_RSA) && defined(WOLFSSL_KEY_GEN) && \
!defined(NO_RSA) && !defined(HAVE_USER_RSA)
if (pkey->type == EVP_PKEY_RSA) {
int pLen;
/* Public and private key formats differ. Make sure to put in the
* public key format in the cert. */
if ((pLen = wolfSSL_i2d_RSAPublicKey(pkey->rsa, (const byte**)&p)) <= 0) {
@@ -51741,7 +51794,9 @@ int wolfSSL_X509_set_pubkey(WOLFSSL_X509 *cert, WOLFSSL_EVP_PKEY *pkey)
cert->pubKey.buffer = p;
cert->pubKey.length = pLen;
}
else {
else
#endif
{
p = (byte*)XMALLOC(pkey->pkey_sz, cert->heap, DYNAMIC_TYPE_PUBLIC_KEY);
if (p == NULL)
return WOLFSSL_FAILURE;
@@ -51955,7 +52010,7 @@ int wolfSSL_X509_REQ_add1_attr_by_txt(WOLFSSL_X509 *req,
}
if (len < 0) {
len = XSTRLEN((char*)bytes);
len = (int)XSTRLEN((char*)bytes);
}
/* For now just pretend that we support this for libest testing */
@@ -51998,7 +52053,7 @@ int wolfSSL_X509_REQ_add1_attr_by_NID(WOLFSSL_X509 *req,
switch (nid) {
case NID_pkcs9_challengePassword:
if (len < 0)
len = XSTRLEN((char*)bytes);
len = (int)XSTRLEN((char*)bytes);
if (len < CTC_NAME_SIZE) {
XMEMCPY(req->challengePw, bytes, len);
req->challengePw[len] = '\0';
@@ -52029,7 +52084,7 @@ int wolfSSL_X509_REQ_add1_attr_by_NID(WOLFSSL_X509 *req,
break;
case NID_serialNumber:
if (len < 0)
len = XSTRLEN((char*)bytes);
len = (int)XSTRLEN((char*)bytes);
if (len + 1 > EXTERNAL_SERIAL_SIZE) {
WOLFSSL_MSG("SerialNumber too long");
return WOLFSSL_FAILURE;

78
tests/api.c
View File

@@ -25290,7 +25290,17 @@ static int test_wc_HashGetFlags(void)
static void test_wolfSSL_lhash(void)
{
#ifdef OPENSSL_ALL
const char testStr[] = "Like a true nature's child\n"
"We were born\n"
"Born to be wild";
printf(testingFmt, "wolfSSL_LH_strhash()");
AssertIntEQ(lh_strhash(testStr), 0xb1231320);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_NAME(void)
@@ -26811,7 +26821,9 @@ static void test_wolfSSL_tmp_dh(void)
int bytes;
DSA* dsa;
DH* dh;
#if !defined(NO_DH) && (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH))
DH* dh2;
#endif
BIO* bio;
SSL* ssl;
SSL_CTX* ctx;
@@ -26840,7 +26852,9 @@ static void test_wolfSSL_tmp_dh(void)
dh = wolfSSL_DSA_dup_DH(dsa);
AssertNotNull(dh);
#if !defined(NO_DH) && (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH))
AssertNotNull(dh2 = wolfSSL_DH_dup(dh));
#endif
AssertIntEQ((int)SSL_CTX_set_tmp_dh(ctx, dh), WOLFSSL_SUCCESS);
#ifndef NO_WOLFSSL_SERVER
@@ -26852,7 +26866,9 @@ static void test_wolfSSL_tmp_dh(void)
BIO_free(bio);
DSA_free(dsa);
DH_free(dh);
#if !defined(NO_DH) && (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH))
DH_free(dh2);
#endif
SSL_free(ssl);
SSL_CTX_free(ctx);
@@ -27662,7 +27678,7 @@ static void test_wolfSSL_X509_STORE_CTX_get0_current_issuer(void)
static void test_wolfSSL_PKCS7_certs(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA)
!defined(NO_FILESYSTEM) && !defined(NO_RSA) && defined(HAVE_PKCS7)
STACK_OF(X509)* sk = NULL;
STACK_OF(X509_INFO)* info_sk = NULL;
PKCS7 *p7 = NULL;
@@ -27712,7 +27728,7 @@ static void test_wolfSSL_PKCS7_certs(void)
printf(resultFmt, passed);
#endif /* defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA) */
!defined(NO_FILESYSTEM) && !defined(NO_RSA) && defined(HAVE_PKCS7) */
}
static void test_wolfSSL_X509_STORE_CTX(void)
@@ -29434,7 +29450,9 @@ static void test_wolfSSL_X509(void)
AssertNotNull(bio = BIO_new(BIO_s_mem()));
#ifdef WOLFSSL_CERT_GEN
AssertIntEQ(i2d_X509_bio(bio, x509), SSL_SUCCESS);
#endif
AssertNotNull(ctx = X509_STORE_CTX_new());
@@ -31228,6 +31246,7 @@ static void test_wolfSSL_BIO_write(void)
char msg[] = "conversion test";
char out[40];
char expected[] = "Y29udmVyc2lvbiB0ZXN0AA==\n";
void* bufPtr = NULL;
BUF_MEM* buf = NULL;
printf(testingFmt, "wolfSSL_BIO_write()");
@@ -31243,6 +31262,8 @@ static void test_wolfSSL_BIO_write(void)
AssertIntEQ(SSL_SUCCESS, (int)BIO_get_mem_ptr(bio, &buf));
AssertNotNull(buf);
AssertIntEQ(buf->length, 25);
AssertIntEQ(BIO_get_mem_data(bio, &bufPtr), 25);
AssertPtrEq(buf->data, bufPtr);
AssertNotNull(ptr = BIO_find_type(bio, BIO_TYPE_MEM));
sz = sizeof(out);
@@ -33444,12 +33465,15 @@ static void test_wolfSSL_get_ciphers_compat(void)
static void test_wolfSSL_X509_PUBKEY_get(void)
{
WOLFSSL_X509_PUBKEY pubkey = {0};
WOLFSSL_X509_PUBKEY pubkey;
WOLFSSL_X509_PUBKEY* key;
WOLFSSL_EVP_PKEY evpkey = {0};
WOLFSSL_EVP_PKEY evpkey ;
WOLFSSL_EVP_PKEY* evpPkey;
WOLFSSL_EVP_PKEY* retEvpPkey;
XMEMSET(&pubkey, 0, sizeof(WOLFSSL_X509_PUBKEY));
XMEMSET(&evpkey, 0, sizeof(WOLFSSL_EVP_PKEY));
key = &pubkey;
evpPkey = &evpkey;
@@ -38158,7 +38182,7 @@ static void test_wolfSSL_X509_CRL(void)
static void test_wolfSSL_d2i_X509_REQ(void)
{
#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)
#if defined(WOLFSSL_CERT_REQ) && (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA))
/* ./certs/csr.signed.der and ./certs/csr.attr.der were
* generated by libest
* ./certs/csr.attr.der contains sample attributes */
@@ -38170,7 +38194,7 @@ static void test_wolfSSL_d2i_X509_REQ(void)
* -outform PEM
* with the passphrase "wolfSSL"
*/
#ifndef NO_DSA
#if !defined(NO_DSA) && !defined(HAVE_SELFTEST)
const char* csrDsaFile = "./certs/csr.dsa.pem";
#endif
BIO* bio = NULL;
@@ -38229,7 +38253,7 @@ static void test_wolfSSL_d2i_X509_REQ(void)
BIO_free(bio);
EVP_PKEY_free(pub_key);
}
#ifndef NO_DSA
#if !defined(NO_DSA) && !defined(HAVE_SELFTEST)
{
AssertNotNull(bio = BIO_new_file(csrDsaFile, "rb"));
AssertNotNull(PEM_read_bio_X509_REQ(bio, &req, NULL, NULL));
@@ -38248,8 +38272,8 @@ static void test_wolfSSL_d2i_X509_REQ(void)
BIO_free(bio);
EVP_PKEY_free(pub_key);
}
#endif
#endif /* defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) */
#endif /* !NO_DSA && !HAVE_SELFTEST */
#endif /* WOLFSSL_CERT_REQ && (OPENSSL_ALL || OPENSSL_EXTRA) */
}
static void test_wolfSSL_PEM_read_X509(void)
@@ -39012,7 +39036,6 @@ static void test_wolfSSL_X509_print()
#ifdef OPENSSL_ALL
const X509_ALGOR *cert_sig_alg;
#endif
int stdout_fd = fileno(stdout);
printf(testingFmt, "wolfSSL_X509_print");
x509 = X509_load_certificate_file(svrCertFile, WOLFSSL_FILETYPE_PEM);
@@ -39029,7 +39052,7 @@ static void test_wolfSSL_X509_print()
#endif
BIO_free(bio);
AssertNotNull(bio = BIO_new_fd(stdout_fd, BIO_NOCLOSE));
AssertNotNull(bio = BIO_new_fd(STDOUT_FILENO, BIO_NOCLOSE));
#ifdef OPENSSL_ALL
/* Print signature */
@@ -39055,11 +39078,10 @@ static void test_wolfSSL_RSA_print()
!defined(HAVE_FAST_RSA) && !defined(NO_BIO)
BIO *bio;
WOLFSSL_RSA* rsa = NULL;
int stdout_fd = fileno(stdout);
printf(testingFmt, "wolfSSL_RSA_print");
AssertNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
AssertNotNull(bio = wolfSSL_BIO_new_fd(stdout_fd, BIO_NOCLOSE));
AssertNotNull(bio = BIO_new_fd(STDOUT_FILENO, BIO_NOCLOSE));
AssertIntEQ(RSA_print(bio, rsa, 0), SSL_SUCCESS);
BIO_free(bio);
@@ -39145,60 +39167,60 @@ static void test_wolfSSL_ASN1_STRING_print(void){
static void test_wolfSSL_ASN1_get_object(void)
{
#ifdef OPENSSL_EXTRA
#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
const unsigned char* derBuf = cliecc_cert_der_256;
int len = sizeof_cliecc_cert_der_256;
long asnLen = 0;
int tag = 0, class = 0;
int tag = 0, cls = 0;
ASN1_OBJECT *a;
printf(testingFmt, "wolfSSL_ASN1_get_object()");
/* Read a couple TLV triplets and make sure they match the expected values */
AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &class, len) & 0x80, 0);
AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls, len) & 0x80, 0);
AssertIntEQ(asnLen, 863);
AssertIntEQ(tag, 0x10);
AssertIntEQ(class, 0);
AssertIntEQ(cls, 0);
AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &class,
AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls,
len - (derBuf - cliecc_cert_der_256)) & 0x80, 0);
AssertIntEQ(asnLen, 772);
AssertIntEQ(tag, 0x10);
AssertIntEQ(class, 0);
AssertIntEQ(cls, 0);
AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &class,
AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls,
len - (derBuf - cliecc_cert_der_256)) & 0x80, 0);
AssertIntEQ(asnLen, 3);
AssertIntEQ(tag, 0);
AssertIntEQ(class, 0x80);
AssertIntEQ(cls, 0x80);
AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &class,
AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls,
len - (derBuf - cliecc_cert_der_256)) & 0x80, 0);
AssertIntEQ(asnLen, 1);
AssertIntEQ(tag, 0x2);
AssertIntEQ(class, 0);
AssertIntEQ(cls, 0);
derBuf += asnLen;
AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &class,
AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls,
len - (derBuf - cliecc_cert_der_256)) & 0x80, 0);
AssertIntEQ(asnLen, 20);
AssertIntEQ(tag, 0x2);
AssertIntEQ(class, 0);
AssertIntEQ(cls, 0);
derBuf += asnLen;
AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &class,
AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls,
len - (derBuf - cliecc_cert_der_256)) & 0x80, 0);
AssertIntEQ(asnLen, 10);
AssertIntEQ(tag, 0x10);
AssertIntEQ(class, 0);
AssertIntEQ(cls, 0);
/* Read an ASN OBJECT */
AssertNotNull(d2i_ASN1_OBJECT(&a, &derBuf, len));
ASN1_OBJECT_free(a);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA */
#endif /* OPENSSL_EXTRA && HAVE_ECC && USE_CERT_BUFFERS_256 */
}
static void test_wolfSSL_RSA_verify()

4
tests/include.am
View File

@@ -50,5 +50,7 @@ EXTRA_DIST += tests/test.conf \
tests/test-trustpeer.conf \
tests/test-dhprime.conf \
tests/test-p521.conf \
tests/test-ecc-cust-curves.conf
tests/test-ecc-cust-curves.conf \
tests/NCONF_test.cnf \
tests/TXT_DB.txt
DISTCLEANFILES+= tests/.libs/unit.test

18
wolfcrypt/src/asn.c
View File

@@ -7029,7 +7029,7 @@ void FreeSignatureCtx(SignatureCtx* sigCtx)
XFREE(sigCtx->digest, sigCtx->heap, DYNAMIC_TYPE_DIGEST);
sigCtx->digest = NULL;
}
#if !defined(NO_RSA) && !defined(NO_DSA)
#if !(defined(NO_RSA) && defined(NO_DSA))
if (sigCtx->sigCpy) {
XFREE(sigCtx->sigCpy, sigCtx->heap, DYNAMIC_TYPE_SIGNATURE);
sigCtx->sigCpy = NULL;
@@ -7265,7 +7265,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
break;
}
#endif /* !NO_RSA */
#ifndef NO_DSA
#if !defined(NO_DSA) && !defined(HAVE_SELFTEST)
case DSAk:
{
word32 idx = 0;
@@ -7317,7 +7317,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
}
break;
}
#endif /* !NO_DSA */
#endif /* !NO_DSA && !HAVE_SELFTEST */
#ifdef HAVE_ECC
case ECDSAk:
{
@@ -7458,14 +7458,14 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
break;
}
#endif /* !NO_RSA */
#ifndef NO_DSA
#if !defined(NO_DSA) && !defined(HAVE_SELFTEST)
case DSAk:
{
ret = wc_DsaVerify(sigCtx->digest, sigCtx->sigCpy,
sigCtx->key.dsa, &sigCtx->verify);
break;
}
#endif /* !NO_DSA */
#endif /* !NO_DSA && !HAVE_SELFTEST */
#if defined(HAVE_ECC)
case ECDSAk:
{
@@ -7564,7 +7564,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
break;
}
#endif /* NO_RSA */
#ifndef NO_DSA
#if !defined(NO_DSA) && !defined(HAVE_SELFTEST)
case DSAk:
{
if (sigCtx->verify == 1) {
@@ -7576,7 +7576,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
}
break;
}
#endif /* !NO_DSA */
#endif /* !NO_DSA && !HAVE_SELFTEST */
#ifdef HAVE_ECC
case ECDSAk:
{
@@ -13497,7 +13497,7 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
}
#endif
#ifndef NO_DSA
#if !defined(NO_DSA) && !defined(HAVE_SELFTEST)
if (cert->keyType == DSA_KEY) {
if (dsaKey == NULL)
return PUBLIC_KEY_E;
@@ -14246,7 +14246,7 @@ static int EncodeCertReq(Cert* cert, DerCert* der, RsaKey* rsaKey,
}
#endif
#ifndef NO_DSA
#if !defined(NO_DSA) && !defined(HAVE_SELFTEST)
if (cert->keyType == DSA_KEY) {
if (dsaKey == NULL)
return PUBLIC_KEY_E;

14
wolfcrypt/src/evp.c
View File

@@ -1377,9 +1377,12 @@ WOLFSSL_EVP_PKEY_CTX *wolfSSL_EVP_PKEY_CTX_new_id(int id, WOLFSSL_ENGINE *e)
if (pkey) {
pkey->type = id;
ctx = wolfSSL_EVP_PKEY_CTX_new(pkey, e);
if (ctx == NULL) {
wolfSSL_EVP_PKEY_free(pkey);
}
/* wolfSSL_EVP_PKEY_CTX_new calls wolfSSL_EVP_PKEY_up_ref so we need
* to always call wolfSSL_EVP_PKEY_free (either to free it if an
* error occured in the previous function or to decrease the reference
* count so that pkey is actually free'd when wolfSSL_EVP_PKEY_CTX_free
* is called) */
wolfSSL_EVP_PKEY_free(pkey);
}
return ctx;
}
@@ -1955,8 +1958,9 @@ int wolfSSL_EVP_PKEY_copy_parameters(WOLFSSL_EVP_PKEY *to,
WOLFSSL_MSG("Copy parameters not available for this key type");
return WOLFSSL_FAILURE;
}
#if defined(HAVE_ECC) || !defined(NO_DSA)
return WOLFSSL_SUCCESS;
#endif
}
#ifndef NO_WOLFSSL_STUB
@@ -3260,7 +3264,7 @@ const WOLFSSL_EVP_MD *wolfSSL_EVP_get_digestbyname(const char *name)
const struct s_ent *ent;
for (i = 0; i < sizeof(nameUpper) && name[i] != '\0'; i++) {
nameUpper[i] = XTOUPPER(name[i]);
nameUpper[i] = (char)XTOUPPER(name[i]);
}
if (i < sizeof(nameUpper))
nameUpper[i] = '\0';

11
wolfcrypt/src/pkcs7.c
View File

@@ -1261,18 +1261,24 @@ void wc_PKCS7_Free(PKCS7* pkcs7)
wc_PKCS7_SignerInfoFree(pkcs7);
wc_PKCS7_FreeDecodedAttrib(pkcs7->decodedAttrib, pkcs7->heap);
pkcs7->decodedAttrib = NULL;
wc_PKCS7_FreeCertSet(pkcs7);
#ifdef ASN_BER_TO_DER
if (pkcs7->der != NULL)
if (pkcs7->der != NULL) {
XFREE(pkcs7->der, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
pkcs7->der = NULL;
}
#endif
if (pkcs7->contentDynamic != NULL)
if (pkcs7->contentDynamic != NULL) {
XFREE(pkcs7->contentDynamic, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
pkcs7->contentDynamic = NULL;
}
if (pkcs7->cek != NULL) {
ForceZero(pkcs7->cek, pkcs7->cekSz);
XFREE(pkcs7->cek, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
pkcs7->cek = NULL;
}
pkcs7->contentTypeSz = 0;
@@ -4909,6 +4915,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
}
#ifdef ASN_BER_TO_DER
der = pkcs7->der;
pkcs7->der = NULL;
#endif
contentDynamic = pkcs7->contentDynamic;
version = pkcs7->version;

5
wolfcrypt/src/rsa.c
View File

@@ -1252,11 +1252,6 @@ static int RsaPad_PSS(const byte* input, word32 inputLen, byte* pkcsBlock,
m += inputLen;
o = 0;
if (saltLen > 0) {
if (pkcsBlockLen < RSA_PSS_PAD_SZ + inputLen + saltLen) {
WOLFSSL_MSG("RSA-PSS Output buffer too short. "
"Recommend using WOLFSSL_PSS_SALT_LEN_DISCOVER");
return PSS_SALTLEN_E;
}
ret = wc_RNG_GenerateBlock(rng, salt, saltLen);
if (ret == 0) {
XMEMCPY(m, salt, saltLen);

6
wolfssl/internal.h
View File

@@ -3637,7 +3637,9 @@ struct WOLFSSL_STACK {
WOLFSSL_CIPHER cipher;
WOLFSSL_ACCESS_DESCRIPTION* access;
WOLFSSL_X509_EXTENSION* ext;
#ifdef OPENSSL_EXTRA
WOLFSSL_CONF_VALUE* conf;
#endif
void* generic;
char* string;
WOLFSSL_GENERAL_NAME* gn;
@@ -3762,8 +3764,10 @@ struct WOLFSSL_X509 {
byte authKeyIdSet:1;
byte authKeyIdCrit:1;
byte issuerSet:1;
byte isCSR:1;
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
#ifdef WOLFSSL_CERT_REQ
byte isCSR:1;
#endif
byte serial[EXTERNAL_SERIAL_SIZE];
char subjectCN[ASN_NAME_MAX]; /* common name short cut */
#ifdef WOLFSSL_CERT_REQ

2
wolfssl/openssl/asn1.h
View File

@@ -99,7 +99,7 @@ WOLFSSL_API WOLFSSL_ASN1_INTEGER *wolfSSL_BN_to_ASN1_INTEGER(
WOLFSSL_API void wolfSSL_ASN1_TYPE_set(WOLFSSL_ASN1_TYPE *a, int type, void *value);
WOLFSSL_API int wolfSSL_ASN1_get_object(const unsigned char **in, long *len, int *tag,
int *class, long inLen);
int *cls, long inLen);
WOLFSSL_API WOLFSSL_ASN1_OBJECT *wolfSSL_c2i_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT **a,
const unsigned char **pp, long len);

21
wolfssl/openssl/conf.h
View File

@@ -28,7 +28,8 @@
extern "C" {
#endif
#include <wolfssl/openssl/ssl.h>
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/version.h>
typedef struct WOLFSSL_CONF_VALUE {
char *section;
@@ -36,9 +37,8 @@ typedef struct WOLFSSL_CONF_VALUE {
char *value;
} WOLFSSL_CONF_VALUE;
typedef struct WOLFSSL_INIT_SETTINGS {
char* appname;
} WOLFSSL_INIT_SETTINGS;
/* ssl.h requires WOLFSSL_CONF_VALUE */
#include <wolfssl/ssl.h>
typedef struct WOLFSSL_CONF {
void *meth_data;
@@ -47,21 +47,14 @@ typedef struct WOLFSSL_CONF {
typedef WOLFSSL_CONF CONF;
typedef WOLFSSL_CONF_VALUE CONF_VALUE;
typedef WOLFSSL_INIT_SETTINGS OPENSSL_INIT_SETTINGS;
#ifdef OPENSSL_EXTRA
WOLFSSL_API WOLFSSL_CONF_VALUE *wolfSSL_CONF_VALUE_new(void);
WOLFSSL_API int wolfSSL_CONF_add_string(WOLFSSL_CONF *conf,
WOLFSSL_CONF_VALUE *section, WOLFSSL_CONF_VALUE *value);
WOLFSSL_API void wolfSSL_X509V3_conf_free(WOLFSSL_CONF_VALUE *val);
WOLFSSL_API WOLFSSL_STACK *wolfSSL_sk_CONF_VALUE_new(wolf_sk_compare_cb compFunc);
WOLFSSL_API void wolfSSL_sk_CONF_VALUE_free(struct WOLFSSL_STACK *sk);
WOLFSSL_API int wolfSSL_sk_CONF_VALUE_num(const WOLFSSL_STACK *sk);
WOLFSSL_API WOLFSSL_CONF_VALUE *wolfSSL_sk_CONF_VALUE_value(
const struct WOLFSSL_STACK *sk, int i);
WOLFSSL_API int wolfSSL_sk_CONF_VALUE_push(WOLF_STACK_OF(WOLFSSL_CONF_VALUE)* sk,
WOLFSSL_CONF_VALUE* val);
WOLFSSL_API WOLFSSL_CONF *wolfSSL_NCONF_new(void *meth);
WOLFSSL_API char *wolfSSL_NCONF_get_string(const WOLFSSL_CONF *conf,
const char *group, const char *name);
@@ -102,6 +95,8 @@ WOLFSSL_API WOLFSSL_CONF_VALUE *wolfSSL_CONF_get_section(WOLFSSL_CONF *conf,
#define X509V3_conf_free wolfSSL_X509V3_conf_free
#endif /* OPENSSL_EXTRA */
#ifdef __cplusplus
} /* extern "C" */
#endif

5
wolfssl/openssl/crypto.h
View File

@@ -33,6 +33,11 @@
#include "prefix_crypto.h"
#endif
typedef struct WOLFSSL_INIT_SETTINGS {
char* appname;
} WOLFSSL_INIT_SETTINGS;
typedef WOLFSSL_INIT_SETTINGS OPENSSL_INIT_SETTINGS;
WOLFSSL_API const char* wolfSSLeay_version(int type);
WOLFSSL_API unsigned long wolfSSLeay(void);

2
wolfssl/openssl/stack.h
View File

@@ -28,8 +28,6 @@
extern "C" {
#endif
#include <wolfssl/openssl/conf.h>
typedef void (*wolfSSL_sk_freefunc)(void *);
WOLFSSL_API void wolfSSL_sk_GENERIC_pop_free(WOLFSSL_STACK* sk, wolfSSL_sk_freefunc);

15
wolfssl/ssl.h
View File

@@ -188,7 +188,6 @@ typedef struct WOLFSSL_X509_VERIFY_PARAM WOLFSSL_X509_VERIFY_PARAM;
typedef struct WOLFSSL_BIO WOLFSSL_BIO;
typedef struct WOLFSSL_BIO_METHOD WOLFSSL_BIO_METHOD;
typedef struct WOLFSSL_X509_EXTENSION WOLFSSL_X509_EXTENSION;
typedef struct WOLFSSL_CONF_VALUE WOLFSSL_CONF_VALUE;
typedef struct WOLFSSL_ASN1_OBJECT WOLFSSL_ASN1_OBJECT;
typedef struct WOLFSSL_ASN1_OTHERNAME WOLFSSL_ASN1_OTHERNAME;
typedef struct WOLFSSL_X509V3_CTX WOLFSSL_X509V3_CTX;
@@ -1361,7 +1360,9 @@ WOLFSSL_API int wolfSSL_RSA_print(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa, int offset
#endif
WOLFSSL_API int wolfSSL_X509_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509* x509,
unsigned long nmflags, unsigned long cflag);
#ifndef NO_FILESYSTEM
WOLFSSL_API int wolfSSL_X509_print_fp(XFILE fp, WOLFSSL_X509 *x509);
#endif
WOLFSSL_API int wolfSSL_X509_signature_print(WOLFSSL_BIO *bp,
const WOLFSSL_X509_ALGOR *sigalg, const WOLFSSL_ASN1_STRING *sig);
WOLFSSL_API void wolfSSL_X509_get0_signature(const WOLFSSL_ASN1_BIT_STRING **psig,
@@ -3459,8 +3460,6 @@ WOLFSSL_API int wolfSSL_SESSION_get_master_key(const WOLFSSL_SESSION* ses,
unsigned char* out, int outSz);
WOLFSSL_API int wolfSSL_SESSION_get_master_key_length(const WOLFSSL_SESSION* ses);
WOLFSSL_LOCAL int wolfSSL_X509_make_der(WOLFSSL_X509* x509, int req,
unsigned char* der, int* derSz, int includeSig);
WOLFSSL_API int wolfSSL_i2d_X509_bio(WOLFSSL_BIO* bio, WOLFSSL_X509* x509);
#ifdef WOLFSSL_CERT_REQ
WOLFSSL_API int wolfSSL_i2d_X509_REQ_bio(WOLFSSL_BIO* bio, WOLFSSL_X509* x509);
@@ -3706,8 +3705,18 @@ WOLFSSL_API int wolfSSL_sk_X509_OBJECT_num(const WOLF_STACK_OF(WOLFSSL_X509_OBJE
WOLFSSL_API int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO*,WOLFSSL_X509_NAME*,int,
unsigned long);
#ifndef NO_FILESYSTEM
WOLFSSL_API int wolfSSL_X509_NAME_print_ex_fp(XFILE,WOLFSSL_X509_NAME*,int,
unsigned long);
#endif
WOLFSSL_API WOLFSSL_STACK *wolfSSL_sk_CONF_VALUE_new(wolf_sk_compare_cb compFunc);
WOLFSSL_API void wolfSSL_sk_CONF_VALUE_free(struct WOLFSSL_STACK *sk);
WOLFSSL_API int wolfSSL_sk_CONF_VALUE_num(const WOLFSSL_STACK *sk);
WOLFSSL_API WOLFSSL_CONF_VALUE *wolfSSL_sk_CONF_VALUE_value(
const struct WOLFSSL_STACK *sk, int i);
WOLFSSL_API int wolfSSL_sk_CONF_VALUE_push(WOLF_STACK_OF(WOLFSSL_CONF_VALUE)* sk,
WOLFSSL_CONF_VALUE* val);
#endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || OPENSSL_EXTRA || HAVE_LIGHTY */
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)

5
wolfssl/wolfcrypt/types.h
View File

@@ -650,10 +650,13 @@ decouple library dependencies with standard string, memory and so on.
#include <ctype.h>
#endif
#if defined(HAVE_ECC) || defined(HAVE_OCSP) || \
defined(WOLFSSL_KEY_GEN) || !defined(NO_DSA)
defined(WOLFSSL_KEY_GEN) || !defined(NO_DSA) || \
defined(OPENSSL_EXTRA)
#define XTOUPPER(c) toupper((c))
#endif
#ifdef OPENSSL_ALL
#define XISALNUM(c) isalnum((c))
#endif
/* needed by wolfSSL_check_domain_name() */
#define XTOLOWER(c) tolower((c))
#endif