From 85b1196b088f2480deeb0b0b60efe654080efd6f Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Fri, 10 Jul 2020 21:03:00 +0200 Subject: [PATCH] Implement/stub: - X509_REQ_print_fp - X509_print_fp - DHparams_dup --- configure.ac | 19 ++++++++++++++++ src/ssl.c | 52 ++++++++++++++++++++++++++++++++++++++++++- wolfcrypt/src/dh.c | 31 ++++++++++++++++++++++++-- wolfssl/openssl/ssl.h | 3 +++ wolfssl/ssl.h | 1 + 5 files changed, 103 insertions(+), 3 deletions(-) diff --git a/configure.ac b/configure.ac index 8b51437d9..19ffd6bd7 100644 --- a/configure.ac +++ b/configure.ac @@ -4284,6 +4284,11 @@ then ENABLED_CERTREQ="yes" AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_REQ" fi + if test "x$ENABLED_CERTEXT" = "xno" + then + ENABLED_CERTEXT="yes" + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT" + fi # Requires CRL if test "x$ENABLED_CRL" = "xno" @@ -4297,6 +4302,20 @@ then ENABLED_SRP="yes" AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_HAVE_SRP" fi + + # Enable prereqs if not already enabled + if test "x$ENABLED_KEYGEN" = "xno" + then + ENABLED_KEYGEN="yes" + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN" + fi + + # Requires sessioncerts make sure on + if test "x$ENABLED_SESSIONCERTS" = "xno" + then + ENABLED_SESSIONCERTS="yes" + AM_CFLAGS="$AM_CFLAGS -DSESSION_CERTS" + fi fi # MD4 diff --git a/src/ssl.c b/src/ssl.c index 9bded32b5..65fe18772 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -21918,6 +21918,35 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b) return wolfSSL_X509_print_ex(bio, x509, 0, 0); } + int wolfSSL_X509_print_fp(XFILE fp, WOLFSSL_X509 *x509) + { + WOLFSSL_BIO* bio; + int ret; + + WOLFSSL_ENTER("wolfSSL_X509_print_fp"); + + if (!fp || !x509) { + WOLFSSL_MSG("Bad parameter"); + return WOLFSSL_FAILURE; + } + + if (!(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file()))) { + WOLFSSL_MSG("wolfSSL_BIO_new wolfSSL_BIO_s_file error"); + return WOLFSSL_FAILURE; + } + + if (wolfSSL_BIO_set_fp(bio, fp, BIO_NOCLOSE) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("wolfSSL_BIO_set_fp error"); + return WOLFSSL_FAILURE; + } + + ret = wolfSSL_X509_print(bio, x509); + + wolfSSL_BIO_free(bio); + + return ret; + } + #endif /* XSNPRINTF */ #endif /* !NO_BIO */ @@ -29640,7 +29669,6 @@ void wolfSSL_DH_free(WOLFSSL_DH* dh) WOLFSSL_DH* wolfSSL_DH_dup(WOLFSSL_DH* dh) { WOLFSSL_DH* ret = NULL; - DhKey* key; WOLFSSL_ENTER("wolfSSL_DH_dup"); @@ -29649,7 +29677,26 @@ WOLFSSL_DH* wolfSSL_DH_dup(WOLFSSL_DH* dh) return NULL; } + if (dh->inSet == 0 && SetDhInternal(dh) != WOLFSSL_SUCCESS){ + WOLFSSL_MSG("Bad DH set internal"); + return NULL; + } + if (!(ret = wolfSSL_DH_new())) { + WOLFSSL_MSG("wolfSSL_DH_new error"); + return NULL; + } + + if (wc_DhKeyCopy((DhKey*)dh->internal, (DhKey*)ret->internal) != MP_OKAY) { + WOLFSSL_MSG("wc_DhKeyCopy error"); + wolfSSL_DH_free(ret); + return NULL; + } + ret->inSet = 1; + + if (SetDhExternal(ret) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("SetDhExternal error"); + wolfSSL_DH_free(ret); return NULL; } @@ -48723,6 +48770,9 @@ WOLFSSL_STACK* wolfSSL_PKCS7_to_stack(PKCS7* pkcs7) return WOLFSSL_FAILURE; } + if (p7->certs) + return p7->certs; + ret = wolfSSL_sk_X509_new(); for (i = 0; i < MAX_PKCS7_CERTS && p7->pkcs7.cert[i]; i++) { diff --git a/wolfcrypt/src/dh.c b/wolfcrypt/src/dh.c index 654290b9e..f5e89aa25 100644 --- a/wolfcrypt/src/dh.c +++ b/wolfcrypt/src/dh.c @@ -2081,16 +2081,43 @@ int wc_DhAgree(DhKey* key, byte* agree, word32* agreeSz, const byte* priv, #ifdef WOLFSSL_DH_EXTRA WOLFSSL_LOCAL int wc_DhKeyCopy(DhKey* src, DhKey* dst) { + int ret; + if (!src || !dst || src == dst) { WOLFSSL_MSG("Parameters not provided or are the same"); return BAD_FUNC_ARG; } - if (mp_copy(, mpi) != MP_OKAY) { + if ((ret = mp_copy(&src->p, &dst->p)) != MP_OKAY) { WOLFSSL_MSG("mp_copy error"); - return WOLFSSL_FATAL_ERROR; + return ret; } + if ((ret = mp_copy(&src->g, &dst->g)) != MP_OKAY) { + WOLFSSL_MSG("mp_copy error"); + return ret; + } + + if ((ret = mp_copy(&src->q, &dst->q)) != MP_OKAY) { + WOLFSSL_MSG("mp_copy error"); + return ret; + } + +#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH) + if ((ret = mp_copy(&src->pub, &dst->pub)) != MP_OKAY) { + WOLFSSL_MSG("mp_copy error"); + return ret; + } + + if ((ret = mp_copy(&src->priv, &dst->priv)) != MP_OKAY) { + WOLFSSL_MSG("mp_copy error"); + return ret; + } +#endif + + dst->heap = src->heap; + + return MP_OKAY; } /* Sets private and public key in DhKey if both are available, otherwise sets diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 8e3a08a3d..2181d99e0 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -433,6 +433,8 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define X509_sign wolfSSL_X509_sign #define X509_print wolfSSL_X509_print #define X509_print_ex wolfSSL_X509_print_ex +#define X509_print_fp wolfSSL_X509_print_fp +#define X509_REQ_print_fp wolfSSL_X509_print_fp #define X509_verify_cert_error_string wolfSSL_X509_verify_cert_error_string #define X509_verify_cert wolfSSL_X509_verify_cert #define X509_verify wolfSSL_X509_verify @@ -931,6 +933,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define sk_X509_NAME_find wolfSSL_sk_X509_NAME_find +#define DHparams_dup wolfSSL_DH_dup #define PEM_read_bio_DHparams wolfSSL_PEM_read_bio_DHparams #define PEM_read_bio_DSAparams wolfSSL_PEM_read_bio_DSAparams diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 570ffc1eb..a57353eae 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1352,6 +1352,7 @@ WOLFSSL_API int wolfSSL_RSA_print(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa, int offset #endif WOLFSSL_API int wolfSSL_X509_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, unsigned long nmflags, unsigned long cflag); +WOLFSSL_API int wolfSSL_X509_print_fp(XFILE fp, WOLFSSL_X509 *x509); WOLFSSL_API int wolfSSL_X509_print(WOLFSSL_BIO* bio, WOLFSSL_X509* x509); WOLFSSL_ABI WOLFSSL_API char* wolfSSL_X509_NAME_oneline(WOLFSSL_X509_NAME*, char*, int);