feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

dual alg: clean up comments and line lengths.

Browse Source
This commit is contained in:
jordan
2025-02-07 09:22:16 -05:00
parent 3df616ae58
commit 937d6d404a
3 changed files with 55 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/x509.c
View File

@@ -1695,10 +1695,10 @@ int wolfSSL_X509_EXTENSION_set_critical(WOLFSSL_X509_EXTENSION* ex, int crit)
* Returns NULL on error or pointer to the v3_ext_method populated with * Returns NULL on error or pointer to the v3_ext_method populated with
* extension type-specific X509V3_EXT_* function(s). * extension type-specific X509V3_EXT_* function(s).
* *
* NOTE: WC_NID_subject_key_identifier is currently the only extension implementing * NOTE: WC_NID_subject_key_identifier is currently the only extension
* the X509V3_EXT_* functions, as it is the only type called directly by QT. The * implementing the X509V3_EXT_* functions, as it is the only type called
* other extension types return a pointer to a v3_ext_method struct that * directly by QT. The other extension types return a pointer to a
* contains only the NID. * v3_ext_method struct that contains only the NID.
*/ */
#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L #if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
const WOLFSSL_v3_ext_method* wolfSSL_X509V3_EXT_get(WOLFSSL_X509_EXTENSION* ex) const WOLFSSL_v3_ext_method* wolfSSL_X509V3_EXT_get(WOLFSSL_X509_EXTENSION* ex)
@@ -4559,7 +4559,8 @@ error:
* WOLFSSL_SUCCESS otherwise. * WOLFSSL_SUCCESS otherwise.
*/ */
int wolfSSL_GENERAL_NAME_set0_othername(WOLFSSL_GENERAL_NAME* gen, int wolfSSL_GENERAL_NAME_set0_othername(WOLFSSL_GENERAL_NAME* gen,
WOLFSSL_ASN1_OBJECT* oid, WOLFSSL_ASN1_TYPE* value) WOLFSSL_ASN1_OBJECT* oid,
WOLFSSL_ASN1_TYPE* value)
{ {
WOLFSSL_ASN1_OBJECT *x = NULL; WOLFSSL_ASN1_OBJECT *x = NULL;
@@ -13951,7 +13952,8 @@ int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509_NAME* name,
int tmpSz; int tmpSz;
/* reverse name order for RFC2253 and DN_REV */ /* reverse name order for RFC2253 and DN_REV */
if ((flags & WOLFSSL_XN_FLAG_RFC2253) || (flags & WOLFSSL_XN_FLAG_DN_REV)) { if ((flags & WOLFSSL_XN_FLAG_RFC2253) ||
(flags & WOLFSSL_XN_FLAG_DN_REV)) {
ne = wolfSSL_X509_NAME_get_entry(name, count - i - 1); ne = wolfSSL_X509_NAME_get_entry(name, count - i - 1);
} }
else { else {

6
tests/api.c
View File

@@ -1621,7 +1621,7 @@ static int test_dual_alg_ecdsa_mldsa(void)
defined(WOLFSSL_WC_DILITHIUM) && \ defined(WOLFSSL_WC_DILITHIUM) && \
!defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) && \ !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) && \
!defined(WOLFSSL_DILITHIUM_NO_SIGN) && \ !defined(WOLFSSL_DILITHIUM_NO_SIGN) && \
!defined(WOLFSSL_DILITHIUM_NO_VERIFY) !defined(WOLFSSL_DILITHIUM_NO_VERIFY) && !defined(WOLFSSL_SMALL_STACK)
WOLFSSL_CERT_MANAGER * cm = NULL; WOLFSSL_CERT_MANAGER * cm = NULL;
MlDsaKey alt_ca_key; MlDsaKey alt_ca_key;
ecc_key ca_key; ecc_key ca_key;
@@ -1735,12 +1735,16 @@ static int test_dual_alg_ecdsa_mldsa(void)
cm = wolfSSL_CertManagerNew(); cm = wolfSSL_CertManagerNew();
ExpectNotNull(cm); ExpectNotNull(cm);
/* Load the certificate into CertManager. */
if (cm != NULL && final_der_sz > 0) { if (cm != NULL && final_der_sz > 0) {
ret = wolfSSL_CertManagerLoadCABuffer(cm, final_der, final_der_sz, ret = wolfSSL_CertManagerLoadCABuffer(cm, final_der, final_der_sz,
WOLFSSL_FILETYPE_ASN1); WOLFSSL_FILETYPE_ASN1);
ExpectIntEQ(ret, WOLFSSL_SUCCESS); ExpectIntEQ(ret, WOLFSSL_SUCCESS);
}
if (cm != NULL) {
wolfSSL_CertManagerFree(cm); wolfSSL_CertManagerFree(cm);
cm = NULL;
} }
wc_ecc_free(&ca_key); wc_ecc_free(&ca_key);

73
wolfcrypt/src/asn.c
View File

@@ -2451,8 +2451,9 @@ static int GetASNHeader_ex(const byte* input, byte tag, word32* inOutIdx,
ret = ASN_PARSE_E; ret = ASN_PARSE_E;
} }
else if ((input[(int)idx + length - 1] & 0x80) == 0x80) { else if ((input[(int)idx + length - 1] & 0x80) == 0x80) {
/* Last octet of a sub-identifier has bit 8 clear. Last octet must be /* Last octet of a sub-identifier has bit 8 clear. Last octet must
* last of a subidentifier. Ensure last octet hasn't got top bit set. */ * be last of a subidentifier. Ensure last octet hasn't got top bit
* set. */
WOLFSSL_MSG("OID last octet has top bit set"); WOLFSSL_MSG("OID last octet has top bit set");
ret = ASN_PARSE_E; ret = ASN_PARSE_E;
} }
@@ -3629,8 +3630,8 @@ word32 SetIndefEnd(byte* output)
/* Breaks an octet string up into chunks for use with streaming /* Breaks an octet string up into chunks for use with streaming
* returns 0 on success and updates idx */ * returns 0 on success and updates idx */
int StreamOctetString(const byte* inBuf, word32 inBufSz, byte* out, word32* outSz, int StreamOctetString(const byte* inBuf, word32 inBufSz, byte* out,
word32* idx) word32* outSz, word32* idx)
{ {
word32 i = 0; word32 i = 0;
word32 outIdx = *idx; word32 outIdx = *idx;
@@ -11477,8 +11478,8 @@ int wc_DsaKeyToParamsDer(DsaKey* key, byte* output, word32 inLen)
} }
/* This version of the function allows output to be NULL. In that case, the /* This version of the function allows output to be NULL. In that case, the
DsaKeyIntsToDer will return WC_NO_ERR_TRACE(LENGTH_ONLY_E) and the required output buffer DsaKeyIntsToDer will return WC_NO_ERR_TRACE(LENGTH_ONLY_E) and the required
size will be pointed to by inLen. */ output buffer size will be pointed to by inLen. */
int wc_DsaKeyToParamsDer_ex(DsaKey* key, byte* output, word32* inLen) int wc_DsaKeyToParamsDer_ex(DsaKey* key, byte* output, word32* inLen)
{ {
if (!key || !inLen) if (!key || !inLen)
@@ -16265,7 +16266,8 @@ static WC_INLINE int IsSigAlgoECC(word32 algoOID)
* @return Encoded data size on success. * @return Encoded data size on success.
* @return 0 when dynamic memory allocation fails. * @return 0 when dynamic memory allocation fails.
*/ */
static word32 SetAlgoIDImpl(int algoOID, byte* output, int type, int curveSz, byte absentParams) static word32 SetAlgoIDImpl(int algoOID, byte* output, int type, int curveSz,
byte absentParams)
{ {
#ifndef WOLFSSL_ASN_TEMPLATE #ifndef WOLFSSL_ASN_TEMPLATE
word32 tagSz, idSz, seqSz, algoSz = 0; word32 tagSz, idSz, seqSz, algoSz = 0;
@@ -16395,7 +16397,8 @@ word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz)
return SetAlgoIDImpl(algoOID, output, type, curveSz, FALSE); return SetAlgoIDImpl(algoOID, output, type, curveSz, FALSE);
} }
word32 SetAlgoIDEx(int algoOID, byte* output, int type, int curveSz, byte absentParams) word32 SetAlgoIDEx(int algoOID, byte* output, int type, int curveSz,
byte absentParams)
{ {
return SetAlgoIDImpl(algoOID, output, type, curveSz, absentParams); return SetAlgoIDImpl(algoOID, output, type, curveSz, absentParams);
} }
@@ -34375,7 +34378,8 @@ int wc_EccPrivateKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key,
ret = BUFFER_E; ret = BUFFER_E;
else { else {
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
pub = (byte*)XMALLOC(pubSz, key->heap, DYNAMIC_TYPE_TMP_BUFFER); pub = (byte*)XMALLOC(pubSz, key->heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (pub == NULL) if (pub == NULL)
ret = MEMORY_E; ret = MEMORY_E;
else else
@@ -36015,7 +36019,8 @@ int wc_Ed25519PrivateKeyToDer(ed25519_key* key, byte* output, word32 inLen)
#if defined(HAVE_CURVE25519) && defined(HAVE_CURVE25519_KEY_EXPORT) #if defined(HAVE_CURVE25519) && defined(HAVE_CURVE25519_KEY_EXPORT)
/* Write only private Curve25519 key to DER format, /* Write only private Curve25519 key to DER format,
* length on success else < 0 */ * length on success else < 0 */
int wc_Curve25519PrivateKeyToDer(curve25519_key* key, byte* output, word32 inLen) int wc_Curve25519PrivateKeyToDer(curve25519_key* key, byte* output,
word32 inLen)
{ {
int ret; int ret;
byte privKey[CURVE25519_KEYSIZE]; byte privKey[CURVE25519_KEYSIZE];
@@ -36057,7 +36062,8 @@ int wc_Curve25519PublicKeyToDer(curve25519_key* key, byte* output, word32 inLen,
/* Export Curve25519 key to DER format - handles private only, public only, /* Export Curve25519 key to DER format - handles private only, public only,
* or private+public key pairs based on what's set in the key structure. * or private+public key pairs based on what's set in the key structure.
* Returns length written on success, negative on error */ * Returns length written on success, negative on error */
int wc_Curve25519KeyToDer(curve25519_key* key, byte* output, word32 inLen, int withAlg) int wc_Curve25519KeyToDer(curve25519_key* key, byte* output, word32 inLen,
int withAlg)
{ {
int ret; int ret;
byte privKey[CURVE25519_KEYSIZE]; byte privKey[CURVE25519_KEYSIZE];
@@ -36488,12 +36494,13 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size,
single->status->thisDateParsed.length); single->status->thisDateParsed.length);
#endif #endif
if (GetBasicDate(source, &idx, single->status->thisDate, if (GetBasicDate(source, &idx, single->status->thisDate,
&single->status->thisDateFormat, size) < 0) &single->status->thisDateFormat, size) < 0)
return ASN_PARSE_E; return ASN_PARSE_E;
#ifndef NO_ASN_TIME_CHECK #ifndef NO_ASN_TIME_CHECK
#ifndef WOLFSSL_NO_OCSP_DATE_CHECK #ifndef WOLFSSL_NO_OCSP_DATE_CHECK
if (!XVALIDATE_DATE(single->status->thisDate, single->status->thisDateFormat, ASN_BEFORE)) if (!XVALIDATE_DATE(single->status->thisDate,
single->status->thisDateFormat, ASN_BEFORE))
return ASN_BEFORE_DATE_E; return ASN_BEFORE_DATE_E;
#endif #endif
#endif #endif
@@ -36524,7 +36531,7 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size,
single->status->nextDateParsed.length); single->status->nextDateParsed.length);
#endif #endif
if (GetBasicDate(source, &idx, single->status->nextDate, if (GetBasicDate(source, &idx, single->status->nextDate,
&single->status->nextDateFormat, size) < 0) &single->status->nextDateFormat, size) < 0)
return ASN_PARSE_E; return ASN_PARSE_E;
#ifndef NO_ASN_TIME_CHECK #ifndef NO_ASN_TIME_CHECK
@@ -38685,7 +38692,7 @@ static int ParseCRL_CertList(RevokedCert* rcert, DecodedCRL* dcrl,
{ {
#if !defined(NO_ASN_TIME) && !defined(WOLFSSL_NO_CRL_DATE_CHECK) #if !defined(NO_ASN_TIME) && !defined(WOLFSSL_NO_CRL_DATE_CHECK)
if (verify != NO_VERIFY && if (verify != NO_VERIFY &&
!XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat, ASN_AFTER)) { !XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat, ASN_AFTER)) {
WOLFSSL_MSG("CRL after date is no longer valid"); WOLFSSL_MSG("CRL after date is no longer valid");
WOLFSSL_ERROR_VERBOSE(CRL_CERT_DATE_ERR); WOLFSSL_ERROR_VERBOSE(CRL_CERT_DATE_ERR);
return CRL_CERT_DATE_ERR; return CRL_CERT_DATE_ERR;
@@ -39790,8 +39797,8 @@ int wc_MIME_header_strip(char* in, char** out, size_t start, size_t end)
} }
/***************************************************************************** /*****************************************************************************
* wc_MIME_find_header_name - Searches through all given headers until a header with * wc_MIME_find_header_name - Searches through all given headers until a header
* a name matching the provided name is found. * with a name matching the provided name is found.
* *
* RETURNS: * RETURNS:
* returns a pointer to the found header, if no match was found, returns NULL. * returns a pointer to the found header, if no match was found, returns NULL.
@@ -39869,8 +39876,8 @@ char* wc_MIME_single_canonicalize(const char* line, word32* len)
} }
/***************************************************************************** /*****************************************************************************
* wc_MIME_free_hdrs - Frees all MIME headers, parameters and strings starting from * wc_MIME_free_hdrs - Frees all MIME headers, parameters and strings starting
* the provided header pointer. * from the provided header pointer.
* *
* RETURNS: * RETURNS:
* returns zero on success, non-zero on error. * returns zero on success, non-zero on error.
@@ -40726,9 +40733,9 @@ int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz, const byte* e,
#endif /* !NO_RSA && (!NO_BIG_INT || WOLFSSL_SP_MATH) */ #endif /* !NO_RSA && (!NO_BIG_INT || WOLFSSL_SP_MATH) */
#if defined(WOLFSSL_ACERT) && defined(WOLFSSL_ASN_TEMPLATE) #if defined(WOLFSSL_ACERT) && defined(WOLFSSL_ASN_TEMPLATE)
/* Initialize decoded certificate object with buffer of DER encoding. /* Initialize decoded attribute certificate object with buffer of DER encoding.
* *
* @param [in, out] cert Decoded certificate object. * @param [in, out] acert Decoded attribute certificate object.
* @param [in] source Buffer containing DER encoded certificate. * @param [in] source Buffer containing DER encoded certificate.
* @param [in] inSz Size of DER data in buffer in bytes. * @param [in] inSz Size of DER data in buffer in bytes.
* @param [in] heap Dynamic memory hint. * @param [in] heap Dynamic memory hint.
@@ -40755,7 +40762,7 @@ void InitDecodedAcert(DecodedAcert* acert, const byte* source, word32 inSz,
/* Free the decoded attribute cert object's dynamic data. /* Free the decoded attribute cert object's dynamic data.
* *
* @param [in, out] acert Attribute Decoded certificate object. * @param [in, out] acert Decoded attribute certificate object.
*/ */
void FreeDecodedAcert(DecodedAcert * acert) void FreeDecodedAcert(DecodedAcert * acert)
{ {
@@ -40792,7 +40799,7 @@ void FreeDecodedAcert(DecodedAcert * acert)
* @param [in, out] inOutIdx On in, the index of the start of the OtherName. * @param [in, out] inOutIdx On in, the index of the start of the OtherName.
* On out, index after OtherName. * On out, index after OtherName.
* @param [in] len Length of data in buffer. * @param [in] len Length of data in buffer.
* @param [in] cert Decoded attribute certificate object. * @param [in] acert Decoded attribute certificate object.
* @param [in, out] entries Linked list of DNS name entries. * @param [in, out] entries Linked list of DNS name entries.
* *
* @return 0 on success. * @return 0 on success.
@@ -40933,7 +40940,7 @@ static int DecodeAcertGeneralName(const byte* input, word32* inOutIdx,
* @param [in] input Buffer holding encoded data. * @param [in] input Buffer holding encoded data.
* @param [in] sz Size of encoded data in bytes. * @param [in] sz Size of encoded data in bytes.
* @param [in] tag ASN.1 tag value expected in header. * @param [in] tag ASN.1 tag value expected in header.
* @param [in, out] cert Decoded certificate object. * @param [in, out] acert Decoded certificate object.
* @param [in, out] entries Linked list of DNS name entries. * @param [in, out] entries Linked list of DNS name entries.
* *
* @return 0 on success. * @return 0 on success.
@@ -41059,11 +41066,10 @@ enum {
#define HolderASN_Length (sizeof(HolderASN) / sizeof(ASNItem)) #define HolderASN_Length (sizeof(HolderASN) / sizeof(ASNItem))
/* Decode the Holder field of an x509 attribute certificate. /* Decode the Holder field of an x509 attribute certificate.
*
* *
* @param [in] input Buffer containing encoded Holder field. * @param [in] input Buffer containing encoded Holder field.
* @param [in] len Length of Holder field. * @param [in] len Length of Holder field.
* @param [in] cert Decoded certificate object. * @param [in, out] acert Decoded certificate object.
* *
* @return 0 on success. * @return 0 on success.
* @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or
@@ -41227,7 +41233,7 @@ enum {
* *
* @param [in] input Buffer containing encoded AttCertIssuer field. * @param [in] input Buffer containing encoded AttCertIssuer field.
* @param [in] len Length of Holder field. * @param [in] len Length of Holder field.
* @param [in] cert Decoded certificate object. * @param [in,out] acert Decoded attribute certificate object.
* *
* @return 0 on success. * @return 0 on success.
* @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or
@@ -41403,8 +41409,10 @@ enum {
* - extensions * - extensions
* - attributes * - attributes
* *
* Returns 0 on success. * @param [in, out] acert Decoded attribute certificate object.
* Returns negative error code on error/failure. * @param [in] verify Whether to verify dates.
* @return 0 on success.
* @return negative error code on error/fail.
* */ * */
int ParseX509Acert(DecodedAcert* acert, int verify) int ParseX509Acert(DecodedAcert* acert, int verify)
{ {
@@ -41614,7 +41622,6 @@ int ParseX509Acert(DecodedAcert* acert, int verify)
} }
/* Given the parsed attribute cert info, verify the signature. /* Given the parsed attribute cert info, verify the signature.
*
* The sigCtx is alloced and freed here. * The sigCtx is alloced and freed here.
* *
* @param [in] acinfo the parsed acinfo sequence * @param [in] acinfo the parsed acinfo sequence
@@ -41705,7 +41712,7 @@ int VerifyX509Acert(const byte* der, word32 derSz,
const byte * sigParams = NULL; const byte * sigParams = NULL;
word32 sigParamsSz = 0; word32 sigParamsSz = 0;
WOLFSSL_MSG("ParseX509Acert"); WOLFSSL_MSG("VerifyX509Acert");
if (der == NULL || pubKey == NULL || derSz == 0 || pubKeySz == 0) { if (der == NULL || pubKey == NULL || derSz == 0 || pubKeySz == 0) {
WOLFSSL_MSG("error: VerifyX509Acert: bad args"); WOLFSSL_MSG("error: VerifyX509Acert: bad args");
@@ -41794,6 +41801,10 @@ int VerifyX509Acert(const byte* der, word32 derSz,
return ret; return ret;
} }
/**
* Wrapper API to expose Acert ASN functions. See Acert ASN functions
* for comments.
* */
void wc_InitDecodedAcert(DecodedAcert* acert, const byte* source, word32 inSz, void wc_InitDecodedAcert(DecodedAcert* acert, const byte* source, word32 inSz,
void* heap) void* heap)
{ {