From 937d6d404ad586e85f961ecdcd9889bf1d76113f Mon Sep 17 00:00:00 2001 From: jordan Date: Fri, 7 Feb 2025 09:22:16 -0500 Subject: [PATCH] dual alg: clean up comments and line lengths. --- src/x509.c | 14 +++++---- tests/api.c | 6 +++- wolfcrypt/src/asn.c | 73 ++++++++++++++++++++++++++------------------- 3 files changed, 55 insertions(+), 38 deletions(-) diff --git a/src/x509.c b/src/x509.c index 0b23c5fa1..98f07c105 100644 --- a/src/x509.c +++ b/src/x509.c @@ -1695,10 +1695,10 @@ int wolfSSL_X509_EXTENSION_set_critical(WOLFSSL_X509_EXTENSION* ex, int crit) * Returns NULL on error or pointer to the v3_ext_method populated with * extension type-specific X509V3_EXT_* function(s). * - * NOTE: WC_NID_subject_key_identifier is currently the only extension implementing - * the X509V3_EXT_* functions, as it is the only type called directly by QT. The - * other extension types return a pointer to a v3_ext_method struct that - * contains only the NID. + * NOTE: WC_NID_subject_key_identifier is currently the only extension + * implementing the X509V3_EXT_* functions, as it is the only type called + * directly by QT. The other extension types return a pointer to a + * v3_ext_method struct that contains only the NID. */ #if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L const WOLFSSL_v3_ext_method* wolfSSL_X509V3_EXT_get(WOLFSSL_X509_EXTENSION* ex) @@ -4559,7 +4559,8 @@ error: * WOLFSSL_SUCCESS otherwise. */ int wolfSSL_GENERAL_NAME_set0_othername(WOLFSSL_GENERAL_NAME* gen, - WOLFSSL_ASN1_OBJECT* oid, WOLFSSL_ASN1_TYPE* value) + WOLFSSL_ASN1_OBJECT* oid, + WOLFSSL_ASN1_TYPE* value) { WOLFSSL_ASN1_OBJECT *x = NULL; @@ -13951,7 +13952,8 @@ int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509_NAME* name, int tmpSz; /* reverse name order for RFC2253 and DN_REV */ - if ((flags & WOLFSSL_XN_FLAG_RFC2253) || (flags & WOLFSSL_XN_FLAG_DN_REV)) { + if ((flags & WOLFSSL_XN_FLAG_RFC2253) || + (flags & WOLFSSL_XN_FLAG_DN_REV)) { ne = wolfSSL_X509_NAME_get_entry(name, count - i - 1); } else { diff --git a/tests/api.c b/tests/api.c index 2441bc3fd..1758132b8 100644 --- a/tests/api.c +++ b/tests/api.c @@ -1621,7 +1621,7 @@ static int test_dual_alg_ecdsa_mldsa(void) defined(WOLFSSL_WC_DILITHIUM) && \ !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) && \ !defined(WOLFSSL_DILITHIUM_NO_SIGN) && \ - !defined(WOLFSSL_DILITHIUM_NO_VERIFY) + !defined(WOLFSSL_DILITHIUM_NO_VERIFY) && !defined(WOLFSSL_SMALL_STACK) WOLFSSL_CERT_MANAGER * cm = NULL; MlDsaKey alt_ca_key; ecc_key ca_key; @@ -1735,12 +1735,16 @@ static int test_dual_alg_ecdsa_mldsa(void) cm = wolfSSL_CertManagerNew(); ExpectNotNull(cm); + /* Load the certificate into CertManager. */ if (cm != NULL && final_der_sz > 0) { ret = wolfSSL_CertManagerLoadCABuffer(cm, final_der, final_der_sz, WOLFSSL_FILETYPE_ASN1); ExpectIntEQ(ret, WOLFSSL_SUCCESS); + } + if (cm != NULL) { wolfSSL_CertManagerFree(cm); + cm = NULL; } wc_ecc_free(&ca_key); diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 5e160c3eb..e1fa3814e 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -2451,8 +2451,9 @@ static int GetASNHeader_ex(const byte* input, byte tag, word32* inOutIdx, ret = ASN_PARSE_E; } else if ((input[(int)idx + length - 1] & 0x80) == 0x80) { - /* Last octet of a sub-identifier has bit 8 clear. Last octet must be - * last of a subidentifier. Ensure last octet hasn't got top bit set. */ + /* Last octet of a sub-identifier has bit 8 clear. Last octet must + * be last of a subidentifier. Ensure last octet hasn't got top bit + * set. */ WOLFSSL_MSG("OID last octet has top bit set"); ret = ASN_PARSE_E; } @@ -3629,8 +3630,8 @@ word32 SetIndefEnd(byte* output) /* Breaks an octet string up into chunks for use with streaming * returns 0 on success and updates idx */ -int StreamOctetString(const byte* inBuf, word32 inBufSz, byte* out, word32* outSz, - word32* idx) +int StreamOctetString(const byte* inBuf, word32 inBufSz, byte* out, + word32* outSz, word32* idx) { word32 i = 0; word32 outIdx = *idx; @@ -11477,8 +11478,8 @@ int wc_DsaKeyToParamsDer(DsaKey* key, byte* output, word32 inLen) } /* This version of the function allows output to be NULL. In that case, the - DsaKeyIntsToDer will return WC_NO_ERR_TRACE(LENGTH_ONLY_E) and the required output buffer - size will be pointed to by inLen. */ + DsaKeyIntsToDer will return WC_NO_ERR_TRACE(LENGTH_ONLY_E) and the required + output buffer size will be pointed to by inLen. */ int wc_DsaKeyToParamsDer_ex(DsaKey* key, byte* output, word32* inLen) { if (!key || !inLen) @@ -16265,7 +16266,8 @@ static WC_INLINE int IsSigAlgoECC(word32 algoOID) * @return Encoded data size on success. * @return 0 when dynamic memory allocation fails. */ -static word32 SetAlgoIDImpl(int algoOID, byte* output, int type, int curveSz, byte absentParams) +static word32 SetAlgoIDImpl(int algoOID, byte* output, int type, int curveSz, + byte absentParams) { #ifndef WOLFSSL_ASN_TEMPLATE word32 tagSz, idSz, seqSz, algoSz = 0; @@ -16395,7 +16397,8 @@ word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz) return SetAlgoIDImpl(algoOID, output, type, curveSz, FALSE); } -word32 SetAlgoIDEx(int algoOID, byte* output, int type, int curveSz, byte absentParams) +word32 SetAlgoIDEx(int algoOID, byte* output, int type, int curveSz, + byte absentParams) { return SetAlgoIDImpl(algoOID, output, type, curveSz, absentParams); } @@ -34375,7 +34378,8 @@ int wc_EccPrivateKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key, ret = BUFFER_E; else { #ifdef WOLFSSL_SMALL_STACK - pub = (byte*)XMALLOC(pubSz, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + pub = (byte*)XMALLOC(pubSz, key->heap, + DYNAMIC_TYPE_TMP_BUFFER); if (pub == NULL) ret = MEMORY_E; else @@ -36015,7 +36019,8 @@ int wc_Ed25519PrivateKeyToDer(ed25519_key* key, byte* output, word32 inLen) #if defined(HAVE_CURVE25519) && defined(HAVE_CURVE25519_KEY_EXPORT) /* Write only private Curve25519 key to DER format, * length on success else < 0 */ -int wc_Curve25519PrivateKeyToDer(curve25519_key* key, byte* output, word32 inLen) +int wc_Curve25519PrivateKeyToDer(curve25519_key* key, byte* output, + word32 inLen) { int ret; byte privKey[CURVE25519_KEYSIZE]; @@ -36057,7 +36062,8 @@ int wc_Curve25519PublicKeyToDer(curve25519_key* key, byte* output, word32 inLen, /* Export Curve25519 key to DER format - handles private only, public only, * or private+public key pairs based on what's set in the key structure. * Returns length written on success, negative on error */ -int wc_Curve25519KeyToDer(curve25519_key* key, byte* output, word32 inLen, int withAlg) +int wc_Curve25519KeyToDer(curve25519_key* key, byte* output, word32 inLen, + int withAlg) { int ret; byte privKey[CURVE25519_KEYSIZE]; @@ -36488,12 +36494,13 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size, single->status->thisDateParsed.length); #endif if (GetBasicDate(source, &idx, single->status->thisDate, - &single->status->thisDateFormat, size) < 0) + &single->status->thisDateFormat, size) < 0) return ASN_PARSE_E; #ifndef NO_ASN_TIME_CHECK #ifndef WOLFSSL_NO_OCSP_DATE_CHECK - if (!XVALIDATE_DATE(single->status->thisDate, single->status->thisDateFormat, ASN_BEFORE)) + if (!XVALIDATE_DATE(single->status->thisDate, + single->status->thisDateFormat, ASN_BEFORE)) return ASN_BEFORE_DATE_E; #endif #endif @@ -36524,7 +36531,7 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size, single->status->nextDateParsed.length); #endif if (GetBasicDate(source, &idx, single->status->nextDate, - &single->status->nextDateFormat, size) < 0) + &single->status->nextDateFormat, size) < 0) return ASN_PARSE_E; #ifndef NO_ASN_TIME_CHECK @@ -38685,7 +38692,7 @@ static int ParseCRL_CertList(RevokedCert* rcert, DecodedCRL* dcrl, { #if !defined(NO_ASN_TIME) && !defined(WOLFSSL_NO_CRL_DATE_CHECK) if (verify != NO_VERIFY && - !XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat, ASN_AFTER)) { + !XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat, ASN_AFTER)) { WOLFSSL_MSG("CRL after date is no longer valid"); WOLFSSL_ERROR_VERBOSE(CRL_CERT_DATE_ERR); return CRL_CERT_DATE_ERR; @@ -39790,8 +39797,8 @@ int wc_MIME_header_strip(char* in, char** out, size_t start, size_t end) } /***************************************************************************** -* wc_MIME_find_header_name - Searches through all given headers until a header with -* a name matching the provided name is found. +* wc_MIME_find_header_name - Searches through all given headers until a header +* with a name matching the provided name is found. * * RETURNS: * returns a pointer to the found header, if no match was found, returns NULL. @@ -39869,8 +39876,8 @@ char* wc_MIME_single_canonicalize(const char* line, word32* len) } /***************************************************************************** -* wc_MIME_free_hdrs - Frees all MIME headers, parameters and strings starting from -* the provided header pointer. +* wc_MIME_free_hdrs - Frees all MIME headers, parameters and strings starting +* from the provided header pointer. * * RETURNS: * returns zero on success, non-zero on error. @@ -40726,9 +40733,9 @@ int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz, const byte* e, #endif /* !NO_RSA && (!NO_BIG_INT || WOLFSSL_SP_MATH) */ #if defined(WOLFSSL_ACERT) && defined(WOLFSSL_ASN_TEMPLATE) -/* Initialize decoded certificate object with buffer of DER encoding. +/* Initialize decoded attribute certificate object with buffer of DER encoding. * - * @param [in, out] cert Decoded certificate object. + * @param [in, out] acert Decoded attribute certificate object. * @param [in] source Buffer containing DER encoded certificate. * @param [in] inSz Size of DER data in buffer in bytes. * @param [in] heap Dynamic memory hint. @@ -40755,7 +40762,7 @@ void InitDecodedAcert(DecodedAcert* acert, const byte* source, word32 inSz, /* Free the decoded attribute cert object's dynamic data. * - * @param [in, out] acert Attribute Decoded certificate object. + * @param [in, out] acert Decoded attribute certificate object. */ void FreeDecodedAcert(DecodedAcert * acert) { @@ -40792,7 +40799,7 @@ void FreeDecodedAcert(DecodedAcert * acert) * @param [in, out] inOutIdx On in, the index of the start of the OtherName. * On out, index after OtherName. * @param [in] len Length of data in buffer. - * @param [in] cert Decoded attribute certificate object. + * @param [in] acert Decoded attribute certificate object. * @param [in, out] entries Linked list of DNS name entries. * * @return 0 on success. @@ -40933,7 +40940,7 @@ static int DecodeAcertGeneralName(const byte* input, word32* inOutIdx, * @param [in] input Buffer holding encoded data. * @param [in] sz Size of encoded data in bytes. * @param [in] tag ASN.1 tag value expected in header. - * @param [in, out] cert Decoded certificate object. + * @param [in, out] acert Decoded certificate object. * @param [in, out] entries Linked list of DNS name entries. * * @return 0 on success. @@ -41059,11 +41066,10 @@ enum { #define HolderASN_Length (sizeof(HolderASN) / sizeof(ASNItem)) /* Decode the Holder field of an x509 attribute certificate. - * * * @param [in] input Buffer containing encoded Holder field. * @param [in] len Length of Holder field. - * @param [in] cert Decoded certificate object. + * @param [in, out] acert Decoded certificate object. * * @return 0 on success. * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or @@ -41227,7 +41233,7 @@ enum { * * @param [in] input Buffer containing encoded AttCertIssuer field. * @param [in] len Length of Holder field. - * @param [in] cert Decoded certificate object. + * @param [in,out] acert Decoded attribute certificate object. * * @return 0 on success. * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or @@ -41403,8 +41409,10 @@ enum { * - extensions * - attributes * - * Returns 0 on success. - * Returns negative error code on error/failure. + * @param [in, out] acert Decoded attribute certificate object. + * @param [in] verify Whether to verify dates. + * @return 0 on success. + * @return negative error code on error/fail. * */ int ParseX509Acert(DecodedAcert* acert, int verify) { @@ -41614,7 +41622,6 @@ int ParseX509Acert(DecodedAcert* acert, int verify) } /* Given the parsed attribute cert info, verify the signature. - * * The sigCtx is alloced and freed here. * * @param [in] acinfo the parsed acinfo sequence @@ -41705,7 +41712,7 @@ int VerifyX509Acert(const byte* der, word32 derSz, const byte * sigParams = NULL; word32 sigParamsSz = 0; - WOLFSSL_MSG("ParseX509Acert"); + WOLFSSL_MSG("VerifyX509Acert"); if (der == NULL || pubKey == NULL || derSz == 0 || pubKeySz == 0) { WOLFSSL_MSG("error: VerifyX509Acert: bad args"); @@ -41794,6 +41801,10 @@ int VerifyX509Acert(const byte* der, word32 derSz, return ret; } +/** + * Wrapper API to expose Acert ASN functions. See Acert ASN functions + * for comments. + * */ void wc_InitDecodedAcert(DecodedAcert* acert, const byte* source, word32 inSz, void* heap) {