diff --git a/certs/include.am b/certs/include.am index 28c5e8515..7d613b9ef 100644 --- a/certs/include.am +++ b/certs/include.am @@ -52,7 +52,10 @@ EXTRA_DIST += \ certs/ecc-privOnlyCert.pem \ certs/dh3072.pem \ certs/dh4096.pem \ - certs/client-cert-ext.pem + certs/client-cert-ext.pem \ + certs/csr.attr.der \ + certs/csr.dsa.pem \ + certs/csr.signed.der EXTRA_DIST += \ certs/ca-key.der \ diff --git a/src/bio.c b/src/bio.c index c5e335acb..d80b7c096 100644 --- a/src/bio.c +++ b/src/bio.c @@ -231,8 +231,11 @@ int wolfSSL_BIO_read(WOLFSSL_BIO* bio, void* buf, int len) if (bio && bio->type == WOLFSSL_BIO_FILE) { if (bio->ptr) ret = (int)XFREAD(buf, 1, len, (XFILE)bio->ptr); + #if !defined(USE_WINDOWS_API) && !defined(NO_WOLFSSL_DIR)\ + && !defined(WOLFSSL_NUCLEUS) && !defined(WOLFSSL_NUCLEUS_1_2) else - ret = XREAD(bio->num, buf, len); + ret = (int)XREAD(bio->num, buf, len); + #endif } #endif @@ -586,8 +589,11 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len) if (bio && bio->type == WOLFSSL_BIO_FILE) { if (bio->ptr) ret = (int)XFWRITE(data, 1, len, (XFILE)bio->ptr); + #if !defined(USE_WINDOWS_API) && !defined(NO_WOLFSSL_DIR)\ + && !defined(WOLFSSL_NUCLEUS) && !defined(WOLFSSL_NUCLEUS_1_2) else - ret = XWRITE(bio->num, data, len); + ret = (int)XWRITE(bio->num, data, len); + #endif } #endif @@ -1328,6 +1334,12 @@ int wolfSSL_BIO_reset(WOLFSSL_BIO *bio) } #ifndef NO_FILESYSTEM +/** + * Creates a new file BIO object + * @param fd file descriptor for to use for the new object + * @param close_flag BIO_NOCLOSE or BIO_CLOSE + * @return New BIO object or NULL on failure + */ WOLFSSL_BIO *wolfSSL_BIO_new_fd(int fd, int close_flag) { WOLFSSL_BIO* bio; diff --git a/src/ssl.c b/src/ssl.c index ad7f8af0b..ff6fa8d13 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -8065,7 +8065,11 @@ int wolfSSL_X509_get_ext_count(const WOLFSSL_X509* passedCert) } InitDecodedCert(&cert, rawCert, (word32)outSz, 0); - if (ParseCert(&cert, passedCert->isCSR ? CERTREQ_TYPE : CA_TYPE, + if (ParseCert(&cert, +#ifdef WOLFSSL_CERT_REQ + passedCert->isCSR ? CERTREQ_TYPE : +#endif + CA_TYPE, NO_VERIFY, NULL) < 0) { WOLFSSL_MSG("\tCertificate parsing failed"); return WOLFSSL_FAILURE; @@ -8080,7 +8084,10 @@ int wolfSSL_X509_get_ext_count(const WOLFSSL_X509* passedCert) return WOLFSSL_FAILURE; } - if (!passedCert->isCSR) { +#ifdef WOLFSSL_CERT_REQ + if (!passedCert->isCSR) +#endif + { if (input[idx++] != ASN_EXTENSIONS) { WOLFSSL_MSG("\tfail: should be an EXTENSIONS"); FreeDecodedCert(&cert); @@ -8403,7 +8410,11 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) InitDecodedCert( &cert, rawCert, (word32)outSz, 0); - if (ParseCert(&cert, x509->isCSR ? CERTREQ_TYPE : CA_TYPE, + if (ParseCert(&cert, +#ifdef WOLFSSL_CERT_REQ + x509->isCSR ? CERTREQ_TYPE : +#endif + CA_TYPE, NO_VERIFY, NULL) < 0) { WOLFSSL_MSG("\tCertificate parsing failed"); wolfSSL_X509_EXTENSION_free(ext); @@ -8420,7 +8431,10 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) return NULL; } - if (!x509->isCSR) { +#ifdef WOLFSSL_CERT_REQ + if (!x509->isCSR) +#endif + { if (input[idx++] != ASN_EXTENSIONS) { WOLFSSL_MSG("\tfail: should be an EXTENSIONS"); wolfSSL_X509_EXTENSION_free(ext); @@ -9412,7 +9426,11 @@ int wolfSSL_X509_get_ext_by_NID(const WOLFSSL_X509* x509, int nid, int lastPos) InitDecodedCert( &cert, rawCert, (word32)outSz, 0); - if (ParseCert(&cert, x509->isCSR ? CERTREQ_TYPE : CA_TYPE, + if (ParseCert(&cert, +#ifdef WOLFSSL_CERT_REQ + x509->isCSR ? CERTREQ_TYPE : +#endif + CA_TYPE, NO_VERIFY, NULL) < 0) { WOLFSSL_MSG("\tCertificate parsing failed"); return WOLFSSL_FATAL_ERROR; @@ -9427,7 +9445,10 @@ int wolfSSL_X509_get_ext_by_NID(const WOLFSSL_X509* x509, int nid, int lastPos) return WOLFSSL_FATAL_ERROR; } - if (!x509->isCSR) { +#ifdef WOLFSSL_CERT_REQ + if (!x509->isCSR) +#endif + { if (input[idx++] != ASN_EXTENSIONS) { WOLFSSL_MSG("\tfail: should be an EXTENSIONS"); FreeDecodedCert(&cert); @@ -13454,7 +13475,7 @@ int AddSession(WOLFSSL* ssl) session = &SessionCache[row].Sessions[idx]; } - session->side = ssl->options.side; + session->side = (byte)ssl->options.side; #ifdef WOLFSSL_TLS13 if (ssl->options.tls1_3) { @@ -15653,6 +15674,12 @@ int wolfSSL_set_compression(WOLFSSL* ssl) return bio; } + /** + * Create new socket BIO object. This is a pure TCP connection with + * no SSL or TLS protection. + * @param str IP address to connect to + * @return New BIO object or NULL on failure + */ WOLFSSL_BIO *wolfSSL_BIO_new_connect(const char *str) { WOLFSSL_BIO *bio; @@ -15665,6 +15692,12 @@ int wolfSSL_set_compression(WOLFSSL* ssl) return bio; } + /** + * Set the port to connect to in the BIO object + * @param b BIO object + * @param port destination port + * @return WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure + */ long wolfSSL_BIO_set_conn_port(WOLFSSL_BIO *b, char* port) { int p; @@ -15685,6 +15718,12 @@ int wolfSSL_set_compression(WOLFSSL* ssl) return WOLFSSL_SUCCESS; } +#ifdef HAVE_HTTP_CLIENT + /** + * Attempt to connect to the destination address and port + * @param b BIO object + * @return WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure + */ long wolfSSL_BIO_do_connect(WOLFSSL_BIO *b) { SOCKET_T sfd = SOCKET_INVALID; @@ -15704,7 +15743,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) b->shutdown = BIO_CLOSE; return WOLFSSL_SUCCESS; } - +#endif /* HAVE_HTTP_CLIENT */ int wolfSSL_BIO_eof(WOLFSSL_BIO* b) { @@ -15881,9 +15920,12 @@ int wolfSSL_set_compression(WOLFSSL* ssl) if (bio->ptr) { XFCLOSE((XFILE)bio->ptr); } + #if !defined(USE_WINDOWS_API) && !defined(NO_WOLFSSL_DIR)\ + && !defined(WOLFSSL_NUCLEUS) && !defined(WOLFSSL_NUCLEUS_1_2) else if (bio->num != -1) { XCLOSE(bio->num); } + #endif } #endif @@ -16229,8 +16271,8 @@ int wolfSSL_CTX_set_min_proto_version(WOLFSSL_CTX* ctx, int version) } switch (version) { -#ifdef WOLFSSL_TLS13 case TLS1_3_VERSION: +#ifdef WOLFSSL_TLS13 wolfSSL_CTX_set_options(ctx, WOLFSSL_OP_NO_TLSv1_2); FALL_THROUGH; #else @@ -19446,7 +19488,8 @@ static int wolfSSL_CONF_VALUE_cmp(const WOLFSSL_CONF_VALUE *a, } } -/* Use MD5 for hashing */ +/* Use MD5 for hashing as it is fast and should + * be good enough for database indexing */ unsigned long wolfSSL_LH_strhash(const char *str) { unsigned long ret = 0; @@ -19458,16 +19501,16 @@ unsigned long wolfSSL_LH_strhash(const char *str) return 0; #ifndef NO_MD5 - strLen = XSTRLEN(str); + strLen = (int)XSTRLEN(str); if (wc_Md5Hash((const byte*)str, strLen, digest) != 0) { WOLFSSL_MSG("wc_Md5Hash error"); return 0; } /* Take first 4 bytes in small endian as unsigned long */ - ret = digest[0]; - ret |= digest[1] << 8; - ret |= digest[2] << 16; - ret |= digest[3] << 24; + ret = (unsigned int)digest[0]; + ret |= ((unsigned int)digest[1] << 8 ); + ret |= ((unsigned int)digest[2] << 16); + ret |= ((unsigned int)digest[3] << 24); #else WOLFSSL_MSG("No md5 available for wolfSSL_LH_strhash"); #endif @@ -19551,7 +19594,7 @@ WOLFSSL_CONF_VALUE *wolfSSL_CONF_new_section(WOLFSSL_CONF *conf, return NULL; } - slen = XSTRLEN(section); + slen = (int)XSTRLEN(section); if (!(ret = wolfSSL_CONF_VALUE_new())) { WOLFSSL_MSG("wolfSSL_CONF_new error"); @@ -19606,7 +19649,7 @@ WOLFSSL_CONF_VALUE *wolfSSL_CONF_get_section(WOLFSSL_CONF *conf, while (sk) { WOLFSSL_CONF_VALUE* val = sk->data.conf; if (val) { - if (XSTRCMP(section, val->section) == 0) { + if (!val->name && XSTRCMP(section, val->section) == 0) { return val; } } @@ -19741,7 +19784,7 @@ static WOLFSSL_CONF_VALUE *wolfSSL_CONF_VALUE_new_values(char* section, } if (section) { - len = XSTRLEN(section); + len = (int)XSTRLEN(section); ret->section = (char*)XMALLOC(len+1, NULL, DYNAMIC_TYPE_OPENSSL); if (!ret->section) { WOLFSSL_MSG("malloc error"); @@ -19752,7 +19795,7 @@ static WOLFSSL_CONF_VALUE *wolfSSL_CONF_VALUE_new_values(char* section, } if (name) { - len = XSTRLEN(name); + len = (int)XSTRLEN(name); ret->name = (char*)XMALLOC(len+1, NULL, DYNAMIC_TYPE_OPENSSL); if (!ret->name) { WOLFSSL_MSG("malloc error"); @@ -19763,7 +19806,7 @@ static WOLFSSL_CONF_VALUE *wolfSSL_CONF_VALUE_new_values(char* section, } if (value) { - len = XSTRLEN(value); + len = (int)XSTRLEN(value); ret->value = (char*)XMALLOC(len+1, NULL, DYNAMIC_TYPE_OPENSSL); if (!ret->value) { WOLFSSL_MSG("malloc error"); @@ -19779,7 +19822,7 @@ static WOLFSSL_CONF_VALUE *wolfSSL_CONF_VALUE_new_values(char* section, static char* expandValue(WOLFSSL_CONF *conf, const char* section, char *str) { - int strLen = XSTRLEN(str); + int strLen = (int)XSTRLEN(str); char* ret = NULL; /* Check to see if there is anything to expand */ @@ -19806,7 +19849,7 @@ static char* expandValue(WOLFSSL_CONF *conf, const char* section, * format: ${section_name::var_name} */ s = ++startIdx; while (*strIdx && *strIdx != ':') strIdx++; - if (!strIdx || s == strIdx || strIdx[1] != ':') { + if (!*strIdx || s == strIdx || strIdx[1] != ':') { WOLFSSL_MSG("invalid section name in " "variable expansion"); goto expand_cleanup; @@ -19838,7 +19881,7 @@ static char* expandValue(WOLFSSL_CONF *conf, const char* section, *endIdx = prevValue; /* Skip copy if no value or zero-length value */ if (value && *value) { - int valueLen = XSTRLEN(value); + int valueLen = (int)XSTRLEN(value); char* newRet; /* This will allocate slightly more memory than necessary * but better be safe */ @@ -19900,7 +19943,7 @@ int wolfSSL_NCONF_load(WOLFSSL_CONF *conf, const char *file, long *eline) WOLFSSL_MSG("wolfSSL_BIO_get_len error"); goto cleanup; } - if (!(buf = (char*)XMALLOC(bufLen, NULL, DYNAMIC_TYPE_TMP_BUFFER))) { + if (!(buf = (char*)XMALLOC(bufLen + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER))) { WOLFSSL_MSG("malloc error"); goto cleanup; } @@ -19918,11 +19961,11 @@ int wolfSSL_NCONF_load(WOLFSSL_CONF *conf, const char *file, long *eline) idx = buf; bufEnd = buf + bufLen; while (idx < bufEnd) { - char* lineEnd = XSTRNSTR(idx, "\n", bufEnd - idx); + char* lineEnd = XSTRNSTR(idx, "\n", (unsigned int)(bufEnd - idx)); char* maxIdx; if (!lineEnd) lineEnd = bufEnd; /* Last line in file */ - maxIdx = XSTRNSTR(idx, "#", lineEnd - idx); + maxIdx = XSTRNSTR(idx, "#", (unsigned int)(lineEnd - idx)); if (!maxIdx) maxIdx = lineEnd; line++; @@ -19950,7 +19993,7 @@ int wolfSSL_NCONF_load(WOLFSSL_CONF *conf, const char *file, long *eline) /* Find end of section name */ while (idx < maxIdx && *idx != ' ' && *idx != ']') idx++; - sectionNameLen = idx - sectionName; + sectionNameLen = (int)(idx - sectionName); SKIP_WHITESPACE(idx, maxIdx); if (*idx != ']') { @@ -19976,7 +20019,7 @@ int wolfSSL_NCONF_load(WOLFSSL_CONF *conf, const char *file, long *eline) /* Find end of name */ while (idx < maxIdx && *idx != ' ' && *idx != '=') idx++; - nameLen = idx - name; + nameLen = (int)(idx - name); SKIP_WHITESPACE(idx, maxIdx); if (*idx != '=') { WOLFSSL_MSG("Missing equals sign"); @@ -19989,7 +20032,7 @@ int wolfSSL_NCONF_load(WOLFSSL_CONF *conf, const char *file, long *eline) idx = maxIdx-1; while (idx >= value && (*idx == ' ' || *idx == '\t')) idx--; - valueLen = idx - value + 1; + valueLen = (int)(idx - value + 1); /* Sanity checks */ if (nameLen <= 0 || valueLen <= 0) { @@ -21565,7 +21608,7 @@ WOLFSSL_TXT_DB *wolfSSL_TXT_DB_read(WOLFSSL_BIO *in, int num) char** fieldPtr = NULL; int fieldPtrIdx = 0; char* fieldCheckIdx = NULL; - lineEnd = XSTRNSTR(idx, "\n", bufEnd - idx); + lineEnd = XSTRNSTR(idx, "\n", (unsigned int)(bufEnd - idx)); if (!lineEnd) lineEnd = bufEnd; if (idx == lineEnd) /* empty line */ @@ -21675,7 +21718,7 @@ long wolfSSL_TXT_DB_write(WOLFSSL_BIO *out, WOLFSSL_TXT_DB *db) } } idx[-1] = '\n'; - sz = idx - buf; + sz = (int)(idx - buf); if (wolfSSL_BIO_write(out, buf, sz) != sz) { WOLFSSL_MSG("wolfSSL_BIO_write error"); @@ -23320,6 +23363,7 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b) return wolfSSL_X509_print_ex(bio, x509, 0, 0); } +#ifndef NO_FILESYSTEM int wolfSSL_X509_print_fp(XFILE fp, WOLFSSL_X509 *x509) { WOLFSSL_BIO* bio; @@ -23348,6 +23392,7 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b) return ret; } +#endif /* NO_FILESYSTEM */ #endif /* XSNPRINTF */ #endif /* !NO_BIO */ @@ -24179,8 +24224,13 @@ WOLFSSL_X509_LOOKUP* wolfSSL_X509_STORE_add_lookup(WOLFSSL_X509_STORE* store, return &store->lookup; } +#if !defined(NO_CERTS) && defined(WOLFSSL_CERT_GEN) +static int wolfSSL_X509_make_der(WOLFSSL_X509* x509, int req, + unsigned char* der, int* derSz, int includeSig); +#endif #ifndef NO_CERTS +#ifdef WOLFSSL_CERT_GEN #ifndef NO_BIO /* Converts the X509 to DER format and outputs it into bio. * @@ -24250,6 +24300,7 @@ int wolfSSL_i2d_X509_REQ_bio(WOLFSSL_BIO* bio, WOLFSSL_X509* x509) return wolfSSL_i2d_X509_X509_REQ_bio(bio, x509, 1); } #endif /* WOLFSSL_CERT_REQ */ +#endif /* WOLFSSL_CERT_GEN */ /* Converts an internal structure to a DER buffer * @@ -25299,6 +25350,8 @@ static int wolfSSL_X509_X509_REQ_verify(WOLFSSL_X509* x509, WOLFSSL_EVP_PKEY* pk int derSz = 0; int type; + (void)req; + if (x509 == NULL || pkey == NULL) { return WOLFSSL_FATAL_ERROR; } @@ -27668,7 +27721,7 @@ WOLFSSL_ASN1_OBJECT *wolfSSL_d2i_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT **a, { const unsigned char *d; long len; - int tag, class; + int tag, cls; WOLFSSL_ASN1_OBJECT* ret = NULL; WOLFSSL_ENTER("wolfSSL_d2i_ASN1_OBJECT"); @@ -27680,7 +27733,7 @@ WOLFSSL_ASN1_OBJECT *wolfSSL_d2i_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT **a, d = *der; - if (wolfSSL_ASN1_get_object(&d, &len, &tag, &class, length) & 0x80) { + if (wolfSSL_ASN1_get_object(&d, &len, &tag, &cls, length) & 0x80) { WOLFSSL_MSG("wolfSSL_ASN1_get_object error"); return NULL; } @@ -27702,7 +27755,7 @@ WOLFSSL_ASN1_OBJECT *wolfSSL_d2i_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT **a, * @param in ASN1 encoded data. *in is moved to the value of the ASN1 object * @param len Length of parsed ASN1 object * @param tag Tag value of parsed ASN1 object - * @param class Class of parsed ASN1 object + * @param cls Class of parsed ASN1 object * @param inLen Length of *in buffer * @return int Depends on which bits are set in the returned int: * 0x80 an error occurred during parsing @@ -27710,7 +27763,7 @@ WOLFSSL_ASN1_OBJECT *wolfSSL_d2i_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT **a, * 0x01 the parsed object length is infinite */ int wolfSSL_ASN1_get_object(const unsigned char **in, long *len, int *tag, - int *class, long inLen) + int *cls, long inLen) { word32 inOutIdx = 0; int l; @@ -27719,27 +27772,27 @@ int wolfSSL_ASN1_get_object(const unsigned char **in, long *len, int *tag, WOLFSSL_ENTER("wolfSSL_ASN1_get_object"); - if (!in || !*in || !len || !tag || !class || inLen == 0) { + if (!in || !*in || !len || !tag || !cls || inLen == 0) { WOLFSSL_MSG("Bad parameter"); return ret; } - if (GetASNTag(*in, &inOutIdx, &t, inLen) != 0) { + if (GetASNTag(*in, &inOutIdx, &t, (word32)inLen) != 0) { WOLFSSL_MSG("GetASNTag error"); return ret; } - if (GetLength(*in, &inOutIdx, &l, inLen) < 0) { + if (GetLength(*in, &inOutIdx, &l, (word32)inLen) < 0) { WOLFSSL_MSG("GetLength error"); return ret; } *tag = t & 0x1F; /* Tag number is 5 lsb */ - *class = t & 0xC0; /* Class is 2 msb */ + *cls = t & 0xC0; /* Class is 2 msb */ *len = l; ret = t & ASN_CONSTRUCTED; - if (l > inLen - inOutIdx) { + if (l > (int)(inLen - inOutIdx)) { /* Still return other values but indicate error in msb */ ret |= 0x80; } @@ -27773,7 +27826,7 @@ WOLFSSL_ASN1_OBJECT *wolfSSL_c2i_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT **a, } XMEMCPY((byte*)ret->obj, *pp, len); - ret->objSz = len; + ret->objSz = (unsigned int)len; ret->dynamic |= WOLFSSL_ASN1_DYNAMIC_DATA; *pp += len; @@ -29122,7 +29175,7 @@ int wolfSSL_ASN1_TIME_set_string(WOLFSSL_ASN1_TIME *s, const char *str) WOLFSSL_MSG("Bad parameter"); return WOLFSSL_FAILURE; } - slen = XSTRLEN(str)+1; + slen = (int)XSTRLEN(str)+1; if (slen > CTC_DATE_SIZE) { WOLFSSL_MSG("Date string too long"); return WOLFSSL_FAILURE; @@ -39856,7 +39909,7 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) * updates derSz with certificate body size on success * return WOLFSSL_SUCCESS on success */ - int wolfSSL_X509_make_der(WOLFSSL_X509* x509, int req, + static int wolfSSL_X509_make_der(WOLFSSL_X509* x509, int req, unsigned char* der, int* derSz, int includeSig) { int ret = WOLFSSL_FAILURE; @@ -40046,6 +40099,8 @@ cleanup: int sigType; WC_RNG rng; + (void)req; + sigType = wolfSSL_sigTypeFromPKEY(md, pkey); if (sigType == WOLFSSL_FAILURE) return WOLFSSL_FATAL_ERROR; @@ -40065,7 +40120,7 @@ cleanup: } #endif - /* Sign the certificate request body. */ + /* Sign the certificate (request) body. */ ret = wc_InitRng(&rng); if (ret != 0) return ret; @@ -40309,7 +40364,7 @@ cleanup: XFREE(pem, 0, DYNAMIC_TYPE_PEM); return NULL; } - footerSz = XSTRLEN(footer); + footerSz = (long)XSTRLEN(footer); /* TODO: Inefficient * reading in one byte at a time until see the footer @@ -40532,6 +40587,7 @@ err: } #endif +#ifdef WOLFSSL_CERT_GEN #ifndef NO_BIO int wolfSSL_PEM_write_X509(XFILE fp, WOLFSSL_X509* x) { @@ -40558,6 +40614,7 @@ err: return ret; } #endif /* !NO_BIO */ +#endif /* WOLFSSL_CERT_GEN */ #endif /* !NO_FILESYSTEM */ #define PEM_BEGIN "-----BEGIN " @@ -41063,12 +41120,13 @@ err: while ((l = wolfSSL_BIO_read(bio, &pem[i], 1)) == 1) { i++; if (!header) - header = XSTRNSTR(pem, "-----BEGIN ", i); + header = XSTRNSTR(pem, "-----BEGIN ", (unsigned int)i); else if (header) { if (!headerEnd) { headerEnd = XSTRNSTR(header + XSTR_SIZEOF("-----BEGIN "), "-----", - i - (header + XSTR_SIZEOF("-----BEGIN ") - pem)); + (unsigned int) + (i - (header + XSTR_SIZEOF("-----BEGIN ") - pem))); if (headerEnd) { headerEnd += XSTR_SIZEOF("-----"); /* Read in the newline */ @@ -41082,12 +41140,12 @@ err: } else if (!footer) { footer = XSTRNSTR(headerEnd, "-----END ", - i - (headerEnd - pem)); + (unsigned int)(i - (headerEnd - pem))); } else if (!footerEnd) { footerEnd = XSTRNSTR(footer + XSTR_SIZEOF("-----"), - "-----", i - - (footer + XSTR_SIZEOF("-----") - pem)); + "-----", (unsigned int)(i - + (footer + XSTR_SIZEOF("-----") - pem))); if (footerEnd) { footerEnd += XSTR_SIZEOF("-----"); /* Now check that footer matches header */ @@ -41121,12 +41179,13 @@ err: WOLFSSL_MSG("Parsing x509 cert"); *x509 = wolfSSL_X509_load_certificate_buffer( (const unsigned char*) header, - footerEnd - header, WOLFSSL_FILETYPE_PEM); + (int)(footerEnd - header), WOLFSSL_FILETYPE_PEM); if (!*x509) { WOLFSSL_MSG("wolfSSL_X509_load_certificate_buffer error"); goto err; } } +#ifdef HAVE_CRL else if (headerEnd - header == XSTR_SIZEOF("-----BEGIN X509 CRL-----") && XMEMCMP(header, "-----BEGIN X509 CRL-----", @@ -41144,6 +41203,7 @@ err: goto err; } } +#endif else { /* TODO support WOLFSSL_X509_PKEY as well */ WOLFSSL_MSG("Unsupported PEM structure"); @@ -41216,7 +41276,9 @@ err: } if (ret != WOLFSSL_SUCCESS) { wolfSSL_X509_free(x509); +#ifdef HAVE_CRL wolfSSL_X509_CRL_free(crl); +#endif wolfSSL_X509_PKEY_free(x_pkey); } else { @@ -42194,7 +42256,7 @@ err: if (ret == ASN_OBJECT_ID_E) { /* Put ASN object tag in front and try again */ int len = SetObjectId(o->objSz, NULL) + o->objSz; - byte* buf = XMALLOC(len, NULL, DYNAMIC_TYPE_TMP_BUFFER); + byte* buf = (byte*)XMALLOC(len, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (!buf) { WOLFSSL_MSG("malloc error"); return -1; @@ -42269,35 +42331,34 @@ err: { WOLFSSL_ENTER("wolfSSL_OBJ_cmp"); - if (a != NULL && b != NULL && - a->obj != NULL && b->obj != NULL && - a->objSz == b->objSz) { - return XMEMCMP(a->obj, b->obj, a->objSz); - } - else if (a != NULL && b != NULL && a->objSz != b->objSz && - (a->type == EXT_KEY_USAGE_OID - || b->type == EXT_KEY_USAGE_OID)) { - /* Special case for EXT_KEY_USAGE_OID so that - * cmp will be treated as a substring search */ - /* Used in libest to check for id-kp-cmcRA in - * EXT_KEY_USAGE extension */ - unsigned int idx; - const byte* s; /* shorter */ - unsigned int sLen; - const byte* l; /* longer */ - unsigned int lLen; - if (a->objSz > b->objSz) { - s = b->obj; sLen = b->objSz; - l = a->obj; lLen = a->objSz; + if (a && b && a->obj && b->obj) { + if (a->objSz == b->objSz) { + return XMEMCMP(a->obj, b->obj, a->objSz); } - else { - s = a->obj; sLen = a->objSz; - l = b->obj; lLen = b->objSz; - } - for (idx = 0; idx <= lLen - sLen; idx++) { - if (XMEMCMP(l + idx, s, sLen) == 0) { - /* Found substring */ - return 0; + else if (a->type == EXT_KEY_USAGE_OID || + b->type == EXT_KEY_USAGE_OID) { + /* Special case for EXT_KEY_USAGE_OID so that + * cmp will be treated as a substring search */ + /* Used in libest to check for id-kp-cmcRA in + * EXT_KEY_USAGE extension */ + unsigned int idx; + const byte* s; /* shorter */ + unsigned int sLen; + const byte* l; /* longer */ + unsigned int lLen; + if (a->objSz > b->objSz) { + s = b->obj; sLen = b->objSz; + l = a->obj; lLen = a->objSz; + } + else { + s = a->obj; sLen = a->objSz; + l = b->obj; lLen = b->objSz; + } + for (idx = 0; idx <= lLen - sLen; idx++) { + if (XMEMCMP(l + idx, s, sLen) == 0) { + /* Found substring */ + return 0; + } } } } @@ -42554,18 +42615,6 @@ err: return ret == 1 ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE; } -#ifndef NO_WOLFSSL_STUB - WOLF_STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_dup_CA_list( - WOLF_STACK_OF(WOLFSSL_X509_NAME) *sk) - { - (void) sk; - WOLFSSL_ENTER("wolfSSL_dup_CA_list"); - WOLFSSL_STUB("SSL_dup_CA_list"); - - return NULL; - } -#endif - /* wolfSSL uses negative values for error states. This function returns an * unsigned type so the value returned is the absolute value of the error. */ @@ -42935,7 +42984,7 @@ size_t wolfSSL_strlcpy(char *dst, const char *src, size_t dstSize) { size_t i; - if (!dstSize) + if (!dstSize || !dst || !src) return 0; /* Always have to leave a space for NULL */ @@ -43615,7 +43664,6 @@ int wolfSSL_PEM_write_bio_X509_AUX(WOLFSSL_BIO *bp, WOLFSSL_X509 *x) if (ret <= 0) return WOLFSSL_FAILURE; return WOLFSSL_SUCCESS; } -#endif /* WOLFSSL_CERT_GEN */ int wolfSSL_PEM_write_bio_X509(WOLFSSL_BIO *bio, WOLFSSL_X509 *cert) { @@ -43679,10 +43727,10 @@ error: XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); return WOLFSSL_FAILURE; } +#endif /* WOLFSSL_CERT_GEN */ #endif /* !NO_BIO */ - #if defined(OPENSSL_EXTRA) && !defined(NO_DH) /* Initialize ctx->dh with dh's params. Return WOLFSSL_SUCCESS on ok */ long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX* ctx, WOLFSSL_DH* dh) @@ -46742,6 +46790,7 @@ int wolfSSL_SSL_CTX_remove_session(WOLFSSL_CTX *ctx, WOLFSSL_SESSION *s) return 0; } +#ifndef NO_BIO BIO *wolfSSL_SSL_get_rbio(const WOLFSSL *s) { WOLFSSL_ENTER("wolfSSL_SSL_get_rbio"); @@ -46898,7 +46947,7 @@ int wolfSSL_a2i_ASN1_INTEGER(WOLFSSL_BIO *bio, WOLFSSL_ASN1_INTEGER *asn1, if (len > (int)(sizeof(asn1->intData) - extraTagSz)) { /* Allocate mem for data */ if (asn1->isDynamic) { - byte* tmp = XREALLOC(asn1->data, len + extraTagSz, NULL, + byte* tmp = (byte*)XREALLOC(asn1->data, len + extraTagSz, NULL, DYNAMIC_TYPE_OPENSSL); if (!tmp) { WOLFSSL_MSG("realloc error"); @@ -46907,7 +46956,7 @@ int wolfSSL_a2i_ASN1_INTEGER(WOLFSSL_BIO *bio, WOLFSSL_ASN1_INTEGER *asn1, asn1->data = tmp; } else { - asn1->data = XMALLOC(len + extraTagSz, NULL, + asn1->data = (byte*)XMALLOC(len + extraTagSz, NULL, DYNAMIC_TYPE_OPENSSL); if (!asn1->data) { WOLFSSL_MSG("malloc error"); @@ -47425,7 +47474,7 @@ WOLFSSL_STRING wolfSSL_sk_WOLFSSL_STRING_value(WOLF_STACK_OF(WOLFSSL_STRING)* st int wolfSSL_sk_WOLFSSL_STRING_num(WOLF_STACK_OF(WOLFSSL_STRING)* strings) { if (strings) - return strings->num; + return (int)strings->num; return 0; } #endif /* WOLFSSL_NGINX || WOLFSSL_HAPROXY || OPENSSL_EXTRA || OPENSSL_ALL */ @@ -47712,7 +47761,7 @@ void *wolfSSL_OPENSSL_memdup(const void *data, size_t siz, const char* file, int void wolfSSL_OPENSSL_cleanse(void *ptr, size_t len) { if (ptr) - ForceZero(ptr, len); + ForceZero(ptr, (word32)len); } int wolfSSL_CTX_set_alpn_protos(WOLFSSL_CTX *ctx, const unsigned char *p, @@ -48130,6 +48179,7 @@ int oid2nid(word32 oid, int grp) } break; +#ifdef WOLFSSL_CERT_REQ case oidCsrAttrType: switch (oid) { case CHALLENGE_PASSWORD_OID: @@ -48138,6 +48188,7 @@ int oid2nid(word32 oid, int grp) return NID_serialNumber; } break; +#endif default: WOLFSSL_MSG("NID not in table"); @@ -51032,7 +51083,7 @@ int wolfSSL_PKCS7_encode_certs(PKCS7* pkcs7, WOLFSSL_STACK* certs, #endif /* !NO_BIO */ /** - * This API was added as a helper functio for libest. It + * This API was added as a helper function for libest. It * extracts a stack of certificates from the pkcs7 object. * @param pkcs7 PKCS7 parameter object * @return WOLFSSL_STACK_OF(WOLFSSL_X509)* @@ -51047,7 +51098,7 @@ WOLFSSL_STACK* wolfSSL_PKCS7_to_stack(PKCS7* pkcs7) if (!p7) { WOLFSSL_MSG("Bad parameter"); - return WOLFSSL_FAILURE; + return NULL; } if (p7->certs) @@ -51714,7 +51765,6 @@ int wolfSSL_X509_set_serialNumber(WOLFSSL_X509* x509, WOLFSSL_ASN1_INTEGER* s) int wolfSSL_X509_set_pubkey(WOLFSSL_X509 *cert, WOLFSSL_EVP_PKEY *pkey) { byte* p = NULL; - int pLen; WOLFSSL_ENTER("wolfSSL_X509_set_pubkey"); if (cert == NULL || pkey == NULL) @@ -51729,7 +51779,10 @@ int wolfSSL_X509_set_pubkey(WOLFSSL_X509 *cert, WOLFSSL_EVP_PKEY *pkey) else return WOLFSSL_FAILURE; +#if !defined(HAVE_FAST_RSA) && defined(WOLFSSL_KEY_GEN) && \ + !defined(NO_RSA) && !defined(HAVE_USER_RSA) if (pkey->type == EVP_PKEY_RSA) { + int pLen; /* Public and private key formats differ. Make sure to put in the * public key format in the cert. */ if ((pLen = wolfSSL_i2d_RSAPublicKey(pkey->rsa, (const byte**)&p)) <= 0) { @@ -51741,7 +51794,9 @@ int wolfSSL_X509_set_pubkey(WOLFSSL_X509 *cert, WOLFSSL_EVP_PKEY *pkey) cert->pubKey.buffer = p; cert->pubKey.length = pLen; } - else { + else +#endif + { p = (byte*)XMALLOC(pkey->pkey_sz, cert->heap, DYNAMIC_TYPE_PUBLIC_KEY); if (p == NULL) return WOLFSSL_FAILURE; @@ -51955,7 +52010,7 @@ int wolfSSL_X509_REQ_add1_attr_by_txt(WOLFSSL_X509 *req, } if (len < 0) { - len = XSTRLEN((char*)bytes); + len = (int)XSTRLEN((char*)bytes); } /* For now just pretend that we support this for libest testing */ @@ -51998,7 +52053,7 @@ int wolfSSL_X509_REQ_add1_attr_by_NID(WOLFSSL_X509 *req, switch (nid) { case NID_pkcs9_challengePassword: if (len < 0) - len = XSTRLEN((char*)bytes); + len = (int)XSTRLEN((char*)bytes); if (len < CTC_NAME_SIZE) { XMEMCPY(req->challengePw, bytes, len); req->challengePw[len] = '\0'; @@ -52029,7 +52084,7 @@ int wolfSSL_X509_REQ_add1_attr_by_NID(WOLFSSL_X509 *req, break; case NID_serialNumber: if (len < 0) - len = XSTRLEN((char*)bytes); + len = (int)XSTRLEN((char*)bytes); if (len + 1 > EXTERNAL_SERIAL_SIZE) { WOLFSSL_MSG("SerialNumber too long"); return WOLFSSL_FAILURE; diff --git a/tests/api.c b/tests/api.c index b679530e7..630dce6e3 100644 --- a/tests/api.c +++ b/tests/api.c @@ -25290,7 +25290,17 @@ static int test_wc_HashGetFlags(void) static void test_wolfSSL_lhash(void) { +#ifdef OPENSSL_ALL + const char testStr[] = "Like a true nature's child\n" + "We were born\n" + "Born to be wild"; + printf(testingFmt, "wolfSSL_LH_strhash()"); + + AssertIntEQ(lh_strhash(testStr), 0xb1231320); + + printf(resultFmt, passed); +#endif } static void test_wolfSSL_X509_NAME(void) @@ -26811,7 +26821,9 @@ static void test_wolfSSL_tmp_dh(void) int bytes; DSA* dsa; DH* dh; +#if !defined(NO_DH) && (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH)) DH* dh2; +#endif BIO* bio; SSL* ssl; SSL_CTX* ctx; @@ -26840,7 +26852,9 @@ static void test_wolfSSL_tmp_dh(void) dh = wolfSSL_DSA_dup_DH(dsa); AssertNotNull(dh); +#if !defined(NO_DH) && (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH)) AssertNotNull(dh2 = wolfSSL_DH_dup(dh)); +#endif AssertIntEQ((int)SSL_CTX_set_tmp_dh(ctx, dh), WOLFSSL_SUCCESS); #ifndef NO_WOLFSSL_SERVER @@ -26852,7 +26866,9 @@ static void test_wolfSSL_tmp_dh(void) BIO_free(bio); DSA_free(dsa); DH_free(dh); +#if !defined(NO_DH) && (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH)) DH_free(dh2); +#endif SSL_free(ssl); SSL_CTX_free(ctx); @@ -27662,7 +27678,7 @@ static void test_wolfSSL_X509_STORE_CTX_get0_current_issuer(void) static void test_wolfSSL_PKCS7_certs(void) { #if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \ - !defined(NO_FILESYSTEM) && !defined(NO_RSA) + !defined(NO_FILESYSTEM) && !defined(NO_RSA) && defined(HAVE_PKCS7) STACK_OF(X509)* sk = NULL; STACK_OF(X509_INFO)* info_sk = NULL; PKCS7 *p7 = NULL; @@ -27712,7 +27728,7 @@ static void test_wolfSSL_PKCS7_certs(void) printf(resultFmt, passed); #endif /* defined(OPENSSL_ALL) && !defined(NO_CERTS) && \ - !defined(NO_FILESYSTEM) && !defined(NO_RSA) */ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) && defined(HAVE_PKCS7) */ } static void test_wolfSSL_X509_STORE_CTX(void) @@ -29434,7 +29450,9 @@ static void test_wolfSSL_X509(void) AssertNotNull(bio = BIO_new(BIO_s_mem())); +#ifdef WOLFSSL_CERT_GEN AssertIntEQ(i2d_X509_bio(bio, x509), SSL_SUCCESS); +#endif AssertNotNull(ctx = X509_STORE_CTX_new()); @@ -31228,6 +31246,7 @@ static void test_wolfSSL_BIO_write(void) char msg[] = "conversion test"; char out[40]; char expected[] = "Y29udmVyc2lvbiB0ZXN0AA==\n"; + void* bufPtr = NULL; BUF_MEM* buf = NULL; printf(testingFmt, "wolfSSL_BIO_write()"); @@ -31243,6 +31262,8 @@ static void test_wolfSSL_BIO_write(void) AssertIntEQ(SSL_SUCCESS, (int)BIO_get_mem_ptr(bio, &buf)); AssertNotNull(buf); AssertIntEQ(buf->length, 25); + AssertIntEQ(BIO_get_mem_data(bio, &bufPtr), 25); + AssertPtrEq(buf->data, bufPtr); AssertNotNull(ptr = BIO_find_type(bio, BIO_TYPE_MEM)); sz = sizeof(out); @@ -33444,12 +33465,15 @@ static void test_wolfSSL_get_ciphers_compat(void) static void test_wolfSSL_X509_PUBKEY_get(void) { - WOLFSSL_X509_PUBKEY pubkey = {0}; + WOLFSSL_X509_PUBKEY pubkey; WOLFSSL_X509_PUBKEY* key; - WOLFSSL_EVP_PKEY evpkey = {0}; + WOLFSSL_EVP_PKEY evpkey ; WOLFSSL_EVP_PKEY* evpPkey; WOLFSSL_EVP_PKEY* retEvpPkey; + XMEMSET(&pubkey, 0, sizeof(WOLFSSL_X509_PUBKEY)); + XMEMSET(&evpkey, 0, sizeof(WOLFSSL_EVP_PKEY)); + key = &pubkey; evpPkey = &evpkey; @@ -38158,7 +38182,7 @@ static void test_wolfSSL_X509_CRL(void) static void test_wolfSSL_d2i_X509_REQ(void) { -#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) +#if defined(WOLFSSL_CERT_REQ) && (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)) /* ./certs/csr.signed.der and ./certs/csr.attr.der were * generated by libest * ./certs/csr.attr.der contains sample attributes */ @@ -38170,7 +38194,7 @@ static void test_wolfSSL_d2i_X509_REQ(void) * -outform PEM * with the passphrase "wolfSSL" */ -#ifndef NO_DSA +#if !defined(NO_DSA) && !defined(HAVE_SELFTEST) const char* csrDsaFile = "./certs/csr.dsa.pem"; #endif BIO* bio = NULL; @@ -38229,7 +38253,7 @@ static void test_wolfSSL_d2i_X509_REQ(void) BIO_free(bio); EVP_PKEY_free(pub_key); } -#ifndef NO_DSA +#if !defined(NO_DSA) && !defined(HAVE_SELFTEST) { AssertNotNull(bio = BIO_new_file(csrDsaFile, "rb")); AssertNotNull(PEM_read_bio_X509_REQ(bio, &req, NULL, NULL)); @@ -38248,8 +38272,8 @@ static void test_wolfSSL_d2i_X509_REQ(void) BIO_free(bio); EVP_PKEY_free(pub_key); } -#endif -#endif /* defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) */ +#endif /* !NO_DSA && !HAVE_SELFTEST */ +#endif /* WOLFSSL_CERT_REQ && (OPENSSL_ALL || OPENSSL_EXTRA) */ } static void test_wolfSSL_PEM_read_X509(void) @@ -39012,7 +39036,6 @@ static void test_wolfSSL_X509_print() #ifdef OPENSSL_ALL const X509_ALGOR *cert_sig_alg; #endif - int stdout_fd = fileno(stdout); printf(testingFmt, "wolfSSL_X509_print"); x509 = X509_load_certificate_file(svrCertFile, WOLFSSL_FILETYPE_PEM); @@ -39029,7 +39052,7 @@ static void test_wolfSSL_X509_print() #endif BIO_free(bio); - AssertNotNull(bio = BIO_new_fd(stdout_fd, BIO_NOCLOSE)); + AssertNotNull(bio = BIO_new_fd(STDOUT_FILENO, BIO_NOCLOSE)); #ifdef OPENSSL_ALL /* Print signature */ @@ -39055,11 +39078,10 @@ static void test_wolfSSL_RSA_print() !defined(HAVE_FAST_RSA) && !defined(NO_BIO) BIO *bio; WOLFSSL_RSA* rsa = NULL; - int stdout_fd = fileno(stdout); printf(testingFmt, "wolfSSL_RSA_print"); AssertNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL)); - AssertNotNull(bio = wolfSSL_BIO_new_fd(stdout_fd, BIO_NOCLOSE)); + AssertNotNull(bio = BIO_new_fd(STDOUT_FILENO, BIO_NOCLOSE)); AssertIntEQ(RSA_print(bio, rsa, 0), SSL_SUCCESS); BIO_free(bio); @@ -39145,60 +39167,60 @@ static void test_wolfSSL_ASN1_STRING_print(void){ static void test_wolfSSL_ASN1_get_object(void) { -#ifdef OPENSSL_EXTRA +#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256) const unsigned char* derBuf = cliecc_cert_der_256; int len = sizeof_cliecc_cert_der_256; long asnLen = 0; - int tag = 0, class = 0; + int tag = 0, cls = 0; ASN1_OBJECT *a; printf(testingFmt, "wolfSSL_ASN1_get_object()"); /* Read a couple TLV triplets and make sure they match the expected values */ - AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &class, len) & 0x80, 0); + AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls, len) & 0x80, 0); AssertIntEQ(asnLen, 863); AssertIntEQ(tag, 0x10); - AssertIntEQ(class, 0); + AssertIntEQ(cls, 0); - AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &class, + AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls, len - (derBuf - cliecc_cert_der_256)) & 0x80, 0); AssertIntEQ(asnLen, 772); AssertIntEQ(tag, 0x10); - AssertIntEQ(class, 0); + AssertIntEQ(cls, 0); - AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &class, + AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls, len - (derBuf - cliecc_cert_der_256)) & 0x80, 0); AssertIntEQ(asnLen, 3); AssertIntEQ(tag, 0); - AssertIntEQ(class, 0x80); + AssertIntEQ(cls, 0x80); - AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &class, + AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls, len - (derBuf - cliecc_cert_der_256)) & 0x80, 0); AssertIntEQ(asnLen, 1); AssertIntEQ(tag, 0x2); - AssertIntEQ(class, 0); + AssertIntEQ(cls, 0); derBuf += asnLen; - AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &class, + AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls, len - (derBuf - cliecc_cert_der_256)) & 0x80, 0); AssertIntEQ(asnLen, 20); AssertIntEQ(tag, 0x2); - AssertIntEQ(class, 0); + AssertIntEQ(cls, 0); derBuf += asnLen; - AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &class, + AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls, len - (derBuf - cliecc_cert_der_256)) & 0x80, 0); AssertIntEQ(asnLen, 10); AssertIntEQ(tag, 0x10); - AssertIntEQ(class, 0); + AssertIntEQ(cls, 0); /* Read an ASN OBJECT */ AssertNotNull(d2i_ASN1_OBJECT(&a, &derBuf, len)); ASN1_OBJECT_free(a); printf(resultFmt, passed); -#endif /* OPENSSL_EXTRA */ +#endif /* OPENSSL_EXTRA && HAVE_ECC && USE_CERT_BUFFERS_256 */ } static void test_wolfSSL_RSA_verify() diff --git a/tests/include.am b/tests/include.am index 6e763c9ee..17443dcf1 100644 --- a/tests/include.am +++ b/tests/include.am @@ -50,5 +50,7 @@ EXTRA_DIST += tests/test.conf \ tests/test-trustpeer.conf \ tests/test-dhprime.conf \ tests/test-p521.conf \ - tests/test-ecc-cust-curves.conf + tests/test-ecc-cust-curves.conf \ + tests/NCONF_test.cnf \ + tests/TXT_DB.txt DISTCLEANFILES+= tests/.libs/unit.test diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 05187a93e..9213d6821 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -7029,7 +7029,7 @@ void FreeSignatureCtx(SignatureCtx* sigCtx) XFREE(sigCtx->digest, sigCtx->heap, DYNAMIC_TYPE_DIGEST); sigCtx->digest = NULL; } -#if !defined(NO_RSA) && !defined(NO_DSA) +#if !(defined(NO_RSA) && defined(NO_DSA)) if (sigCtx->sigCpy) { XFREE(sigCtx->sigCpy, sigCtx->heap, DYNAMIC_TYPE_SIGNATURE); sigCtx->sigCpy = NULL; @@ -7265,7 +7265,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx, break; } #endif /* !NO_RSA */ - #ifndef NO_DSA + #if !defined(NO_DSA) && !defined(HAVE_SELFTEST) case DSAk: { word32 idx = 0; @@ -7317,7 +7317,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx, } break; } - #endif /* !NO_DSA */ + #endif /* !NO_DSA && !HAVE_SELFTEST */ #ifdef HAVE_ECC case ECDSAk: { @@ -7458,14 +7458,14 @@ static int ConfirmSignature(SignatureCtx* sigCtx, break; } #endif /* !NO_RSA */ - #ifndef NO_DSA + #if !defined(NO_DSA) && !defined(HAVE_SELFTEST) case DSAk: { ret = wc_DsaVerify(sigCtx->digest, sigCtx->sigCpy, sigCtx->key.dsa, &sigCtx->verify); break; } - #endif /* !NO_DSA */ + #endif /* !NO_DSA && !HAVE_SELFTEST */ #if defined(HAVE_ECC) case ECDSAk: { @@ -7564,7 +7564,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx, break; } #endif /* NO_RSA */ - #ifndef NO_DSA + #if !defined(NO_DSA) && !defined(HAVE_SELFTEST) case DSAk: { if (sigCtx->verify == 1) { @@ -7576,7 +7576,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx, } break; } - #endif /* !NO_DSA */ + #endif /* !NO_DSA && !HAVE_SELFTEST */ #ifdef HAVE_ECC case ECDSAk: { @@ -13497,7 +13497,7 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey, } #endif -#ifndef NO_DSA +#if !defined(NO_DSA) && !defined(HAVE_SELFTEST) if (cert->keyType == DSA_KEY) { if (dsaKey == NULL) return PUBLIC_KEY_E; @@ -14246,7 +14246,7 @@ static int EncodeCertReq(Cert* cert, DerCert* der, RsaKey* rsaKey, } #endif -#ifndef NO_DSA +#if !defined(NO_DSA) && !defined(HAVE_SELFTEST) if (cert->keyType == DSA_KEY) { if (dsaKey == NULL) return PUBLIC_KEY_E; diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index 473b692e6..6ef7214ca 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -1377,9 +1377,12 @@ WOLFSSL_EVP_PKEY_CTX *wolfSSL_EVP_PKEY_CTX_new_id(int id, WOLFSSL_ENGINE *e) if (pkey) { pkey->type = id; ctx = wolfSSL_EVP_PKEY_CTX_new(pkey, e); - if (ctx == NULL) { - wolfSSL_EVP_PKEY_free(pkey); - } + /* wolfSSL_EVP_PKEY_CTX_new calls wolfSSL_EVP_PKEY_up_ref so we need + * to always call wolfSSL_EVP_PKEY_free (either to free it if an + * error occured in the previous function or to decrease the reference + * count so that pkey is actually free'd when wolfSSL_EVP_PKEY_CTX_free + * is called) */ + wolfSSL_EVP_PKEY_free(pkey); } return ctx; } @@ -1955,8 +1958,9 @@ int wolfSSL_EVP_PKEY_copy_parameters(WOLFSSL_EVP_PKEY *to, WOLFSSL_MSG("Copy parameters not available for this key type"); return WOLFSSL_FAILURE; } - +#if defined(HAVE_ECC) || !defined(NO_DSA) return WOLFSSL_SUCCESS; +#endif } #ifndef NO_WOLFSSL_STUB @@ -3260,7 +3264,7 @@ const WOLFSSL_EVP_MD *wolfSSL_EVP_get_digestbyname(const char *name) const struct s_ent *ent; for (i = 0; i < sizeof(nameUpper) && name[i] != '\0'; i++) { - nameUpper[i] = XTOUPPER(name[i]); + nameUpper[i] = (char)XTOUPPER(name[i]); } if (i < sizeof(nameUpper)) nameUpper[i] = '\0'; diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index 66d92001d..bb560b1b0 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -1261,18 +1261,24 @@ void wc_PKCS7_Free(PKCS7* pkcs7) wc_PKCS7_SignerInfoFree(pkcs7); wc_PKCS7_FreeDecodedAttrib(pkcs7->decodedAttrib, pkcs7->heap); + pkcs7->decodedAttrib = NULL; wc_PKCS7_FreeCertSet(pkcs7); #ifdef ASN_BER_TO_DER - if (pkcs7->der != NULL) + if (pkcs7->der != NULL) { XFREE(pkcs7->der, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + pkcs7->der = NULL; + } #endif - if (pkcs7->contentDynamic != NULL) + if (pkcs7->contentDynamic != NULL) { XFREE(pkcs7->contentDynamic, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + pkcs7->contentDynamic = NULL; + } if (pkcs7->cek != NULL) { ForceZero(pkcs7->cek, pkcs7->cekSz); XFREE(pkcs7->cek, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + pkcs7->cek = NULL; } pkcs7->contentTypeSz = 0; @@ -4909,6 +4915,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, } #ifdef ASN_BER_TO_DER der = pkcs7->der; + pkcs7->der = NULL; #endif contentDynamic = pkcs7->contentDynamic; version = pkcs7->version; diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index 726c41f7b..58e24fb6c 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -1252,11 +1252,6 @@ static int RsaPad_PSS(const byte* input, word32 inputLen, byte* pkcsBlock, m += inputLen; o = 0; if (saltLen > 0) { - if (pkcsBlockLen < RSA_PSS_PAD_SZ + inputLen + saltLen) { - WOLFSSL_MSG("RSA-PSS Output buffer too short. " - "Recommend using WOLFSSL_PSS_SALT_LEN_DISCOVER"); - return PSS_SALTLEN_E; - } ret = wc_RNG_GenerateBlock(rng, salt, saltLen); if (ret == 0) { XMEMCPY(m, salt, saltLen); diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 4e0478f68..9657fbae9 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -3637,7 +3637,9 @@ struct WOLFSSL_STACK { WOLFSSL_CIPHER cipher; WOLFSSL_ACCESS_DESCRIPTION* access; WOLFSSL_X509_EXTENSION* ext; +#ifdef OPENSSL_EXTRA WOLFSSL_CONF_VALUE* conf; +#endif void* generic; char* string; WOLFSSL_GENERAL_NAME* gn; @@ -3762,8 +3764,10 @@ struct WOLFSSL_X509 { byte authKeyIdSet:1; byte authKeyIdCrit:1; byte issuerSet:1; - byte isCSR:1; #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ +#ifdef WOLFSSL_CERT_REQ + byte isCSR:1; +#endif byte serial[EXTERNAL_SERIAL_SIZE]; char subjectCN[ASN_NAME_MAX]; /* common name short cut */ #ifdef WOLFSSL_CERT_REQ diff --git a/wolfssl/openssl/asn1.h b/wolfssl/openssl/asn1.h index 9eea76d9b..8085f0c93 100644 --- a/wolfssl/openssl/asn1.h +++ b/wolfssl/openssl/asn1.h @@ -99,7 +99,7 @@ WOLFSSL_API WOLFSSL_ASN1_INTEGER *wolfSSL_BN_to_ASN1_INTEGER( WOLFSSL_API void wolfSSL_ASN1_TYPE_set(WOLFSSL_ASN1_TYPE *a, int type, void *value); WOLFSSL_API int wolfSSL_ASN1_get_object(const unsigned char **in, long *len, int *tag, - int *class, long inLen); + int *cls, long inLen); WOLFSSL_API WOLFSSL_ASN1_OBJECT *wolfSSL_c2i_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT **a, const unsigned char **pp, long len); diff --git a/wolfssl/openssl/conf.h b/wolfssl/openssl/conf.h index f7369ec67..0efb2a34e 100644 --- a/wolfssl/openssl/conf.h +++ b/wolfssl/openssl/conf.h @@ -28,7 +28,8 @@ extern "C" { #endif -#include +#include +#include typedef struct WOLFSSL_CONF_VALUE { char *section; @@ -36,9 +37,8 @@ typedef struct WOLFSSL_CONF_VALUE { char *value; } WOLFSSL_CONF_VALUE; -typedef struct WOLFSSL_INIT_SETTINGS { - char* appname; -} WOLFSSL_INIT_SETTINGS; +/* ssl.h requires WOLFSSL_CONF_VALUE */ +#include typedef struct WOLFSSL_CONF { void *meth_data; @@ -47,21 +47,14 @@ typedef struct WOLFSSL_CONF { typedef WOLFSSL_CONF CONF; typedef WOLFSSL_CONF_VALUE CONF_VALUE; -typedef WOLFSSL_INIT_SETTINGS OPENSSL_INIT_SETTINGS; + +#ifdef OPENSSL_EXTRA WOLFSSL_API WOLFSSL_CONF_VALUE *wolfSSL_CONF_VALUE_new(void); WOLFSSL_API int wolfSSL_CONF_add_string(WOLFSSL_CONF *conf, WOLFSSL_CONF_VALUE *section, WOLFSSL_CONF_VALUE *value); WOLFSSL_API void wolfSSL_X509V3_conf_free(WOLFSSL_CONF_VALUE *val); -WOLFSSL_API WOLFSSL_STACK *wolfSSL_sk_CONF_VALUE_new(wolf_sk_compare_cb compFunc); -WOLFSSL_API void wolfSSL_sk_CONF_VALUE_free(struct WOLFSSL_STACK *sk); -WOLFSSL_API int wolfSSL_sk_CONF_VALUE_num(const WOLFSSL_STACK *sk); -WOLFSSL_API WOLFSSL_CONF_VALUE *wolfSSL_sk_CONF_VALUE_value( - const struct WOLFSSL_STACK *sk, int i); -WOLFSSL_API int wolfSSL_sk_CONF_VALUE_push(WOLF_STACK_OF(WOLFSSL_CONF_VALUE)* sk, - WOLFSSL_CONF_VALUE* val); - WOLFSSL_API WOLFSSL_CONF *wolfSSL_NCONF_new(void *meth); WOLFSSL_API char *wolfSSL_NCONF_get_string(const WOLFSSL_CONF *conf, const char *group, const char *name); @@ -102,6 +95,8 @@ WOLFSSL_API WOLFSSL_CONF_VALUE *wolfSSL_CONF_get_section(WOLFSSL_CONF *conf, #define X509V3_conf_free wolfSSL_X509V3_conf_free +#endif /* OPENSSL_EXTRA */ + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/wolfssl/openssl/crypto.h b/wolfssl/openssl/crypto.h index 4c1e9b024..640ee386f 100644 --- a/wolfssl/openssl/crypto.h +++ b/wolfssl/openssl/crypto.h @@ -33,6 +33,11 @@ #include "prefix_crypto.h" #endif +typedef struct WOLFSSL_INIT_SETTINGS { + char* appname; +} WOLFSSL_INIT_SETTINGS; + +typedef WOLFSSL_INIT_SETTINGS OPENSSL_INIT_SETTINGS; WOLFSSL_API const char* wolfSSLeay_version(int type); WOLFSSL_API unsigned long wolfSSLeay(void); diff --git a/wolfssl/openssl/stack.h b/wolfssl/openssl/stack.h index c13d715b9..559a79670 100644 --- a/wolfssl/openssl/stack.h +++ b/wolfssl/openssl/stack.h @@ -28,8 +28,6 @@ extern "C" { #endif -#include - typedef void (*wolfSSL_sk_freefunc)(void *); WOLFSSL_API void wolfSSL_sk_GENERIC_pop_free(WOLFSSL_STACK* sk, wolfSSL_sk_freefunc); diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 40e4dda5a..b1d3b829e 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -188,7 +188,6 @@ typedef struct WOLFSSL_X509_VERIFY_PARAM WOLFSSL_X509_VERIFY_PARAM; typedef struct WOLFSSL_BIO WOLFSSL_BIO; typedef struct WOLFSSL_BIO_METHOD WOLFSSL_BIO_METHOD; typedef struct WOLFSSL_X509_EXTENSION WOLFSSL_X509_EXTENSION; -typedef struct WOLFSSL_CONF_VALUE WOLFSSL_CONF_VALUE; typedef struct WOLFSSL_ASN1_OBJECT WOLFSSL_ASN1_OBJECT; typedef struct WOLFSSL_ASN1_OTHERNAME WOLFSSL_ASN1_OTHERNAME; typedef struct WOLFSSL_X509V3_CTX WOLFSSL_X509V3_CTX; @@ -1361,7 +1360,9 @@ WOLFSSL_API int wolfSSL_RSA_print(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa, int offset #endif WOLFSSL_API int wolfSSL_X509_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, unsigned long nmflags, unsigned long cflag); +#ifndef NO_FILESYSTEM WOLFSSL_API int wolfSSL_X509_print_fp(XFILE fp, WOLFSSL_X509 *x509); +#endif WOLFSSL_API int wolfSSL_X509_signature_print(WOLFSSL_BIO *bp, const WOLFSSL_X509_ALGOR *sigalg, const WOLFSSL_ASN1_STRING *sig); WOLFSSL_API void wolfSSL_X509_get0_signature(const WOLFSSL_ASN1_BIT_STRING **psig, @@ -3459,8 +3460,6 @@ WOLFSSL_API int wolfSSL_SESSION_get_master_key(const WOLFSSL_SESSION* ses, unsigned char* out, int outSz); WOLFSSL_API int wolfSSL_SESSION_get_master_key_length(const WOLFSSL_SESSION* ses); -WOLFSSL_LOCAL int wolfSSL_X509_make_der(WOLFSSL_X509* x509, int req, - unsigned char* der, int* derSz, int includeSig); WOLFSSL_API int wolfSSL_i2d_X509_bio(WOLFSSL_BIO* bio, WOLFSSL_X509* x509); #ifdef WOLFSSL_CERT_REQ WOLFSSL_API int wolfSSL_i2d_X509_REQ_bio(WOLFSSL_BIO* bio, WOLFSSL_X509* x509); @@ -3706,8 +3705,18 @@ WOLFSSL_API int wolfSSL_sk_X509_OBJECT_num(const WOLF_STACK_OF(WOLFSSL_X509_OBJE WOLFSSL_API int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO*,WOLFSSL_X509_NAME*,int, unsigned long); +#ifndef NO_FILESYSTEM WOLFSSL_API int wolfSSL_X509_NAME_print_ex_fp(XFILE,WOLFSSL_X509_NAME*,int, unsigned long); +#endif + +WOLFSSL_API WOLFSSL_STACK *wolfSSL_sk_CONF_VALUE_new(wolf_sk_compare_cb compFunc); +WOLFSSL_API void wolfSSL_sk_CONF_VALUE_free(struct WOLFSSL_STACK *sk); +WOLFSSL_API int wolfSSL_sk_CONF_VALUE_num(const WOLFSSL_STACK *sk); +WOLFSSL_API WOLFSSL_CONF_VALUE *wolfSSL_sk_CONF_VALUE_value( + const struct WOLFSSL_STACK *sk, int i); +WOLFSSL_API int wolfSSL_sk_CONF_VALUE_push(WOLF_STACK_OF(WOLFSSL_CONF_VALUE)* sk, + WOLFSSL_CONF_VALUE* val); #endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || OPENSSL_EXTRA || HAVE_LIGHTY */ #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index 8f0c4e91c..7148e1d24 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -650,10 +650,13 @@ decouple library dependencies with standard string, memory and so on. #include #endif #if defined(HAVE_ECC) || defined(HAVE_OCSP) || \ - defined(WOLFSSL_KEY_GEN) || !defined(NO_DSA) + defined(WOLFSSL_KEY_GEN) || !defined(NO_DSA) || \ + defined(OPENSSL_EXTRA) #define XTOUPPER(c) toupper((c)) #endif + #ifdef OPENSSL_ALL #define XISALNUM(c) isalnum((c)) + #endif /* needed by wolfSSL_check_domain_name() */ #define XTOLOWER(c) tolower((c)) #endif