diff --git a/certs/ecc-keyPkcs8.der b/certs/ecc-keyPkcs8.der new file mode 100644 index 000000000..71034c548 Binary files /dev/null and b/certs/ecc-keyPkcs8.der differ diff --git a/certs/ecc-keyPkcs8Enc.der b/certs/ecc-keyPkcs8Enc.der new file mode 100644 index 000000000..c325ffa6a Binary files /dev/null and b/certs/ecc-keyPkcs8Enc.der differ diff --git a/certs/include.am b/certs/include.am index 8e1b17efe..86eb71755 100644 --- a/certs/include.am +++ b/certs/include.am @@ -14,8 +14,10 @@ EXTRA_DIST += \ certs/ecc-privkey.pem \ certs/ecc-privkeyPkcs8.pem \ certs/ecc-keyPkcs8Enc.pem \ + certs/ecc-keyPkcs8Enc.der \ certs/ecc-key-comp.pem \ certs/ecc-keyPkcs8.pem \ + certs/ecc-keyPkcs8.der \ certs/ecc-client-key.pem \ certs/ecc-client-keyPub.pem \ certs/client-ecc-cert.pem \ @@ -33,6 +35,7 @@ EXTRA_DIST += \ certs/server-keyPkcs8Enc12.pem \ certs/server-keyPkcs8Enc2.pem \ certs/server-keyPkcs8Enc.pem \ + certs/server-keyPkcs8Enc.der \ certs/server-keyPkcs8.pem \ certs/server-revoked-cert.pem \ certs/server-revoked-key.pem \ diff --git a/certs/server-keyPkcs8Enc.der b/certs/server-keyPkcs8Enc.der new file mode 100644 index 000000000..c098580ba Binary files /dev/null and b/certs/server-keyPkcs8Enc.der differ diff --git a/examples/client/client.c b/examples/client/client.c index 15b432bbf..134164f35 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -2193,7 +2193,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #ifdef HAVE_PK_CALLBACKS pkCbInfo.ourKey = ourKey; #endif - if (!loadCertKeyIntoSSLObj + if (useClientCert && !loadCertKeyIntoSSLObj #if defined(HAVE_PK_CALLBACKS) && defined(TEST_PK_PRIVKEY) && !pkCallbacks #endif diff --git a/src/internal.c b/src/internal.c index 570b01f87..926f92d51 100644 --- a/src/internal.c +++ b/src/internal.c @@ -2882,6 +2882,7 @@ void InitX509Name(WOLFSSL_X509_NAME* name, int dynamicFlag) if (name != NULL) { name->name = name->staticName; name->dynamicName = 0; + name->sz = 0; #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) XMEMSET(&name->fullName, 0, sizeof(DecodedName)); XMEMSET(&name->cnEntry, 0, sizeof(WOLFSSL_X509_NAME_ENTRY)); @@ -2912,6 +2913,7 @@ void FreeX509Name(WOLFSSL_X509_NAME* name, void* heap) XFREE(name->extra[i].data.data, heap, DYNAMIC_TYPE_OPENSSL); } } + wolfSSL_ASN1_OBJECT_free(&name->cnEntry.object); } #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ } diff --git a/src/ssl.c b/src/ssl.c index ac9d8d23d..f13eda629 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -96,6 +96,9 @@ && !defined(WC_NO_RNG) #include #endif + #if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) + #include + #endif /* OPENSSL_ALL && HAVE_PKCS7 */ #endif #ifdef NO_ASN @@ -6576,6 +6579,7 @@ WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY_bio(WOLFSSL_BIO* bio, unsigned char* mem; int memSz; int keySz; + word32 algId; WOLFSSL_MSG("wolfSSL_d2i_PKCS8_PKEY_bio()"); @@ -6590,7 +6594,7 @@ WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY_bio(WOLFSSL_BIO* bio, if ((keySz = wc_KeyPemToDer(mem, memSz, mem, memSz, NULL)) < 0) { WOLFSSL_MSG("Not PEM format"); keySz = memSz; - if ((keySz = ToTraditional((byte*)mem, (word32)keySz)) < 0) { + if ((keySz = ToTraditional((byte*)mem, (word32)keySz, &algId)) < 0) { return NULL; } } @@ -6799,6 +6803,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey(int type, WOLFSSL_EVP_PKEY** out, WOLFSSL_EVP_PKEY* local; word32 idx = 0; int ret; + word32 algId; WOLFSSL_ENTER("wolfSSL_d2i_PrivateKey"); @@ -6809,8 +6814,8 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey(int type, WOLFSSL_EVP_PKEY** out, /* Check if input buffer has PKCS8 header. In the case that it does not * have a PKCS8 header then do not error out. */ - if ((ret = ToTraditionalInline((const byte*)(*in), &idx, (word32)inSz)) - > 0) { + if ((ret = ToTraditionalInline((const byte*)(*in), &idx, (word32)inSz, + &algId)) > 0) { WOLFSSL_MSG("Found and removed PKCS8 header"); } else { @@ -14666,8 +14671,8 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) #endif /* OPENSSL_EXTRA */ -#ifdef KEEP_PEER_CERT - #ifdef SESSION_CERTS +#if (defined(KEEP_PEER_CERT) && defined(SESSION_CERTS)) || \ + (defined(OPENSSL_ALL) && defined(HAVE_PKCS7)) /* Decode the X509 DER encoded certificate into a WOLFSSL_X509 object. * * x509 WOLFSSL_X509 object to decode into. @@ -14705,9 +14710,10 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) return ret; } - #endif /* SESSION_CERTS */ +#endif /* (KEEP_PEER_CERT && SESSION_CERTS) || (OPENSSL_ALL && HAVE_PKCS7) */ +#ifdef KEEP_PEER_CERT WOLFSSL_X509* wolfSSL_get_peer_certificate(WOLFSSL* ssl) { WOLFSSL_ENTER("SSL_get_peer_certificate"); @@ -15192,7 +15198,7 @@ void wolfSSL_sk_X509_pop_free(STACK_OF(WOLFSSL_X509)* sk, void f (WOLFSSL_X509*) /* free head of stack */ if (sk->num == 1) { - f(sk->data.x509); + f(sk->data.x509); } XFREE(sk, NULL, DYNAMIC_TYPE_X509); } @@ -15308,7 +15314,7 @@ void wolfSSL_sk_GENERAL_NAME_pop_free(WOLFSSL_STACK* sk, /* free head of stack */ if (sk->num == 1) { - wolfSSL_ASN1_OBJECT_free(sk->data.obj); + wolfSSL_ASN1_OBJECT_free(sk->data.obj); } XFREE(sk, NULL, DYNAMIC_TYPE_ASN1); @@ -15537,7 +15543,48 @@ WOLFSSL_X509* wolfSSL_get_certificate(WOLFSSL* ssl) #endif /* NO_CERTS */ +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) +#ifndef NO_ASN +void wolfSSL_ASN1_OBJECT_free(WOLFSSL_ASN1_OBJECT* obj) +{ + if (obj == NULL) { + return; + } + + if ((obj->obj != NULL) && ((obj->dynamic & WOLFSSL_ASN1_DYNAMIC_DATA) != 0)) { + WOLFSSL_MSG("Freeing ASN1 data"); + XFREE((void*)obj->obj, obj->heap, DYNAMIC_TYPE_ASN1); + obj->obj = NULL; + + } + if ((obj->dynamic & WOLFSSL_ASN1_DYNAMIC) != 0) { + WOLFSSL_MSG("Freeing ASN1 OBJECT"); + XFREE(obj, NULL, DYNAMIC_TYPE_ASN1); + } +} +#endif /* NO_ASN */ +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ + #ifdef OPENSSL_EXTRA +#ifndef NO_ASN +WOLFSSL_ASN1_OBJECT* wolfSSL_ASN1_OBJECT_new(void) +{ + WOLFSSL_ASN1_OBJECT* obj; + + obj = (WOLFSSL_ASN1_OBJECT*)XMALLOC(sizeof(WOLFSSL_ASN1_OBJECT), NULL, + DYNAMIC_TYPE_ASN1); + if (obj == NULL) { + return NULL; + } + + XMEMSET(obj, 0, sizeof(WOLFSSL_ASN1_OBJECT)); + obj->d.ia5 = &(obj->d.ia5_internal); + obj->dynamic |= WOLFSSL_ASN1_DYNAMIC; + return obj; +} +#endif /* NO_ASN */ + + /* return 1 on success 0 on fail */ int wolfSSL_sk_ASN1_OBJECT_push(WOLF_STACK_OF(WOLFSSL_ASN1_OBJEXT)* sk, WOLFSSL_ASN1_OBJECT* obj) @@ -15606,41 +15653,6 @@ WOLFSSL_ASN1_OBJECT* wolfSSL_sk_ASN1_OBJCET_pop( #ifndef NO_ASN -WOLFSSL_ASN1_OBJECT* wolfSSL_ASN1_OBJECT_new(void) -{ - WOLFSSL_ASN1_OBJECT* obj; - - obj = (WOLFSSL_ASN1_OBJECT*)XMALLOC(sizeof(WOLFSSL_ASN1_OBJECT), NULL, - DYNAMIC_TYPE_ASN1); - if (obj == NULL) { - return NULL; - } - - XMEMSET(obj, 0, sizeof(WOLFSSL_ASN1_OBJECT)); - obj->d.ia5 = &(obj->d.ia5_internal); - obj->dynamic |= WOLFSSL_ASN1_DYNAMIC; - return obj; -} - - -void wolfSSL_ASN1_OBJECT_free(WOLFSSL_ASN1_OBJECT* obj) -{ - if (obj == NULL) { - return; - } - - if ((obj->obj != NULL) && ((obj->dynamic & WOLFSSL_ASN1_DYNAMIC_DATA) != 0)) { - WOLFSSL_MSG("Freeing ASN1 data"); - XFREE((void*)obj->obj, obj->heap, DYNAMIC_TYPE_ASN1); - - } - if ((obj->dynamic & WOLFSSL_ASN1_DYNAMIC) != 0) { - WOLFSSL_MSG("Freeing ASN1 OBJECT"); - XFREE(obj, NULL, DYNAMIC_TYPE_ASN1); - } -} - - /* free structure for x509 stack */ void wolfSSL_sk_ASN1_OBJECT_free(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk) { @@ -15708,7 +15720,7 @@ void wolfSSL_set_connect_state(WOLFSSL* ssl) WOLFSSL_MSG("Error initializing client side"); } } -#endif /* OPENSSL_EXTRA || WOLFSSL_EXTRA */ +#endif /* OPENSSL_EXTRA */ int wolfSSL_get_shutdown(const WOLFSSL* ssl) @@ -16550,7 +16562,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509) sizeof(" Version: ")) <= 0) { return WOLFSSL_FAILURE; } - XSNPRINTF(tmp, sizeof(tmp), "%d\n", version); + XSNPRINTF(tmp, sizeof(tmp), "%d\n", version); if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { return WOLFSSL_FAILURE; } @@ -21184,7 +21196,7 @@ void wolfSSL_AES_ecb_encrypt(const unsigned char *in, unsigned char* out, } #endif /* HAVE_AES_ECB */ -#if defined(HAVE_AES_CBC) +#ifdef HAVE_AES_CBC /* Encrypt data using key and iv passed in. iv gets updated to most recent iv * state after encryptiond/decryption. * @@ -25518,7 +25530,7 @@ int wolfSSL_HMAC_Final(WOLFSSL_HMAC_CTX* ctx, unsigned char* hash, WOLFSSL_MSG("wolfSSL_HMAC_Final"); - /* "len" parameter is optional. */ + /* "len" parameter is optional. */ if (ctx == NULL || hash == NULL) { WOLFSSL_MSG("invalid parameter"); return WOLFSSL_FAILURE; @@ -26941,6 +26953,64 @@ int wolfSSL_EC_KEY_set_public_key(WOLFSSL_EC_KEY *key, } /* End EC_KEY */ + +char* wolfSSL_EC_POINT_point2hex(const WOLFSSL_EC_GROUP* group, + const WOLFSSL_EC_POINT* point, int form, + WOLFSSL_BN_CTX* ctx) +{ + static const char* hexDigit = "0123456789ABCDEF"; + char* hex = NULL; + int id = wc_ecc_get_curve_id(group->curve_idx); + int i, sz, len; + + (void)ctx; + + if (group == NULL || point == NULL) + return NULL; + + if ((sz = wc_ecc_get_curve_size_from_id(id)) < 0) + return NULL; + + len = sz + 1; + if (form == POINT_CONVERSION_UNCOMPRESSED) + len += sz; + + hex = (char*)XMALLOC(2 * len + 1, NULL, DYNAMIC_TYPE_ECC); + if (hex == NULL) + return NULL; + XMEMSET(hex, 0, 2 * len + 1); + + /* Put in x-ordinate after format byte. */ + i = sz - mp_unsigned_bin_size((mp_int*)point->X->internal) + 1; + if (mp_to_unsigned_bin((mp_int*)point->X->internal, (byte*)(hex + i)) < 0) { + XFREE(hex, NULL, DYNAMIC_TYPE_ECC); + return NULL; + } + + if (form == POINT_CONVERSION_COMPRESSED) { + hex[0] = mp_isodd((mp_int*)point->Y->internal) ? ECC_POINT_COMP_ODD : + ECC_POINT_COMP_EVEN; + } + else { + hex[0] = ECC_POINT_UNCOMP; + /* Put in y-ordinate after x-ordinate */ + i = 1 + 2 * sz - mp_unsigned_bin_size((mp_int*)point->Y->internal); + if (mp_to_unsigned_bin((mp_int*)point->Y->internal, + (byte*)(hex + i)) < 0) { + XFREE(hex, NULL, DYNAMIC_TYPE_ECC); + return NULL; + } + } + + for (i = len-1; i >= 0; i--) { + byte b = hex[i]; + hex[i * 2 + 1] = hexDigit[b & 0xf]; + hex[i * 2 ] = hexDigit[b >> 4]; + } + + return hex; +} + void wolfSSL_EC_POINT_dump(const char *msg, const WOLFSSL_EC_POINT *p) { #if defined(DEBUG_WOLFSSL) @@ -28266,7 +28336,9 @@ static int pem_read_bio_key(WOLFSSL_BIO* bio, pem_password_cb* cb, void* pass, } WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio, - WOLFSSL_EVP_PKEY** key, pem_password_cb* cb, void* pass) + WOLFSSL_EVP_PKEY** key, + pem_password_cb* cb, + void* pass) { WOLFSSL_EVP_PKEY* pkey = NULL; DerBuffer* der = NULL; @@ -29773,8 +29845,366 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) } #endif + int wolfSSL_PEM_write_X509(XFILE fp, WOLFSSL_X509* x) + { + int ret; + WOLFSSL_BIO* bio; + + if (x == NULL) + return 0; + + bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file()); + if (bio == NULL) + return 0; + + if (wolfSSL_BIO_set_fp(bio, fp, BIO_NOCLOSE) != WOLFSSL_SUCCESS) { + wolfSSL_BIO_free(bio); + bio = NULL; + } + + ret = wolfSSL_PEM_write_bio_X509(bio, x); + + if (bio != NULL) + wolfSSL_BIO_free(bio); + + return ret; + } #endif + #define PEM_BEGIN "-----BEGIN " + #define PEM_BEGIN_SZ 11 + #define PEM_END "-----END " + #define PEM_END_SZ 9 + #define PEM_HDR_FIN "-----" + #define PEM_HDR_FIN_SZ 5 + #define PEM_HDR_FIN_EOL "-----\n" + #define PEM_HDR_FIN_EOL_SZ 6 + + int wolfSSL_PEM_read_bio(WOLFSSL_BIO* bio, char **name, char **header, + unsigned char **data, long *len) + { + int ret = WOLFSSL_SUCCESS; + char pem[256]; + int pemLen; + char* p; + char* nameStr = NULL; + int nameLen = 0; + char* headerStr = NULL; + int headerLen; + int headerFound = 0; + unsigned char* der = NULL; + word32 derLen; + + if (bio == NULL || name == NULL || header == NULL || data == NULL || + len == NULL) { + return WOLFSSL_FAILURE; + } + + /* Find header line. */ + pem[sizeof(pem) - 1] = '\0'; + while ((pemLen = wolfSSL_BIO_gets(bio, pem, sizeof(pem) - 1)) > 0) { + if (XSTRNCMP(pem, PEM_BEGIN, PEM_BEGIN_SZ) == 0) + break; + } + if (pemLen <= 0) + ret = WOLFSSL_FAILURE; + /* Have a header line. */ + if (ret == WOLFSSL_SUCCESS) { + while (pem[pemLen - 1] == '\r' || pem[pemLen - 1] == '\n') + pemLen--; + pem[pemLen] = '\0'; + if (XSTRNCMP(pem + pemLen - PEM_HDR_FIN_SZ, PEM_HDR_FIN, + PEM_HDR_FIN_SZ) != 0) { + ret = WOLFSSL_FAILURE; + } + } + + /* Get out name. */ + if (ret == WOLFSSL_SUCCESS) { + nameLen = pemLen - PEM_BEGIN_SZ - PEM_HDR_FIN_SZ; + nameStr = (char*)XMALLOC(nameLen + 1, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (nameStr == NULL) + ret = WOLFSSL_FAILURE; + } + if (ret == WOLFSSL_SUCCESS) { + XSTRNCPY(nameStr, pem + PEM_BEGIN_SZ, nameLen); + nameStr[nameLen] = '\0'; + } + + /* Get header of PEM - encryption header. */ + if (ret == WOLFSSL_SUCCESS) { + headerLen = 0; + while ((pemLen = wolfSSL_BIO_gets(bio, pem, sizeof(pem) - 1)) > 0) { + while (pemLen > 0 && (pem[pemLen - 1] == '\r' || + pem[pemLen - 1] == '\n')) { + pemLen--; + } + pem[pemLen++] = '\n'; + pem[pemLen] = '\0'; + + /* Header separator is a blank line. */ + if (pem[0] == '\n') { + headerFound = 1; + break; + } + + /* Didn't find a blank line - no header. */ + if (XSTRNCMP(pem, PEM_END, PEM_END_SZ) == 0) { + der = (unsigned char*)headerStr; + derLen = headerLen; + /* Empty header - empty string. */ + headerStr = (char*)XMALLOC(1, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (headerStr == NULL) + ret = WOLFSSL_FAILURE; + else + headerStr[0] = '\0'; + break; + } + + p = (char*)XREALLOC(headerStr, headerLen + pemLen + 1, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (p == NULL) { + ret = WOLFSSL_FAILURE; + break; + } + + headerStr = p; + XMEMCPY(headerStr + headerLen, pem, pemLen + 1); + headerLen += pemLen; + } + if (pemLen <= 0) + ret = WOLFSSL_FAILURE; + } + + /* Get body of PEM - if there was a header */ + if (ret == WOLFSSL_SUCCESS && headerFound) { + derLen = 0; + while ((pemLen = wolfSSL_BIO_gets(bio, pem, sizeof(pem) - 1)) > 0) { + while (pemLen > 0 && (pem[pemLen - 1] == '\r' || + pem[pemLen - 1] == '\n')) { + pemLen--; + } + pem[pemLen++] = '\n'; + pem[pemLen] = '\0'; + + if (XSTRNCMP(pem, PEM_END, PEM_END_SZ) == 0) + break; + + p = (char*)XREALLOC(der, derLen + pemLen + 1, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (p == NULL) { + ret = WOLFSSL_FAILURE; + break; + } + + der = (unsigned char*)p; + XMEMCPY(der + derLen, pem, pemLen + 1); + derLen += pemLen; + } + if (pemLen <= 0) + ret = WOLFSSL_FAILURE; + } + + /* Check trailer. */ + if (ret == WOLFSSL_SUCCESS) { + if (XSTRNCMP(pem + PEM_END_SZ, nameStr, nameLen) != 0) + ret = WOLFSSL_FAILURE; + } + if (ret == WOLFSSL_SUCCESS) { + if (XSTRNCMP(pem + PEM_END_SZ + nameLen, PEM_HDR_FIN_EOL, + PEM_HDR_FIN_EOL_SZ) != 0) { + ret = WOLFSSL_FAILURE; + } + } + + /* Base64 decode body. */ + if (ret == WOLFSSL_SUCCESS) { + if (Base64_Decode(der, derLen, der, &derLen) != 0) + ret = WOLFSSL_FAILURE; + } + + if (ret == WOLFSSL_SUCCESS) { + *name = nameStr; + *header = headerStr; + *data = der; + *len = derLen; + nameStr = NULL; + headerStr = NULL; + der = NULL; + } + + if (nameStr != NULL) + XFREE(nameStr, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (headerStr != NULL) + XFREE(headerStr, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (der != NULL) + XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + return ret; + } + + int wolfSSL_PEM_write_bio(WOLFSSL_BIO* bio, const char *name, + const char *header, const unsigned char *data, + long len) + { + int err = 0; + int outSz = 0; + int nameLen; + int headerLen; + byte* pem = NULL; + word32 pemLen; + word32 derLen = (word32)len; + + if (bio == NULL || name == NULL || header == NULL || data == NULL) + return 0; + + nameLen = (int)XSTRLEN(name); + headerLen = (int)XSTRLEN(header); + + pemLen = (derLen + 2) / 3 * 4; + pemLen += (pemLen + 63) / 64; + + pem = (byte*)XMALLOC(pemLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); + err = pem == NULL; + if (!err) + err = Base64_Encode(data, derLen, pem, &pemLen) != 0; + + if (!err) { + err = wolfSSL_BIO_write(bio, PEM_BEGIN, PEM_BEGIN_SZ) != + (int)PEM_BEGIN_SZ; + } + if (!err) + err = wolfSSL_BIO_write(bio, name, nameLen) != nameLen; + if (!err) { + err = wolfSSL_BIO_write(bio, PEM_HDR_FIN_EOL, PEM_HDR_FIN_EOL_SZ) != + (int)PEM_HDR_FIN_EOL_SZ; + } + if (!err && headerLen > 0) { + err = wolfSSL_BIO_write(bio, header, headerLen) != headerLen; + /* Blank line after a header and before body. */ + if (!err) + err = wolfSSL_BIO_write(bio, "\n", 1) != 1; + headerLen++; + } + if (!err) + err = wolfSSL_BIO_write(bio, pem, pemLen) != (int)pemLen; + if (!err) + err = wolfSSL_BIO_write(bio, PEM_END, PEM_END_SZ) != + (int)PEM_END_SZ; + if (!err) + err = wolfSSL_BIO_write(bio, name, nameLen) != nameLen; + if (!err) { + err = wolfSSL_BIO_write(bio, PEM_HDR_FIN_EOL, PEM_HDR_FIN_EOL_SZ) != + (int)PEM_HDR_FIN_EOL_SZ; + } + + if (!err) { + outSz = PEM_BEGIN_SZ + nameLen + PEM_HDR_FIN_EOL_SZ + headerLen + + pemLen + PEM_END_SZ + nameLen + PEM_HDR_FIN_EOL_SZ; + } + + if (pem != NULL) + XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + return outSz; + } + +#if !defined(NO_FILESYSTEM) + int wolfSSL_PEM_read(XFILE fp, char **name, char **header, + unsigned char **data, long *len) + { + int ret; + WOLFSSL_BIO* bio; + + if (name == NULL || header == NULL || data == NULL || len == NULL) + return WOLFSSL_FAILURE; + + bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file()); + if (bio == NULL) + return 0; + + if (wolfSSL_BIO_set_fp(bio, fp, BIO_NOCLOSE) != WOLFSSL_SUCCESS) { + wolfSSL_BIO_free(bio); + bio = NULL; + } + + ret = wolfSSL_PEM_read_bio(bio, name, header, data, len); + + if (bio != NULL) + wolfSSL_BIO_free(bio); + + return ret; + } + + int wolfSSL_PEM_write(XFILE fp, const char *name, const char *header, + const unsigned char *data, long len) + { + int ret; + WOLFSSL_BIO* bio; + + if (name == NULL || header == NULL || data == NULL) + return 0; + + bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file()); + if (bio == NULL) + return 0; + + if (wolfSSL_BIO_set_fp(bio, fp, BIO_NOCLOSE) != WOLFSSL_SUCCESS) { + wolfSSL_BIO_free(bio); + bio = NULL; + } + + ret = wolfSSL_PEM_write_bio(bio, name, header, data, len); + + if (bio != NULL) + wolfSSL_BIO_free(bio); + + return ret; + } +#endif + + int wolfSSL_PEM_get_EVP_CIPHER_INFO(char* header, EncryptedInfo* cipher) + { + if (header == NULL || cipher == NULL) + return WOLFSSL_FAILURE; + + XMEMSET(cipher, 0, sizeof(*cipher)); + + if (wc_EncryptedInfoParse(cipher, &header, XSTRLEN(header)) != 0) + return WOLFSSL_FAILURE; + + return WOLFSSL_SUCCESS; + } + + int wolfSSL_PEM_do_header(EncryptedInfo* cipher, unsigned char* data, + long* len, pem_password_cb* callback, void* ctx) + { + int ret = WOLFSSL_SUCCESS; + char password[NAME_SZ]; + int passwordSz; + + if (cipher == NULL || data == NULL || len == NULL || callback == NULL) + return WOLFSSL_FAILURE; + + passwordSz = callback(password, sizeof(password), PEM_PASS_READ, ctx); + if (passwordSz < 0) + ret = WOLFSSL_FAILURE; + + if (ret == WOLFSSL_SUCCESS) { + if (wc_BufferKeyDecrypt(cipher, data, (word32)*len, (byte*)password, + passwordSz, WC_MD5) != 0) { + ret = WOLFSSL_FAILURE; + } + } + + if (passwordSz > 0) + XMEMSET(password, 0, passwordSz); + + return ret; + } + /* * bp : bio to read X509 from * x : x509 to write to @@ -29845,6 +30275,193 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) return ne; } + static int RebuildFullNameAdd(DecodedName* dName, char* data) + { + int totalLen = 0; + int i; + char* fullName; + int idx; + + if (dName->cnLen != 0) + totalLen += dName->cnLen + 4; + if (dName->snLen != 0) + totalLen += dName->snLen + 4; + if (dName->cLen != 0) + totalLen += dName->cLen + 3; + if (dName->lLen != 0) + totalLen += dName->lLen + 3; + if (dName->stLen != 0) + totalLen += dName->stLen + 4; + if (dName->oLen != 0) + totalLen += dName->oLen + 3; + if (dName->ouLen != 0) + totalLen += dName->ouLen + 4; + if (dName->emailLen != 0) + totalLen += dName->emailLen + 14; + if (dName->uidLen != 0) + totalLen += dName->uidLen + 5; + if (dName->serialLen != 0) + totalLen += dName->serialLen + 14; + if (dName->dcNum != 0) { + for (i = 0; i < dName->dcNum; i++) + totalLen += dName->dcLen[i] + 4; + } + + fullName = (char*)XMALLOC(totalLen + 1, NULL, DYNAMIC_TYPE_X509); + if (fullName == NULL) + return MEMORY_E; + + idx = 0; + dName->entryCount = 0; + if (dName->cnLen != 0) { + dName->entryCount++; + XMEMCPY(fullName + idx, WOLFSSL_COMMON_NAME, 4); + idx += 4; + if (dName->cnIdx == -1) + XMEMCPY(fullName + idx, data, dName->cnLen); + else { + XMEMCPY(fullName + idx, dName->fullName + dName->cnIdx, + dName->cnLen); + } + dName->cnIdx = idx; + idx += dName->cnLen; + } + if (dName->snLen != 0) { + dName->entryCount++; + XMEMCPY(fullName + idx, WOLFSSL_SUR_NAME, 4); + idx += 4; + if (dName->snIdx == -1) + XMEMCPY(fullName + idx, data, dName->snLen); + else { + XMEMCPY(fullName + idx, dName->fullName + dName->snIdx, + dName->snLen); + } + dName->snIdx = idx; + idx += dName->snLen; + } + if (dName->cLen != 0) { + dName->entryCount++; + XMEMCPY(fullName + idx, WOLFSSL_COUNTRY_NAME, 3); + idx += 3; + if (dName->cIdx == -1) + XMEMCPY(fullName + idx, data, dName->cLen); + else { + XMEMCPY(fullName + idx, dName->fullName + dName->cIdx, + dName->cLen); + } + dName->cIdx = idx; + idx += dName->cLen; + } + if (dName->lLen != 0) { + dName->entryCount++; + XMEMCPY(fullName + idx, WOLFSSL_LOCALITY_NAME, 3); + idx += 3; + if (dName->lIdx == -1) + XMEMCPY(fullName + idx, data, dName->lLen); + else { + XMEMCPY(fullName + idx, dName->fullName + dName->lIdx, + dName->lLen); + } + dName->lIdx = idx; + idx += dName->lLen; + } + if (dName->stLen != 0) { + dName->entryCount++; + XMEMCPY(fullName + idx, WOLFSSL_STATE_NAME, 4); + idx += 4; + if (dName->stIdx == -1) + XMEMCPY(fullName + idx, data, dName->stLen); + else { + XMEMCPY(fullName + idx, dName->fullName + dName->stIdx, + dName->stLen); + } + dName->stIdx = idx; + idx += dName->stLen; + } + if (dName->oLen != 0) { + dName->entryCount++; + XMEMCPY(fullName + idx, WOLFSSL_ORG_NAME, 3); + idx += 3; + if (dName->oIdx == -1) + XMEMCPY(fullName + idx, data, dName->oLen); + else { + XMEMCPY(fullName + idx, dName->fullName + dName->oIdx, + dName->oLen); + } + dName->oIdx = idx; + idx += dName->oLen; + } + if (dName->ouLen != 0) { + dName->entryCount++; + XMEMCPY(fullName + idx, WOLFSSL_ORGUNIT_NAME, 4); + idx += 4; + if (dName->ouIdx == -1) + XMEMCPY(fullName + idx, data, dName->ouLen); + else { + XMEMCPY(fullName + idx, dName->fullName + dName->ouIdx, + dName->ouLen); + } + dName->ouIdx = idx; + idx += dName->ouLen; + } + if (dName->emailLen != 0) { + dName->entryCount++; + XMEMCPY(fullName + idx, "/emailAddress=", 14); + idx += 14; + if (dName->emailIdx == -1) + XMEMCPY(fullName + idx, data, dName->emailLen); + else { + XMEMCPY(fullName + idx, dName->fullName + dName->emailIdx, + dName->emailLen); + } + dName->emailIdx = idx; + idx += dName->emailLen; + } + if (dName->dcNum != 0) { + for (i = 0; i < dName->dcNum; i++) { + dName->entryCount++; + XMEMCPY(fullName + idx, WOLFSSL_DOMAIN_COMPONENT, 4); + idx += 4; + XMEMCPY(fullName + idx, dName->fullName + dName->dcIdx[i], + dName->dcLen[i]); + dName->dcIdx[i] = idx; + idx += dName->dcLen[i]; + } + } + if (dName->uidLen != 0) { + dName->entryCount++; + XMEMCPY(fullName + idx, "/UID=", 5); + idx += 5; + if (dName->uidIdx == -1) + XMEMCPY(fullName + idx, data, dName->uidLen); + else { + XMEMCPY(fullName + idx, dName->fullName + dName->uidIdx, + dName->uidLen); + } + dName->uidIdx = idx; + idx += dName->uidLen; + } + if (dName->serialLen != 0) { + dName->entryCount++; + XMEMCPY(fullName + idx, WOLFSSL_SERIAL_NUMBER, 14); + idx += 14; + if (dName->serialIdx == -1) + XMEMCPY(fullName + idx, data, dName->serialLen); + else { + XMEMCPY(fullName + idx, dName->fullName + dName->serialIdx, + dName->serialLen); + } + dName->serialIdx = idx; + idx += dName->serialLen; + } + + if (dName->fullName != NULL) + XFREE(dName->fullName, NULL, DYNAMIC_TYPE_X509); + dName->fullName = fullName; + dName->fullNameLen = idx; + + return 0; + } /* Copies entry into name. With it being copied freeing entry becomes the * callers responsibility. @@ -29853,45 +30470,369 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) WOLFSSL_X509_NAME_ENTRY* entry, int idx, int set) { int i; + int fullName = 1; WOLFSSL_ENTER("wolfSSL_X509_NAME_add_entry()"); - for (i = 0; i < MAX_NAME_ENTRIES; i++) { - if (name->extra[i].set != 1) { /* not set so overwrited */ - WOLFSSL_X509_NAME_ENTRY* current = &(name->extra[i]); - WOLFSSL_ASN1_STRING* str; - - WOLFSSL_MSG("Found place for name entry"); - - XMEMCPY(current, entry, sizeof(WOLFSSL_X509_NAME_ENTRY)); - str = entry->value; - XMEMCPY(&(current->data), str, sizeof(WOLFSSL_ASN1_STRING)); - current->value = &(current->data); - current->data.data = (char*)XMALLOC(str->length, - name->x509->heap, DYNAMIC_TYPE_OPENSSL); - - if (current->data.data == NULL) { - return SSL_FAILURE; - } - XMEMCPY(current->data.data, str->data, str->length); - - /* make sure is null terminated */ - current->data.data[str->length - 1] = '\0'; - - current->set = 1; /* make sure now listed as set */ + switch (entry->nid) { + case ASN_COMMON_NAME: + name->fullName.cnIdx = -1; + name->fullName.cnLen = entry->value->length; + name->fullName.cnNid = entry->nid; + break; + case ASN_SUR_NAME: + name->fullName.snIdx = -1; + name->fullName.snLen = entry->value->length; + name->fullName.snNid = entry->nid; + break; + case ASN_SERIAL_NUMBER: + name->fullName.serialIdx = -1; + name->fullName.serialLen = entry->value->length; + name->fullName.serialNid = entry->nid; + break; + case ASN_COUNTRY_NAME: + name->fullName.cIdx = -1; + name->fullName.cLen = entry->value->length; + name->fullName.cNid = entry->nid; + break; + case ASN_LOCALITY_NAME: + name->fullName.lIdx = -1; + name->fullName.lLen = entry->value->length; + name->fullName.lNid = entry->nid; + break; + case ASN_STATE_NAME: + name->fullName.stIdx = -1; + name->fullName.stLen = entry->value->length; + name->fullName.stNid = entry->nid; + break; + case ASN_ORG_NAME: + name->fullName.oIdx = -1; + name->fullName.oLen = entry->value->length; + name->fullName.oNid = entry->nid; + break; + case ASN_ORGUNIT_NAME: + name->fullName.ouIdx = -1; + name->fullName.ouLen = entry->value->length; + name->fullName.ouNid = entry->nid; + break; + case NID_emailAddress: + name->fullName.emailIdx = -1; + name->fullName.emailLen = entry->value->length; + name->fullName.emailNid = entry->nid; + break; + case ASN_USER_ID: + name->fullName.uidIdx = -1; + name->fullName.uidLen = entry->value->length; + name->fullName.uidNid = entry->nid; + break; + case ASN_DOMAIN_COMPONENT: + name->fullName.dcIdx[0] = -1; + name->fullName.dcLen[0] = entry->value->length; + break; + default: + fullName = 0; break; - } } - if (i == MAX_NAME_ENTRIES) { - WOLFSSL_MSG("No spot found for name entry"); - return SSL_FAILURE; + if (fullName) { + if (RebuildFullNameAdd(&name->fullName, entry->value->data) != 0) + return WOLFSSL_FAILURE; + } + else { + for (i = 0; i < MAX_NAME_ENTRIES; i++) { + if (name->extra[i].set != 1) { /* not set so overwrited */ + WOLFSSL_X509_NAME_ENTRY* current = &(name->extra[i]); + WOLFSSL_ASN1_STRING* str; + + WOLFSSL_MSG("Found place for name entry"); + + XMEMCPY(current, entry, sizeof(WOLFSSL_X509_NAME_ENTRY)); + str = entry->value; + XMEMCPY(&(current->data), str, sizeof(WOLFSSL_ASN1_STRING)); + current->value = &(current->data); + current->data.data = (char*)XMALLOC(str->length, + name->x509->heap, DYNAMIC_TYPE_OPENSSL); + + if (current->data.data == NULL) { + return SSL_FAILURE; + } + XMEMCPY(current->data.data, str->data, str->length); + + /* make sure is null terminated */ + current->data.data[str->length - 1] = '\0'; + + current->set = 1; /* make sure now listed as set */ + break; + } + } + + if (i == MAX_NAME_ENTRIES) { + WOLFSSL_MSG("No spot found for name entry"); + return SSL_FAILURE; + } } (void)idx; (void)set; return SSL_SUCCESS; } + + typedef struct WOLFSSL_ObjectInfo { + int nid; + int id; + word32 type; + const char* sName; + } WOLFSSL_ObjectInfo; + + static WOLFSSL_ObjectInfo wolfssl_object_info[] = { + /* oidHashType */ + #ifdef WOLFSSL_MD2 + { NID_md2, MD2h, oidHashType, "md2" }, + #endif + #ifdef WOLFSSL_MD5 + { NID_md5, MD5h, oidHashType, "md5" }, + #endif + #ifndef NO_SHA + { NID_sha1, SHAh, oidHashType, "sha" }, + #endif + #ifdef WOLFSSL_SHA224 + { NID_sha224, SHA224h, oidHashType, "sha224" }, + #endif + #ifndef NO_SHA256 + { NID_sha256, SHA256h, oidHashType, "sha256" }, + #endif + #ifdef WOLFSSL_SHA384 + { NID_sha384, SHA384h, oidHashType, "sha384" }, + #endif + #ifdef WOLFSSL_SHA512 + { NID_sha512, SHA512h, oidHashType, "sha512" }, + #endif + + /* oidSigType */ + #ifndef NO_DSA + #ifndef NO_SHA + { CTC_SHAwDSA, CTC_SHAwDSA, oidSigType, "shaWithDSA" }, + #endif + #endif /* NO_DSA */ + #ifndef NO_RSA + #ifdef WOLFSSL_MD2 + { CTC_MD2wRSA, CTC_MD2wRSA, oidSigType, "md2WithRSA" }, + #endif + #ifndef NO_MD5 + { CTC_MD5wRSA, CTC_MD5wRSA, oidSigType, "md5WithRSA" }, + #endif + #ifndef NO_SHA + { CTC_SHAwRSA, CTC_SHAwRSA, oidSigType, "shaWithRSA" }, + #endif + #ifdef WOLFSSL_SHA224 + { CTC_SHA224wRSA, CTC_SHA224wRSA, oidSigType, "sha224WithRSA" }, + #endif + #ifndef NO_SHA256 + { CTC_SHA256wRSA, CTC_SHA256wRSA, oidSigType, "sha256WithRSA" }, + #endif + #ifdef WOLFSSL_SHA384 + { CTC_SHA384wRSA, CTC_SHA384wRSA, oidSigType, "sha384WithRSA" }, + #endif + #ifdef WOLFSSL_SHA512 + { CTC_SHA512wRSA, CTC_SHA512wRSA, oidSigType, "sha512WithRSA" }, + #endif + #endif /* NO_RSA */ + #ifdef HAVE_ECC + #ifndef NO_SHA + { CTC_SHAwECDSA, CTC_SHAwECDSA, oidSigType, "shaWithECDSA" }, + #endif + #ifdef WOLFSSL_SHA224 + { CTC_SHA224wECDSA, CTC_SHA224wECDSA, oidSigType, "sha224WithECDSA" }, + #endif + #ifndef NO_SHA256 + { CTC_SHA256wECDSA, CTC_SHA256wECDSA, oidSigType, "sha256WithECDSA" }, + #endif + #ifdef WOLFSSL_SHA384 + { CTC_SHA384wECDSA, CTC_SHA384wECDSA, oidSigType, "sha384WithECDSA" }, + #endif + #ifdef WOLFSSL_SHA512 + { CTC_SHA512wECDSA, CTC_SHA512wECDSA, oidSigType, "sha512WithECDSA" }, + #endif + #endif /* HAVE_ECC */ + + /* oidKeyType */ + #ifndef NO_DSA + { DSAk, DSAk, oidKeyType, "DSA key" }, + #endif /* NO_DSA */ + #ifndef NO_RSA + { RSAk, RSAk, oidKeyType, "RSA key" }, + #endif /* NO_RSA */ + #ifdef HAVE_NTRU + { NTRUk, NTRUk, oidKeyType, "NTRU key" }, + #endif /* HAVE_NTRU */ + #ifdef HAVE_ECC + { ECDSAk, ECDSAk, oidKeyType, "ECDSA key" }, + #endif /* HAVE_ECC */ + + /* oidBlkType */ + #ifdef WOLFSSL_AES_128 + { AES128CBCb, AES128CBCb, oidBlkType, "AES-128-CBC" }, + #endif + #ifdef WOLFSSL_AES_192 + { AES192CBCb, AES192CBCb, oidBlkType, "AES-192-CBC" }, + #endif + #ifdef WOLFSSL_AES_256 + { AES256CBCb, AES256CBCb, oidBlkType, "AES-256-CBC" }, + #endif + #ifndef NO_DES3 + { NID_des, DESb, oidBlkType, "DES-CBC" }, + { NID_des3, DES3b, oidBlkType, "DES3-CBC" }, + #endif /* !NO_DES3 */ + + /* oidOcspType */ + #ifdef HAVE_OCSP + { NID_id_pkix_OCSP_basic, OCSP_BASIC_OID, oidOcspType, "OCSP_basic" }, + { OCSP_NONCE_OID, OCSP_NONCE_OID, oidOcspType, "OCSP_nonce" }, + #endif /* HAVE_OCSP */ + + #ifndef NO_CERT + /* oidCertExtType */ + { BASIC_CA_OID, BASIC_CA_OID, oidCertExtType, "X509 basic ca" }, + { ALT_NAMES_OID, ALT_NAMES_OID, oidCertExtType, "X509 alt names" }, + { CRL_DIST_OID, CRL_DIST_OID, oidCertExtType, "X509 crl" }, + { AUTH_INFO_OID, AUTH_INFO_OID, oidCertExtType, "X509 auth info" }, + { AUTH_KEY_OID, AUTH_KEY_OID, oidCertExtType, "X509 auth key" }, + { SUBJ_KEY_OID, SUBJ_KEY_OID, oidCertExtType, "X509 subject key" }, + { KEY_USAGE_OID, KEY_USAGE_OID, oidCertExtType, "X509 key usage" }, + { INHIBIT_ANY_OID, INHIBIT_ANY_OID, oidCertExtType, + "X509 inhibit any" }, + { NID_ext_key_usage, KEY_USAGE_OID, oidCertExtType, + "X509 ext key usage" }, + { NID_name_constraints, NAME_CONS_OID, oidCertExtType, + "X509 name constraints" }, + { NID_certificate_policies, CERT_POLICY_OID, oidCertExtType, + "X509 certificate policies" }, + + /* oidCertAuthInfoType */ + { AIA_OCSP_OID, AIA_OCSP_OID, oidCertAuthInfoType, "Cert Auth OCSP" }, + { AIA_CA_ISSUER_OID, AIA_CA_ISSUER_OID, oidCertAuthInfoType, + "Cert Auth CA Issuer" }, + + /* oidCertPolicyType */ + { NID_any_policy, CP_ANY_OID, oidCertPolicyType, "Cert any policy" }, + + /* oidCertAltNameType */ + { NID_hw_name_oid, HW_NAME_OID, oidCertAltNameType, "Hardware name" }, + + /* oidCertKeyUseType */ + { NID_anyExtendedKeyUsage, EKU_ANY_OID, oidCertKeyUseType, + "Cert any extended key" }, + { EKU_SERVER_AUTH_OID, EKU_SERVER_AUTH_OID, oidCertKeyUseType, + "Cert server auth key" }, + { EKU_CLIENT_AUTH_OID, EKU_CLIENT_AUTH_OID, oidCertKeyUseType, + "Cert client auth key" }, + { EKU_OCSP_SIGN_OID, EKU_OCSP_SIGN_OID, oidCertKeyUseType, + "Cert OCSP sign key" }, + + /* oidCertNameType */ + { NID_commonName, NID_commonName, oidCertNameType, "commonName" }, + { NID_surname, NID_surname, oidCertNameType, "surname" }, + { NID_serialNumber, NID_serialNumber, oidCertNameType, "serialNumber" }, + { NID_countryName, NID_countryName, oidCertNameType, "countryName" }, + { NID_localityName, NID_localityName, oidCertNameType, "localityName" }, + { NID_stateOrProvinceName, NID_stateOrProvinceName, oidCertNameType, + "stateOrProvinceName" }, + { NID_organizationName, NID_organizationName, oidCertNameType, + "organizationName" }, + { NID_organizationalUnitName, NID_organizationalUnitName, + oidCertNameType, "organizationalUnitName" }, + { NID_emailAddress, NID_emailAddress, oidCertNameType, "emailAddress" }, + #endif + + #ifndef NO_PWDBASED + /* oidKdfType */ + { PBKDF2_OID, PBKDF2_OID, oidKdfType, "PBKDFv2" }, + + /* oidPBEType */ + { PBE_SHA1_RC4_128, PBE_SHA1_RC4_128, oidPBEType, + "PBE shaWithRC4-128" }, + { PBE_SHA1_DES, PBE_SHA1_DES, oidPBEType, "PBE shaWithDES" }, + { PBE_SHA1_DES3, PBE_SHA1_DES3, oidPBEType, "PBE shaWithDES3" }, + #endif + + /* oidKeyWrapType */ + #ifdef WOLFSSL_AES_128 + { AES128_WRAP, AES128_WRAP, oidKeyWrapType, "AES-128 wrap" }, + #endif + #ifdef WOLFSSL_AES_192 + { AES192_WRAP, AES192_WRAP, oidKeyWrapType, "AES-192 wrap" }, + #endif + #ifdef WOLFSSL_AES_256 + { AES256_WRAP, AES256_WRAP, oidKeyWrapType, "AES-256 wrap" }, + #endif + + #ifndef NO_PKCS7 + #ifndef NO_DH + /* oidCmsKeyAgreeType */ + #ifndef NO_SHA + { dhSinglePass_stdDH_sha1kdf_scheme, dhSinglePass_stdDH_sha1kdf_scheme, + oidCmsKeyAgreeType, "DH-SHA kdf" }, + #endif + #ifdef WOLFSSL_SHA224 + { dhSinglePass_stdDH_sha224kdf_scheme, + dhSinglePass_stdDH_sha224kdf_scheme, oidCmsKeyAgreeType, + "DH-SHA224 kdf" }, + #endif + #ifndef NO_SHA256 + { dhSinglePass_stdDH_sha256kdf_scheme, + dhSinglePass_stdDH_sha256kdf_scheme, oidCmsKeyAgreeType, + "DH-SHA256 kdf" }, + #endif + #ifdef WOLFSSL_SHA384 + { dhSinglePass_stdDH_sha384kdf_scheme, + dhSinglePass_stdDH_sha384kdf_scheme, oidCmsKeyAgreeType, + "DH-SHA384 kdf" }, + #endif + #ifdef WOLFSSL_SHA512 + { dhSinglePass_stdDH_sha512kdf_scheme, + dhSinglePass_stdDH_sha512kdf_scheme, oidCmsKeyAgreeType, + "DH-SHA512 kdf" }, + #endif + #endif + #endif + }; + + #define WOLFSSL_OBJECT_INFO_SZ \ + (sizeof(wolfssl_object_info) / sizeof(*wolfssl_object_info)) + + int wolfSSL_X509_NAME_add_entry_by_txt(WOLFSSL_X509_NAME *name, + const char *field, int type, + const unsigned char *bytes, int len, + int loc, int set) + { + int ret; + int i; + WOLFSSL_X509_NAME_ENTRY* entry; + size_t fieldSz; + + (void)type; + + if (name == NULL || field == NULL) + return WOLFSSL_FAILURE; + + fieldSz = XSTRLEN(field); + for (i = 0; i < (int)WOLFSSL_OBJECT_INFO_SZ; i++) { + if (XSTRNCMP(field, wolfssl_object_info[i].sName, fieldSz) == 0) + break; + } + + if (i == WOLFSSL_OBJECT_INFO_SZ) + return WOLFSSL_FAILURE; + + entry = wolfSSL_X509_NAME_ENTRY_create_by_NID(NULL, + wolfssl_object_info[i].nid, type, (unsigned char*)bytes, len); + if (entry == NULL) + return WOLFSSL_FAILURE; + + ret = wolfSSL_X509_NAME_add_entry(name, entry, loc, set); + wolfSSL_X509_NAME_ENTRY_free(entry); + return ret; + } #endif /* ifndef NO_CERTS */ @@ -29906,6 +30847,7 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) return wolfSSL_OBJ_nid2obj_ex(id, NULL); } + WOLFSSL_LOCAL WOLFSSL_ASN1_OBJECT* wolfSSL_OBJ_nid2obj_ex(int id, WOLFSSL_ASN1_OBJECT* arg_obj) { @@ -29915,402 +30857,22 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) WOLFSSL_ASN1_OBJECT* obj = arg_obj; byte objBuf[MAX_OID_SZ + MAX_LENGTH_SZ + 1]; /* +1 for object tag */ word32 objSz = 0; - const char* sName; + const char* sName = NULL; + int i; WOLFSSL_ENTER("wolfSSL_OBJ_nid2obj()"); - /* get OID type */ - switch (id) { - /* oidHashType */ - #ifdef WOLFSSL_MD2 - case NID_md2: - id = MD2h; - type = oidHashType; - sName = "md2"; + for (i = 0; i < (int)WOLFSSL_OBJECT_INFO_SZ; i++) { + if (wolfssl_object_info[i].nid == id) { + id = wolfssl_object_info[i].id; + sName = wolfssl_object_info[i].sName; + type = wolfssl_object_info[i].type; break; - #endif - #ifndef NO_MD5 - case NID_md5: - id = MD5h; - type = oidHashType; - sName = "md5"; - break; - #endif - #ifndef NO_SHA - case NID_sha1: - id = SHAh; - type = oidHashType; - sName = "sha"; - break; - #endif - case NID_sha224: - id = SHA224h; - type = oidHashType; - sName = "sha224"; - break; - #ifndef NO_SHA256 - case NID_sha256: - id = SHA256h; - type = oidHashType; - sName = "sha256"; - break; - #endif - #ifdef WOLFSSL_SHA384 - case NID_sha384: - id = SHA384h; - type = oidHashType; - sName = "sha384"; - break; - #endif - #ifdef WOLFSSL_SHA512 - case NID_sha512: - id = SHA512h; - type = oidHashType; - sName = "sha512"; - break; - #endif - - /* oidSigType */ - #ifndef NO_DSA - case CTC_SHAwDSA: - sName = "shaWithDSA"; - type = oidSigType; - break; - - #endif /* NO_DSA */ - #ifndef NO_RSA - case CTC_MD2wRSA: - sName = "md2WithRSA"; - type = oidSigType; - break; - - #ifndef NO_MD5 - case CTC_MD5wRSA: - sName = "md5WithRSA"; - type = oidSigType; - break; - #endif - - case CTC_SHAwRSA: - sName = "shaWithRSA"; - type = oidSigType; - break; - - #ifdef WOLFSSL_SHA224 - case CTC_SHA224wRSA: - sName = "sha224WithRSA"; - type = oidSigType; - break; - #endif - - #ifndef NO_SHA256 - case CTC_SHA256wRSA: - sName = "sha256WithRSA"; - type = oidSigType; - break; - #endif - - #ifdef WOLFSSL_SHA384 - case CTC_SHA384wRSA: - sName = "sha384WithRSA"; - type = oidSigType; - break; - #endif - - #ifdef WOLFSSL_SHA512 - case CTC_SHA512wRSA: - sName = "sha512WithRSA"; - type = oidSigType; - break; - #endif - #endif /* NO_RSA */ - #ifdef HAVE_ECC - case CTC_SHAwECDSA: - sName = "shaWithECDSA"; - type = oidSigType; - break; - - case CTC_SHA224wECDSA: - sName = "sha224WithECDSA"; - type = oidSigType; - break; - - case CTC_SHA256wECDSA: - sName = "sha256WithECDSA"; - type = oidSigType; - break; - - case CTC_SHA384wECDSA: - sName = "sha384WithECDSA"; - type = oidSigType; - break; - - case CTC_SHA512wECDSA: - sName = "sha512WithECDSA"; - type = oidSigType; - break; - #endif /* HAVE_ECC */ - - /* oidKeyType */ - #ifndef NO_DSA - case DSAk: - sName = "DSA key"; - type = oidKeyType; - break; - #endif /* NO_DSA */ - #ifndef NO_RSA - case RSAk: - sName = "RSA key"; - type = oidKeyType; - break; - #endif /* NO_RSA */ - #ifdef HAVE_NTRU - case NTRUk: - sName = "NTRU key"; - type = oidKeyType; - break; - #endif /* HAVE_NTRU */ - #ifdef HAVE_ECC - case ECDSAk: - sName = "ECDSA key"; - type = oidKeyType; - break; - #endif /* HAVE_ECC */ - - /* oidBlkType */ - #ifdef WOLFSSL_AES_128 - case AES128CBCb: - sName = "AES-128-CBC"; - type = oidBlkType; - break; - #endif - #ifdef WOLFSSL_AES_192 - case AES192CBCb: - sName = "AES-192-CBC"; - type = oidBlkType; - break; - #endif - - #ifdef WOLFSSL_AES_256 - case AES256CBCb: - sName = "AES-256-CBC"; - type = oidBlkType; - break; - #endif - - #ifndef NO_DES3 - case NID_des: - id = DESb; - sName = "DES-CBC"; - type = oidBlkType; - break; - - case NID_des3: - id = DES3b; - sName = "DES3-CBC"; - type = oidBlkType; - break; - #endif /* !NO_DES3 */ - - #ifdef HAVE_OCSP - case NID_id_pkix_OCSP_basic: - id = OCSP_BASIC_OID; - sName = "OCSP_basic"; - type = oidOcspType; - break; - - case OCSP_NONCE_OID: - sName = "OCSP_nonce"; - type = oidOcspType; - break; - #endif /* HAVE_OCSP */ - - /* oidCertExtType */ - case BASIC_CA_OID: - sName = "X509 basic ca"; - type = oidCertExtType; - break; - - case ALT_NAMES_OID: - sName = "X509 alt names"; - type = oidCertExtType; - break; - - case CRL_DIST_OID: - sName = "X509 crl"; - type = oidCertExtType; - break; - - case AUTH_INFO_OID: - sName = "X509 auth info"; - type = oidCertExtType; - break; - - case AUTH_KEY_OID: - sName = "X509 auth key"; - type = oidCertExtType; - break; - - case SUBJ_KEY_OID: - sName = "X509 subject key"; - type = oidCertExtType; - break; - - case KEY_USAGE_OID: - sName = "X509 key usage"; - type = oidCertExtType; - break; - - case INHIBIT_ANY_OID: - id = INHIBIT_ANY_OID; - sName = "X509 inhibit any"; - type = oidCertExtType; - break; - - case NID_ext_key_usage: - id = KEY_USAGE_OID; - sName = "X509 ext key usage"; - type = oidCertExtType; - break; - - case NID_name_constraints: - id = NAME_CONS_OID; - sName = "X509 name constraints"; - type = oidCertExtType; - break; - - case NID_certificate_policies: - id = CERT_POLICY_OID; - sName = "X509 certificate policies"; - type = oidCertExtType; - break; - - /* oidCertAuthInfoType */ - case AIA_OCSP_OID: - sName = "Cert Auth OCSP"; - type = oidCertAuthInfoType; - break; - - case AIA_CA_ISSUER_OID: - sName = "Cert Auth CA Issuer"; - type = oidCertAuthInfoType; - break; - - /* oidCertPolicyType */ - case NID_any_policy: - id = CP_ANY_OID; - sName = "Cert any policy"; - type = oidCertPolicyType; - break; - - /* oidCertAltNameType */ - case NID_hw_name_oid: - id = HW_NAME_OID; - sName = "Hardware name"; - type = oidCertAltNameType; - break; - - /* oidCertKeyUseType */ - case NID_anyExtendedKeyUsage: - id = EKU_ANY_OID; - sName = "Cert any extended key"; - type = oidCertKeyUseType; - break; - - case EKU_SERVER_AUTH_OID: - sName = "Cert server auth key"; - type = oidCertKeyUseType; - break; - - case EKU_CLIENT_AUTH_OID: - sName = "Cert client auth key"; - type = oidCertKeyUseType; - break; - - case EKU_OCSP_SIGN_OID: - sName = "Cert OCSP sign key"; - type = oidCertKeyUseType; - break; - - /* oidKdfType */ - case PBKDF2_OID: - sName = "PBKDFv2"; - type = oidKdfType; - break; - - /* oidPBEType */ - case PBE_SHA1_RC4_128: - sName = "PBE shaWithRC4-128"; - type = oidPBEType; - break; - - case PBE_SHA1_DES: - sName = "PBE shaWithDES"; - type = oidPBEType; - break; - - case PBE_SHA1_DES3: - sName = "PBE shaWithDES3"; - type = oidPBEType; - break; - - /* oidKeyWrapType */ - #ifdef WOLFSSL_AES_128 - case AES128_WRAP: - sName = "AES-128 wrap"; - type = oidKeyWrapType; - break; - #endif - - #ifdef WOLFSSL_AES_192 - case AES192_WRAP: - sName = "AES-192 wrap"; - type = oidKeyWrapType; - break; - #endif - - #ifdef WOLFSSL_AES_256 - case AES256_WRAP: - sName = "AES-256 wrap"; - type = oidKeyWrapType; - break; - #endif - - /* oidCmsKeyAgreeType */ - #ifndef NO_SHA - case dhSinglePass_stdDH_sha1kdf_scheme: - sName = "DH-SHA kdf"; - type = oidCmsKeyAgreeType; - break; - #endif - #ifdef WOLFSSL_SHA224 - case dhSinglePass_stdDH_sha224kdf_scheme: - sName = "DH-SHA224 kdf"; - type = oidCmsKeyAgreeType; - break; - #endif - #ifndef NO_SHA256 - case dhSinglePass_stdDH_sha256kdf_scheme: - sName = "DH-SHA256 kdf"; - type = oidCmsKeyAgreeType; - break; - - #endif - #ifdef WOLFSSL_SHA384 - case dhSinglePass_stdDH_sha384kdf_scheme: - sName = "DH-SHA384 kdf"; - type = oidCmsKeyAgreeType; - break; - #endif - #ifdef WOLFSSL_SHA512 - case dhSinglePass_stdDH_sha512kdf_scheme: - sName = "DH-SHA512 kdf"; - type = oidCmsKeyAgreeType; - break; - #endif - default: - WOLFSSL_MSG("NID not in table"); - return NULL; + } + } + if (i == (int)WOLFSSL_OBJECT_INFO_SZ) { + WOLFSSL_MSG("NID not in table"); + return NULL; } #ifdef HAVE_ECC @@ -30347,9 +30909,11 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) XMEMCPY(objBuf + objSz, oid, oidSz); objSz += oidSz; obj->objSz = objSz; - if(((obj->dynamic & WOLFSSL_ASN1_DYNAMIC) != 0) || - (((obj->dynamic & WOLFSSL_ASN1_DYNAMIC) == 0) && (obj->obj == NULL))) { - obj->obj = (byte*)XMALLOC(obj->objSz, NULL, DYNAMIC_TYPE_ASN1); + if(((obj->dynamic & WOLFSSL_ASN1_DYNAMIC_DATA) != 0) || + (((obj->dynamic & WOLFSSL_ASN1_DYNAMIC_DATA) == 0) && + (obj->obj == NULL))) { + obj->obj = (byte*)XREALLOC((byte*)obj->obj, obj->objSz, NULL, + DYNAMIC_TYPE_ASN1); if (obj->obj == NULL) { wolfSSL_ASN1_OBJECT_free(obj); return NULL; @@ -30721,31 +31285,10 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) } #endif - /* Gets the NID value that corresponds with the ASN1 object. - * - * o ASN1 object to get NID of - * - * Return NID on success and a negative value on failure - */ - int wolfSSL_OBJ_obj2nid(const WOLFSSL_ASN1_OBJECT *o) { - word32 oid = 0; - word32 idx = 0; - int id; - - WOLFSSL_ENTER("wolfSSL_OBJ_obj2nid"); - - if (o == NULL) { - return -1; - } - if (o->nid > 0) - return o->nid; - if ((id = GetObjectId(o->obj, &idx, &oid, o->grp, o->objSz)) < 0) { - WOLFSSL_MSG("Issue getting OID of object"); - return -1; - } - + static int oid2nid(word32 oid, int grp) + { /* get OID type */ - switch (o->grp) { + switch (grp) { /* oidHashType */ case oidHashType: switch (oid) { @@ -31011,6 +31554,32 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) return -1; } + /* Gets the NID value that corresponds with the ASN1 object. + * + * o ASN1 object to get NID of + * + * Return NID on success and a negative value on failure + */ + int wolfSSL_OBJ_obj2nid(const WOLFSSL_ASN1_OBJECT *o) + { + word32 oid = 0; + word32 idx = 0; + int id; + + WOLFSSL_ENTER("wolfSSL_OBJ_obj2nid"); + + if (o == NULL) { + return -1; + } + if (o->nid > 0) + return o->nid; + if ((id = GetObjectId(o->obj, &idx, &oid, o->grp, o->objSz)) < 0) { + WOLFSSL_MSG("Issue getting OID of object"); + return -1; + } + + return oid2nid(oid, o->grp); + } #ifndef NO_WOLFSSL_STUB char * wolfSSL_OBJ_nid2ln(int n) @@ -31066,14 +31635,12 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) static WOLFSSL_X509_NAME *get_nameByLoc( WOLFSSL_X509_NAME *name, int loc) { - if ((loc < 0) || (loc >= name->fullName.entryCount)) - return NULL; - switch (loc) { case 0: name->cnEntry.value->length = name->fullName.cnLen; name->cnEntry.value->data = &name->fullName.fullName[name->fullName.cnIdx]; + name->cnEntry.nid = name->fullName.cnNid; break; case 1: name->cnEntry.value->length = name->fullName.cLen; @@ -31123,6 +31690,8 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) default: return NULL; } + if (name->cnEntry.value->length == 0) + return NULL; name->cnEntry.value->type = CTC_UTF8; return name; } @@ -31131,22 +31700,18 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry( WOLFSSL_X509_NAME *name, int loc) { - int maxLoc; - WOLFSSL_ENTER("wolfSSL_X509_NAME_get_entry"); if (name == NULL) { return NULL; } - maxLoc = name->fullName.fullNameLen; - - if (loc < 0 || loc > maxLoc) { + if (loc < 0 || loc > 9 + name->fullName.dcNum) { WOLFSSL_MSG("Bad argument"); return NULL; } - if ((loc >= 0) && (loc < name->fullName.entryCount)){ + if (loc >= 0 && loc <= 9){ if (get_nameByLoc(name, loc) != NULL) return &name->cnEntry; } @@ -31168,7 +31733,7 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) name->cnEntry.set = 1; /* common name index case */ - } else if (loc == name->fullName.cnIdx) { + } else if (loc == name->fullName.cnIdx && name->x509 != NULL) { /* get CN shortcut from x509 since it has null terminator */ name->cnEntry.data.data = name->x509->subjectCN; name->cnEntry.data.length = name->fullName.cnLen; @@ -31176,6 +31741,8 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) name->cnEntry.nid = ASN_COMMON_NAME; name->cnEntry.set = 1; } + else + return NULL; return &name->cnEntry; } @@ -32231,7 +32798,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_EVP(WOLFSSL_EVP_PKEY** out, WOLFSSL_ENTER("wolfSSL_d2i_PrivateKey_EVP()"); - if (in == NULL || inSz < 0) { + if (in == NULL || *in == NULL || inSz < 0) { WOLFSSL_MSG("Bad argument"); return NULL; } @@ -32496,7 +33063,6 @@ int wolfSSL_sk_X509_NAME_num(const WOLF_STACK_OF(WOLFSSL_X509_NAME) *s) return (int)s->num; } - int wolfSSL_sk_X509_num(const WOLF_STACK_OF(WOLFSSL_X509) *s) { WOLFSSL_ENTER("wolfSSL_sk_X509_num"); @@ -34494,7 +35060,8 @@ int wolfSSL_X509_CA_num(WOLFSSL_X509_STORE* store) } #endif /* !NO_CERTS */ -long wolfSSL_X509_get_version(const WOLFSSL_X509 *x509){ +long wolfSSL_X509_get_version(const WOLFSSL_X509 *x509) +{ int version = 0; WOLFSSL_ENTER("wolfSSL_X509_get_version"); @@ -34509,4 +35076,754 @@ long wolfSSL_X509_get_version(const WOLFSSL_X509 *x509){ return 0L; } + +int wolfSSL_X509_get_signature_nid(const WOLFSSL_X509 *x) +{ + if (x == NULL) + return 0; + + return oid2nid(x->sigOID, oidSigType); +} #endif /* OPENSSL_EXTRA */ + +#if defined(OPENSSL_ALL) +int wolfSSL_EVP_PKEY_assign_RSA(EVP_PKEY* pkey, WOLFSSL_RSA* key) +{ + if (pkey == NULL || key == NULL) + return WOLFSSL_FAILURE; + + pkey->type = EVP_PKEY_RSA; + pkey->rsa = key; + pkey->ownRsa = 1; + + return WOLFSSL_SUCCESS; +} + +int wolfSSL_EVP_PKEY_assign_EC_KEY(EVP_PKEY* pkey, WOLFSSL_EC_KEY* key) +{ + if (pkey == NULL || key == NULL) + return WOLFSSL_FAILURE; + + pkey->type = EVP_PKEY_EC; + pkey->ecc = key; + pkey->ownEcc = 1; + + return WOLFSSL_SUCCESS; +} +#endif + +#if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) +PKCS7* wolfSSL_PKCS7_new(void) +{ + WOLFSSL_PKCS7* pkcs7; + int ret = 0; + + pkcs7 = (WOLFSSL_PKCS7*)XMALLOC(sizeof(*pkcs7), NULL, DYNAMIC_TYPE_PKCS7); + if (pkcs7 != NULL) { + XMEMSET(pkcs7, 0, sizeof(*pkcs7)); + ret = wc_PKCS7_Init(&pkcs7->pkcs7, NULL, INVALID_DEVID); + } + + if (ret != 0 && pkcs7 != NULL) + XFREE(pkcs7, NULL, DYNAMIC_TYPE_PKCS7); + + return (PKCS7*)pkcs7; +} + +void wolfSSL_PKCS7_free(PKCS7* pkcs7) +{ + WOLFSSL_PKCS7* p7 = (WOLFSSL_PKCS7*)pkcs7; + + if (p7 != NULL) { + if (p7->data != NULL) + XFREE(p7->data, NULL, DYNAMIC_TYPE_PKCS7); + wc_PKCS7_Free(&p7->pkcs7); + XFREE(p7, NULL, DYNAMIC_TYPE_PKCS7); + } +} + +PKCS7* wolfSSL_d2i_PKCS7(PKCS7** p7, const unsigned char** in, int len) +{ + WOLFSSL_PKCS7* pkcs7 = NULL; + word32 idx = 0; + + if (in == NULL) + return NULL; + + if ((pkcs7 = (WOLFSSL_PKCS7*)wolfSSL_PKCS7_new()) == NULL) + return NULL; + + if (GetSequence(*in, &idx, &pkcs7->len, len) < 0) { + wolfSSL_PKCS7_free((PKCS7*)pkcs7); + return NULL; + } + pkcs7->len += idx; + + pkcs7->data = (byte*)XMALLOC(pkcs7->len, NULL, DYNAMIC_TYPE_PKCS7); + if (pkcs7->data == NULL) { + wolfSSL_PKCS7_free((PKCS7*)pkcs7); + return NULL; + } + XMEMCPY(pkcs7->data, *in, pkcs7->len); + *in += pkcs7->len; + + if (p7 != NULL) + *p7 = (PKCS7*)pkcs7; + return (PKCS7*)pkcs7; +} + +PKCS7* wolfSSL_d2i_PKCS7_bio(WOLFSSL_BIO* bio, PKCS7** p7) +{ + WOLFSSL_PKCS7* pkcs7; + + if (bio == NULL) + return NULL; + + if ((pkcs7 = (WOLFSSL_PKCS7*)wolfSSL_PKCS7_new()) == NULL) + return NULL; + + pkcs7->len = wolfSSL_BIO_pending(bio); + pkcs7->data = (byte*)XMALLOC(pkcs7->len, NULL, DYNAMIC_TYPE_PKCS7); + if (pkcs7->data == NULL) { + wolfSSL_PKCS7_free((PKCS7*)pkcs7); + return NULL; + } + + if (wolfSSL_BIO_read(bio, pkcs7->data, pkcs7->len) != pkcs7->len) { + wolfSSL_PKCS7_free((PKCS7*)pkcs7); + return NULL; + } + + if (p7 != NULL) + *p7 = (PKCS7*)pkcs7; + return (PKCS7*)pkcs7; +} + +int wolfSSL_PKCS7_verify(PKCS7* pkcs7, WOLFSSL_STACK* certs, + WOLFSSL_X509_STORE* store, WOLFSSL_BIO* in, + WOLFSSL_BIO* out, int flags) +{ + int ret = 0; + unsigned char* mem = NULL; + int memSz = 0; + WOLFSSL_PKCS7* p7 = (WOLFSSL_PKCS7*)pkcs7; + + if (pkcs7 == NULL) + return WOLFSSL_FAILURE; + + if (in != NULL) { + if ((memSz = wolfSSL_BIO_get_mem_data(in, &mem)) < 0) + return WOLFSSL_FAILURE; + + p7->pkcs7.content = mem; + p7->pkcs7.contentSz = memSz; + } + if (ret != 0) + return WOLFSSL_FAILURE; + + /* certs is the list of certificates to find the cert with issuer/serial. */ + (void)certs; + /* store is the certificate store to use to verify signer certificate + * associated with the signers. + */ + (void)store; + + ret = wc_PKCS7_VerifySignedData_ex(&p7->pkcs7, NULL, 0, p7->data, p7->len, + NULL, 0); + if (ret != 0) + return WOLFSSL_FAILURE; + + if ((flags & PKCS7_NOVERIFY) != PKCS7_NOVERIFY) { + /* All signer certificates are verified. */ + return WOLFSSL_FAILURE; + } + + if (out != NULL) + wolfSSL_BIO_write(out, p7->pkcs7.content, p7->pkcs7.contentSz); + + return WOLFSSL_SUCCESS; +} + +WOLFSSL_STACK* wolfSSL_PKCS7_get0_signers(PKCS7* pkcs7, WOLFSSL_STACK* certs, + int flags) +{ + WOLFSSL_STACK* signers = NULL; + WOLFSSL_PKCS7* p7 = (WOLFSSL_PKCS7*)pkcs7; + + if (p7 == NULL) + return NULL; + /* Only PKCS#7 messages with a single cert that is the verifying certificate + * is supported. + */ + if ((flags | PKCS7_NOINTERN) == PKCS7_NOINTERN) + return NULL; + + signers = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK), NULL, + DYNAMIC_TYPE_X509); + if (signers == NULL) + return NULL; + + signers->num = 1; + signers->data.x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL, + DYNAMIC_TYPE_X509); + if (signers->data.x509 == NULL) { + XFREE(signers, NULL, DYNAMIC_TYPE_X509); + return NULL; + } + + if (DecodeToX509(signers->data.x509, p7->pkcs7.singleCert, + p7->pkcs7.singleCertSz) != 0) { + XFREE(signers->data.x509, NULL, DYNAMIC_TYPE_X509); + XFREE(signers, NULL, DYNAMIC_TYPE_X509); + return NULL; + } + + (void)certs; + + return signers; +} +#endif + +#ifdef OPENSSL_ALL +WOLFSSL_STACK* wolfSSL_sk_X509_new(void) +{ + WOLFSSL_STACK* s = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK), NULL, + DYNAMIC_TYPE_X509); + if (s != NULL) + XMEMSET(s, 0, sizeof(*s)); + + return s; +} +#endif + +#ifdef OPENSSL_ALL +int wolfSSL_PEM_write_bio_PKCS8PrivateKey(WOLFSSL_BIO* bio, + WOLFSSL_EVP_PKEY* pkey, + const WOLFSSL_EVP_CIPHER* enc, + char* passwd, int passwdSz, + pem_password_cb* cb, void* ctx) +{ + int ret = 0; + char password[NAME_SZ]; + byte* key = NULL; + word32 keySz; + byte* pem = NULL; + int pemSz; + int type = PKCS8_PRIVATEKEY_TYPE; + int algId; + const byte* curveOid; + word32 oidSz; + int encAlgId; + + if (bio == NULL || pkey == NULL) + ret = -1; + + keySz = pkey->pkey_sz + 128; + key = (byte*)XMALLOC(keySz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (key == NULL) + ret = MEMORY_E; + + if (ret == 0 && enc != NULL && passwd == NULL) { + passwdSz = cb(password, sizeof(password), 1, ctx); + if (passwdSz < 0) + ret = WOLFSSL_FAILURE; + passwd = password; + } + + if (ret == 0 && enc != NULL) { + WC_RNG rng; + ret = wc_InitRng(&rng); + if (ret == 0) { + #ifndef NO_DES3 + if (enc == EVP_DES_CBC) + encAlgId = DESb; + else if (enc == EVP_DES_EDE3_CBC) + encAlgId = DES3b; + else + #endif + #if !defined(NO_AES) && defined(HAVE_AES_CBC) + #ifdef WOLFSSL_AES_256 + if (enc == EVP_AES_256_CBC) + encAlgId = AES256CBCb; + else + #endif + #endif + ret = -1; + if (ret == 0) { + ret = TraditionalEnc((byte*)pkey->pkey.ptr, pkey->pkey_sz, key, + &keySz, passwd, passwdSz, PKCS5, PBES2, + encAlgId, NULL, 0, WC_PKCS12_ITT_DEFAULT, + &rng, NULL); + if (ret > 0) { + keySz = ret; + ret = 0; + } + } + wc_FreeRng(&rng); + } + type = PKCS8_ENC_PRIVATEKEY_TYPE; + } + if (ret == 0 && enc == NULL) { + type = PKCS8_PRIVATEKEY_TYPE; + if (pkey->type == EVP_PKEY_EC) { + algId = ECDSAk; + ret = wc_ecc_get_oid(pkey->ecc->group->curve_oid, &curveOid, + &oidSz); + } + else { + algId = RSAk; + curveOid = NULL; + oidSz = 0; + } + + if (ret >= 0) { + ret = wc_CreatePKCS8Key(key, &keySz, (byte*)pkey->pkey.ptr, + pkey->pkey_sz, algId, curveOid, oidSz); + keySz = ret; + } + } + + if (password == passwd) + XMEMSET(password, 0, passwdSz); + + if (ret >= 0) { + pemSz = 2 * keySz + 2 * 64; + pem = (byte*)XMALLOC(pemSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (pem == NULL) + ret = MEMORY_E; + } + + if (ret >= 0) + ret = wc_DerToPemEx(key, keySz, pem, pemSz, NULL, type); + + if (key != NULL) + XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + if (ret >= 0) { + if (wolfSSL_BIO_write(bio, pem, ret) != ret) + ret = -1; + } + + if (pem != NULL) + XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + return ret < 0 ? 0 : ret; + +} + +static int bio_get_data(WOLFSSL_BIO* bio, byte** data) +{ + int ret = 0; + byte* mem = NULL; +#ifndef NO_FILESYSTEM + long memSz; + XFILE file; + long curr; +#endif + + if ((ret = wolfSSL_BIO_pending(bio)) > 0) { + } +#ifndef NO_FILESYSTEM + else if (bio->type == WOLFSSL_BIO_FILE) { + if (wolfSSL_BIO_get_fp(bio, &file) != WOLFSSL_SUCCESS) + ret = BAD_FUNC_ARG; + if (ret == 0) { + curr = XFTELL(file); + if (XFSEEK(file, 0, XSEEK_END) != 0) + ret = WOLFSSL_BAD_FILE; + } + if (ret == 0) { + memSz = XFTELL(file) - curr; + ret = (int)memSz; + if (XFSEEK(file, curr, SEEK_SET) != 0) + ret = WOLFSSL_BAD_FILE; + } + } +#endif + + if (ret > 0) { + mem = (byte*)XMALLOC(ret, bio->heap, DYNAMIC_TYPE_OPENSSL); + if (mem == NULL) { + WOLFSSL_MSG("Memory error"); + ret = MEMORY_E; + } + if (ret >= 0) { + if ((ret = wolfSSL_BIO_read(bio, mem, ret)) <= 0) { + XFREE(mem, bio->heap, DYNAMIC_TYPE_OPENSSL); + ret = MEMORY_E; + } + } + } + + *data = mem; + return ret; +} + +/* DER data is PKCS#8 encrypted. */ +WOLFSSL_EVP_PKEY* wolfSSL_d2i_PKCS8PrivateKey_bio(WOLFSSL_BIO* bio, + WOLFSSL_EVP_PKEY** pkey, + pem_password_cb* cb, + void* ctx) +{ + int ret; + byte* der; + int len; + byte* p; + char password[NAME_SZ]; + int passwordSz; + word32 algId; + WOLFSSL_EVP_PKEY* key; + + if ((len = bio_get_data(bio, &der)) < 0) + return NULL; + + if (cb != NULL) { + passwordSz = cb(password, sizeof(password), PEM_PASS_READ, ctx); + if (passwordSz < 0) + return NULL; + + ret = ToTraditionalEnc(der, len, password, passwordSz, &algId); + if (ret < 0) + return NULL; + XMEMSET(password, 0, passwordSz); + } + + p = der; + key = wolfSSL_d2i_PrivateKey_EVP(pkey, &p, len); + XFREE(der, bio->heap, DYNAMIC_TYPE_OPENSSL); + return key; +} + +/* Detect which type of key it is before decoding. */ +WOLFSSL_EVP_PKEY* wolfSSL_d2i_AutoPrivateKey(WOLFSSL_EVP_PKEY** pkey, + const unsigned char** pp, + long length) +{ + int ret; + WOLFSSL_EVP_PKEY* key = NULL; + const byte* der = *pp; + word32 idx = 0; + int len = 0; + word32 end = 0; + int cnt = 0; + int type; + word32 algId; + word32 keyLen = (word32)length; + + /* Take off PKCS#8 wrapper if found. */ + if ((len = ToTraditionalInline(der, &idx, keyLen, &algId)) >= 0) { + der += idx; + keyLen = len; + } + idx = 0; + len = 0; + + /* Use the number of elements in the outer sequence to determine key type. + */ + ret = GetSequence(der, &idx, &len, keyLen); + if (ret >= 0) { + end = idx + len; + while (ret >= 0 && idx < end) { + /* Skip type */ + idx++; + /* Get length and skip over - keeping count */ + len = 0; + ret = GetLength(der, &idx, &len, keyLen); + if (ret >= 0) { + if (idx + len > end) + ret = ASN_PARSE_E; + else { + idx += len; + cnt++; + } + } + } + } + + if (ret >= 0) { + /* ECC includes version, private[, curve][, public key] */ + if (cnt >= 2 && cnt <= 4) + type = EVP_PKEY_EC; + else + type = EVP_PKEY_RSA; + + key = wolfSSL_d2i_PrivateKey(type, pkey, &der, keyLen); + *pp = der; + } + + return key; +} +#endif + +#if defined(OPENSSL_ALL) && !defined(NO_CERT) && defined(WOLFSSL_CERT_GEN) && \ + defined(WOLFSSL_CERT_REQ) +int wolfSSL_i2d_X509_REQ(WOLFSSL_X509* req, unsigned char** out) +{ + const unsigned char* der; + int derSz = 0; + + if (req == NULL || out == NULL) { + return BAD_FUNC_ARG; + } + + der = wolfSSL_X509_get_der(req, &derSz); + if (der == NULL) { + return MEMORY_E; + } + + if (*out == NULL) { + *out = (unsigned char*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_OPENSSL); + if (*out == NULL) { + return MEMORY_E; + } + } + + XMEMCPY(*out, der, derSz); + + return derSz; +} + +int wolfSSL_X509_set_subject_name(WOLFSSL_X509 *cert, WOLFSSL_X509_NAME *name) +{ + int i; + WOLFSSL_X509_NAME_ENTRY* ne; + + if (cert == NULL || name == NULL) + return WOLFSSL_FAILURE; + + FreeX509Name(&cert->subject, cert->heap); + InitX509Name(&cert->subject, 0); + if (name->dynamicName) { + cert->subject.name = (char*)XMALLOC(name->sz, cert->heap, + DYNAMIC_TYPE_SUBJECT_CN); + if (cert->subject.name == NULL) + return WOLFSSL_FAILURE; + } + XMEMCPY(cert->subject.name, name->name, name->sz); + cert->subject.sz = name->sz; + + for (i = 0; i < 10; i++) { + ne = wolfSSL_X509_NAME_get_entry(name, i); + if (ne != NULL) + wolfSSL_X509_NAME_add_entry(&cert->subject, ne, i, 1); + } + cert->subject.x509 = cert; + + return WOLFSSL_SUCCESS; +} + +int wolfSSL_X509_set_pubkey(WOLFSSL_X509 *cert, WOLFSSL_EVP_PKEY *pkey) +{ + byte* p; + + if (cert == NULL || pkey == NULL) + return WOLFSSL_FAILURE; + + if (pkey->type == EVP_PKEY_RSA) + cert->pubKeyOID = RSAk; + else if (pkey->type == EVP_PKEY_EC) + cert->pubKeyOID = ECDSAk; + else + return WOLFSSL_FAILURE; + + p = (byte*)XMALLOC(pkey->pkey_sz, cert->heap, DYNAMIC_TYPE_PUBLIC_KEY); + if (p == NULL) + return WOLFSSL_FAILURE; + + if (cert->pubKey.buffer != NULL) + XFREE(cert->pubKey.buffer, cert->heap, DYNAMIC_TYPE_PUBLIC_KEY); + cert->pubKey.buffer = p; + XMEMCPY(cert->pubKey.buffer, pkey->pkey.ptr, pkey->pkey_sz); + cert->pubKey.length = pkey->pkey_sz; + + return WOLFSSL_SUCCESS; +} + + +WOLFSSL_X509* wolfSSL_X509_REQ_new(void) +{ + return wolfSSL_X509_new(); +} + +void wolfSSL_X509_REQ_free(WOLFSSL_X509* req) +{ + wolfSSL_X509_free(req); +} + + +static int ReqCertFromX509(Cert* cert, WOLFSSL_X509* req) +{ + int ret; + + ret = CopyX509NameToCertName(&req->subject, &cert->subject); + if (ret == WOLFSSL_SUCCESS) { + cert->version = req->version; + cert->isCA = req->isCa; + if (req->subjKeyIdSz != 0) { + XMEMCPY(cert->skid, req->subjKeyId, req->subjKeyIdSz); + cert->skidSz = req->subjKeyIdSz; + } + if (req->keyUsageSet) + cert->keyUsage = req->keyUsage; + /* Extended Key Usage not supported. */ + } + + return ret; +} + +int wolfSSL_X509_REQ_sign(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey, + const WOLFSSL_EVP_MD *md) +{ + int ret; + Cert cert; + byte der[2048]; + int derSz = sizeof(der); + void* key; + int type; + int sigType; + int hashType; + RsaKey rsa; + ecc_key ecc; + WC_RNG rng; + word32 idx = 0; + + if (req == NULL || pkey == NULL || md == NULL) + return WOLFSSL_FAILURE; + + /* Create a Cert that has the certificate request fields. */ + if (wc_InitCert(&cert) != 0) + return WOLFSSL_FAILURE; + if (ReqCertFromX509(&cert, req) != WOLFSSL_SUCCESS) + return WOLFSSL_FAILURE; + + /* Convert key type and hash algorithm to a signature algorithm */ + if (wolfSSL_EVP_get_hashinfo(md, &hashType, NULL) == WOLFSSL_FAILURE) + return WOLFSSL_FAILURE; + + if (pkey->type == EVP_PKEY_RSA) { + switch (hashType) { + case WC_HASH_TYPE_SHA: + sigType = CTC_SHAwRSA; + break; + case WC_HASH_TYPE_SHA224: + sigType = CTC_SHA224wRSA; + break; + case WC_HASH_TYPE_SHA256: + sigType = CTC_SHA256wRSA; + break; + case WC_HASH_TYPE_SHA384: + sigType = CTC_SHA384wRSA; + break; + case WC_HASH_TYPE_SHA512: + sigType = CTC_SHA512wRSA; + break; + default: + return WOLFSSL_FAILURE; + } + } + else if (pkey->type == EVP_PKEY_EC) { + switch (hashType) { + case WC_HASH_TYPE_SHA: + sigType = CTC_SHAwECDSA; + break; + case WC_HASH_TYPE_SHA224: + sigType = CTC_SHA224wECDSA; + break; + case WC_HASH_TYPE_SHA256: + sigType = CTC_SHA256wECDSA; + break; + case WC_HASH_TYPE_SHA384: + sigType = CTC_SHA384wECDSA; + break; + case WC_HASH_TYPE_SHA512: + sigType = CTC_SHA512wECDSA; + break; + default: + return WOLFSSL_FAILURE; + } + } + else + return WOLFSSL_FAILURE; + + /* Create a public key object from requests public key. */ + if (req->pubKeyOID == RSAk) { + type = RSA_TYPE; + ret = wc_InitRsaKey(&rsa, req->heap); + if (ret != 0) + return WOLFSSL_FAILURE; + ret = wc_RsaPublicKeyDecode(req->pubKey.buffer, &idx, &rsa, + req->pubKey.length); + if (ret != 0) { + wc_FreeRsaKey(&rsa); + return WOLFSSL_FAILURE; + } + key = (void*)&rsa; + } + else { + type = ECC_TYPE; + ret = wc_ecc_init(&ecc); + if (ret != 0) + return WOLFSSL_FAILURE; + ret = wc_EccPublicKeyDecode(req->pubKey.buffer, &idx, &ecc, + req->pubKey.length); + if (ret != 0) { + wc_ecc_free(&ecc); + return WOLFSSL_FAILURE; + } + key = (void*)&ecc; + } + + /* Make the body of the certificate request. */ + ret = wc_MakeCertReq_ex(&cert, der, derSz, type, key); + if (ret < 0) + return WOLFSSL_FAILURE; + + /* Dispose of the public key object. */ + if (req->pubKeyOID == RSAk) + wc_FreeRsaKey(&rsa); + else + wc_ecc_free(&ecc); + + idx = 0; + /* Get the private key object and type from pkey. */ + if (pkey->type == EVP_PKEY_RSA) { + type = RSA_TYPE; + key = pkey->rsa->internal; + } + else { + type = ECC_TYPE; + key = pkey->ecc->internal; + } + + /* Sign the certificate request body. */ + ret = wc_InitRng(&rng); + if (ret != 0) + return WOLFSSL_FAILURE; + ret = wc_SignCert_ex(cert.bodySz, sigType, der, sizeof(der), type, key, + &rng); + wc_FreeRng(&rng); + if (ret < 0) + return WOLFSSL_FAILURE; + + /* Put in the new certificate request encoding into the request object. */ + FreeDer(&req->derCert); + if (AllocDer(&req->derCert, ret, CERTREQ_TYPE, NULL) != 0) + return WOLFSSL_FAILURE; + XMEMCPY(req->derCert->buffer, der, ret); + req->derCert->length = ret; + + return WOLFSSL_SUCCESS; +} + +int wolfSSL_X509_REQ_set_subject_name(WOLFSSL_X509 *req, + WOLFSSL_X509_NAME *name) +{ + return wolfSSL_X509_set_subject_name(req, name); +} + +int wolfSSL_X509_REQ_set_pubkey(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey) +{ + return wolfSSL_X509_set_pubkey(req, pkey); +} +#endif + diff --git a/tests/api.c b/tests/api.c index 967754cb8..f9af412e4 100644 --- a/tests/api.c +++ b/tests/api.c @@ -316,6 +316,9 @@ #ifdef HAVE_ECC #include #endif +#ifdef HAVE_PKCS7 + #include +#endif #endif /* OPENSSL_EXTRA */ #if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) \ @@ -450,8 +453,10 @@ static int test_wolfCrypt_Init(void) { #if defined(WOLFSSL_TEST_PLATFORMDEPEND) && !defined(NO_FILESYSTEM) const char *fname[] = { - svrCertFile, svrKeyFile, caCertFile, eccCertFile, eccKeyFile, eccRsaCertFile, - cliCertFile, cliCertDerFile, cliKeyFile, ntruCertFile, ntruKeyFile, dhParamFile, + svrCertFile, svrKeyFile, caCertFile, + eccCertFile, eccKeyFile, eccRsaCertFile, + cliCertFile, cliCertDerFile, cliKeyFile, + ntruCertFile, ntruKeyFile, dhParamFile, cliEccKeyFile, cliEccCertFile, caEccCertFile, edCertFile, edKeyFile, cliEdCertFile, cliEdKeyFile, caEdCertFile, NULL @@ -1426,6 +1431,8 @@ static void test_wolfSSL_EC(void) /* NISTP256R1 Gx/Gy */ const char* kGx = "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296"; const char* kGy = "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5"; + const char* uncompG = "046B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C2964FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5"; + const char* compG = "036B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296"; AssertNotNull(ctx = BN_CTX_new()); AssertNotNull(group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)); @@ -1457,7 +1464,7 @@ static void test_wolfSSL_EC(void) /* check if point X coordinate is zero */ AssertIntEQ(BN_is_zero(X), WOLFSSL_FAILURE); - /* check bx2hex */ + /* check bn2hex */ hexStr = BN_bn2hex(k); AssertStrEQ(hexStr, kTest); #ifndef NO_FILESYSTEM @@ -1482,6 +1489,14 @@ static void test_wolfSSL_EC(void) #endif XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC); + hexStr = EC_POINT_point2hex(group, Gxy, POINT_CONVERSION_UNCOMPRESSED, ctx); + AssertStrEQ(hexStr, uncompG); + XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC); + + hexStr = EC_POINT_point2hex(group, Gxy, POINT_CONVERSION_COMPRESSED, ctx); + AssertStrEQ(hexStr, compG); + XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC); + /* cleanup */ BN_free(X); BN_free(Y); @@ -15391,18 +15406,11 @@ static void test_wc_PKCS7_EncodeSignedData_ex(void) } /* END test_wc_PKCS7_EncodeSignedData_ex */ -/* - * Testing wc_PKCS_VerifySignedData() - */ -static void test_wc_PKCS7_VerifySignedData(void) -{ #if defined(HAVE_PKCS7) +static int CreatePKCS7SignedData(unsigned char* output, int outputSz) +{ PKCS7* pkcs7; WC_RNG rng; - byte output[FOURK_BUF]; - byte badOut[0]; - word32 outputSz = (word32)sizeof(output); - word32 badOutSz = (word32)sizeof(badOut); byte data[] = "Test data to encode."; #ifndef NO_RSA @@ -15493,6 +15501,32 @@ static void test_wc_PKCS7_VerifySignedData(void) AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0); + wc_PKCS7_Free(pkcs7); + wc_FreeRng(&rng); + + return outputSz; +} +#endif + +/* + * Testing wc_PKCS_VerifySignedData() + */ +static void test_wc_PKCS7_VerifySignedData(void) +{ +#if defined(HAVE_PKCS7) + PKCS7* pkcs7; + byte output[FOURK_BUF]; + word32 outputSz = sizeof(output); + byte badOut[0]; + word32 badOutSz = (word32)sizeof(badOut); + + AssertIntGT((outputSz = CreatePKCS7SignedData(output, outputSz)), 0); + + AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId)); + AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0); + AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); + AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0); + /* Test bad args. */ AssertIntEQ(wc_PKCS7_VerifySignedData(NULL, output, outputSz), BAD_FUNC_ARG); AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, NULL, outputSz), BAD_FUNC_ARG); @@ -15505,10 +15539,9 @@ static void test_wc_PKCS7_VerifySignedData(void) badOutSz), BAD_FUNC_ARG); #endif - printf(resultFmt, passed); - wc_PKCS7_Free(pkcs7); - wc_FreeRng(&rng); + + printf(resultFmt, passed); #endif } /* END test_wc_PKCS7_VerifySignedData() */ @@ -18874,6 +18907,162 @@ static void test_wolfSSL_PKCS8_Compat(void) #endif } +static void test_wolfSSL_PKCS8_d2i(void) +{ +#ifdef OPENSSL_ALL + WOLFSSL_EVP_PKEY* pkey = NULL; +#ifndef NO_FILESYSTEM + unsigned char pkcs8_buffer[2048]; + const unsigned char* p; + int bytes; + XFILE file; + BIO* bio; + WOLFSSL_EVP_PKEY* evpPkey = NULL; +#endif + #ifndef NO_RSA + #ifndef NO_FILESYSTEM + const char rsaDerPkcs8File[] = "./certs/server-keyPkcs8.der"; + const char rsaPemPkcs8File[] = "./certs/server-keyPkcs8.pem"; +#ifndef NO_DES3 + const char rsaDerPkcs8EncFile[] = "./certs/server-keyPkcs8Enc.der"; +#endif + #endif + #ifdef USE_CERT_BUFFERS_1024 + const unsigned char* rsa = (unsigned char*)server_key_der_1024; + int rsaSz = sizeof_server_key_der_1024; + #else + const unsigned char* rsa = (unsigned char*)server_key_der_2048; + int rsaSz = sizeof_server_key_der_2048; + #endif + #endif + #ifdef HAVE_ECC + const unsigned char* ec = (unsigned char*)ecc_key_der_256; + int ecSz = sizeof_ecc_key_der_256; + #ifndef NO_FILESYSTEM + const char ecDerPkcs8File[] = "certs/ecc-keyPkcs8.der"; + const char ecPemPkcs8File[] = "certs/ecc-keyPkcs8.pem"; +#ifndef NO_DES3 + const char ecDerPkcs8EncFile[] = "certs/ecc-keyPkcs8Enc.der"; +#endif + #endif + #endif + + #ifndef NO_RSA + /* Try to auto-detect normal RSA private key */ + AssertNotNull(pkey = d2i_AutoPrivateKey(NULL, &rsa, rsaSz)); + wolfSSL_EVP_PKEY_free(pkey); + #endif + #ifdef HAVE_ECC + /* Try to auto-detect normal EC private key */ + AssertNotNull(pkey = d2i_AutoPrivateKey(NULL, &ec, ecSz)); + wolfSSL_EVP_PKEY_free(pkey); + #endif + #ifndef NO_FILESYSTEM + #ifndef NO_RSA + /* Get DER encoded RSA PKCS#8 data. */ + file = XFOPEN(rsaDerPkcs8File, "rb"); + AssertTrue(file != XBADFILE); + AssertIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer), + file)), 0); + XFCLOSE(file); + p = pkcs8_buffer; + /* Try to decode - auto-detect key type. */ + AssertNotNull(pkey = d2i_AutoPrivateKey(NULL, &p, bytes)); + /* Get PEM encoded RSA PKCS#8 data. */ + file = XFOPEN(rsaPemPkcs8File, "rb"); + AssertTrue(file != XBADFILE); + AssertIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer), + file)), 0); + XFCLOSE(file); + AssertNotNull(bio = BIO_new(BIO_s_mem())); + /* Write PKCS#8 PEM to BIO. */ + AssertIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL, + NULL), bytes); + /* Compare file and written data */ + AssertIntEQ(wolfSSL_BIO_get_mem_data(bio, &p), bytes); + AssertIntEQ(XMEMCMP(p, pkcs8_buffer, bytes), 0); + BIO_free(bio); +#ifndef NO_DES3 + AssertNotNull(bio = BIO_new(BIO_s_mem())); + /* Write Encrypted PKCS#8 PEM to BIO. */ + bytes = 1834; + AssertIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, EVP_des_ede3_cbc(), + NULL, 0, PasswordCallBack, (void*)"yassl123"), bytes); + AssertNotNull(evpPkey = PEM_read_bio_PrivateKey(bio, NULL, PasswordCallBack, + (void*)"yassl123")); + wolfSSL_EVP_PKEY_free(evpPkey); + BIO_free(bio); +#endif + wolfSSL_EVP_PKEY_free(pkey); + + /* PKCS#8 encrypted RSA key */ +#ifndef NO_DES3 + file = XFOPEN(rsaDerPkcs8EncFile, "rb"); + AssertTrue(file != XBADFILE); + AssertIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer), + file)), 0); + XFCLOSE(file); + AssertNotNull(bio = BIO_new_mem_buf((void*)pkcs8_buffer, bytes)); + AssertNotNull(pkey = d2i_PKCS8PrivateKey_bio(bio, NULL, PasswordCallBack, + (void*)"yassl123")); + wolfSSL_EVP_PKEY_free(pkey); + BIO_free(bio); +#endif + #endif + #ifdef HAVE_ECC + /* PKCS#8 encode EC key */ + file = XFOPEN(ecDerPkcs8File, "rb"); + AssertTrue(file != XBADFILE); + AssertIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer), + file)), 0); + XFCLOSE(file); + p = pkcs8_buffer; + /* Try to decode - auto-detect key type. */ + AssertNotNull(pkey = d2i_AutoPrivateKey(NULL, &p, bytes)); + /* Get PEM encoded RSA PKCS#8 data. */ + file = XFOPEN(ecPemPkcs8File, "rb"); + AssertTrue(file != XBADFILE); + AssertIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer), + file)), 0); + XFCLOSE(file); + AssertNotNull(bio = BIO_new(BIO_s_mem())); + /* Write PKCS#8 PEM to BIO. */ + AssertIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL, + NULL), bytes); + /* Compare file and written data */ + AssertIntEQ(wolfSSL_BIO_get_mem_data(bio, &p), bytes); + AssertIntEQ(XMEMCMP(p, pkcs8_buffer, bytes), 0); + BIO_free(bio); + AssertNotNull(bio = BIO_new(BIO_s_mem())); + /* Write Encrypted PKCS#8 PEM to BIO. */ + bytes = 379; + AssertIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, EVP_aes_256_cbc(), + NULL, 0, PasswordCallBack, (void*)"yassl123"), bytes); + AssertNotNull(evpPkey = PEM_read_bio_PrivateKey(bio, NULL, PasswordCallBack, + (void*)"yassl123")); + wolfSSL_EVP_PKEY_free(evpPkey); + BIO_free(bio); + wolfSSL_EVP_PKEY_free(pkey); + + /* PKCS#8 encrypted EC key */ +#ifndef NO_DES3 + file = XFOPEN(ecDerPkcs8EncFile, "rb"); + AssertTrue(file != XBADFILE); + AssertIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer), + file)), 0); + XFCLOSE(file); + AssertNotNull(bio = BIO_new_mem_buf((void*)pkcs8_buffer, bytes)); + AssertNotNull(pkey = d2i_PKCS8PrivateKey_bio(bio, NULL, PasswordCallBack, + (void*)"yassl123")); + wolfSSL_EVP_PKEY_free(pkey); + BIO_free(bio); +#endif + #endif + #endif + + printf(resultFmt, passed); +#endif +} static void test_wolfSSL_ERR_put_error(void) { @@ -19121,6 +19310,9 @@ static void test_wolfSSL_X509_NAME_ENTRY(void) 0x0c, cn, (int)sizeof(cn))); AssertIntEQ(X509_NAME_add_entry(nm, entry, -1, 0), SSL_SUCCESS); + AssertIntEQ(X509_NAME_add_entry_by_txt(nm, "emailAddress", MBSTRING_UTF8, + (byte*)"support@wolfssl.com", 19, -1, + 1), WOLFSSL_SUCCESS); X509_NAME_ENTRY_free(entry); BIO_free(bio); @@ -21038,6 +21230,196 @@ static void test_wc_ecc_get_curve_id_from_params(void) #endif } +static void test_EVP_PKEY_rsa(void) +{ +#if defined(OPENSSL_ALL) && !defined(NO_RSA) + WOLFSSL_RSA* rsa; + WOLFSSL_EVP_PKEY* pkey; + + AssertNotNull(rsa = wolfSSL_RSA_new()); + AssertNotNull(pkey = wolfSSL_PKEY_new()); + AssertIntEQ(wolfSSL_EVP_PKEY_assign_RSA(NULL, rsa), WOLFSSL_FAILURE); + AssertIntEQ(wolfSSL_EVP_PKEY_assign_RSA(pkey, NULL), WOLFSSL_FAILURE); + AssertIntEQ(wolfSSL_EVP_PKEY_assign_RSA(pkey, rsa), WOLFSSL_SUCCESS); + wolfSSL_EVP_PKEY_free(pkey); + + printf(resultFmt, passed); +#endif +} + +static void test_EVP_PKEY_ec(void) +{ +#if defined(OPENSSL_ALL) && defined(HAVE_ECC) + WOLFSSL_EC_KEY* ecKey; + WOLFSSL_EVP_PKEY* pkey; + + AssertNotNull(ecKey = wolfSSL_EC_KEY_new()); + AssertNotNull(pkey = wolfSSL_PKEY_new()); + AssertIntEQ(wolfSSL_EVP_PKEY_assign_EC_KEY(NULL, ecKey), WOLFSSL_FAILURE); + AssertIntEQ(wolfSSL_EVP_PKEY_assign_EC_KEY(pkey, NULL), WOLFSSL_FAILURE); + AssertIntEQ(wolfSSL_EVP_PKEY_assign_EC_KEY(pkey, ecKey), WOLFSSL_SUCCESS); + wolfSSL_EVP_PKEY_free(pkey); + + printf(resultFmt, passed); +#endif +} + +#if defined(OPENSSL_ALL) && !defined(NO_CERT) +static void free_x509(X509* x) +{ + AssertIntEQ((x == (X509*)1 || x == (X509*)2), 1); +} +#endif + +static void test_sk_X509(void) +{ +#if defined(OPENSSL_ALL) && !defined(NO_CERT) + STACK_OF(X509)* s; + + AssertNotNull(s = sk_X509_new()); + AssertIntEQ(sk_X509_num(s), 0); + sk_X509_free(s); + + AssertNotNull(s = sk_X509_new()); + sk_X509_push(s, (X509*)1); + AssertIntEQ(sk_X509_num(s), 1); + AssertIntEQ((sk_X509_value(s, 0) == (X509*)1), 1); + sk_X509_push(s, (X509*)2); + AssertIntEQ(sk_X509_num(s), 2); + AssertIntEQ((sk_X509_value(s, 0) == (X509*)2), 1); + AssertIntEQ((sk_X509_value(s, 1) == (X509*)1), 1); + sk_X509_push(s, (X509*)2); + sk_X509_pop_free(s, free_x509); + + printf(resultFmt, passed); +#endif +} + +static void test_X509_get_signature_nid(void) +{ +#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) + X509* x509; + + AssertIntEQ(X509_get_signature_nid(NULL), 0); + AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile, + SSL_FILETYPE_PEM)); + AssertIntEQ(X509_get_signature_nid(x509), CTC_SHA256wRSA); + X509_free(x509); + + printf(resultFmt, passed); +#endif +} + +static void test_X509_REQ(void) +{ +#if defined(OPENSSL_ALL) && !defined(NO_CERT) && defined(WOLFSSL_CERT_GEN) && \ + defined(WOLFSSL_CERT_REQ) + X509_NAME* name; +#if !defined(NO_RSA) || defined(HAVE_ECC) + X509_REQ* req; + EVP_PKEY* priv; + EVP_PKEY* pub; + unsigned char* der = NULL; +#endif +#ifndef NO_RSA + #ifdef USE_CERT_BUFFERS_1024 + const unsigned char* rsaPriv = (const unsigned char*)client_key_der_1024; + unsigned char* rsaPub = (unsigned char*)client_keypub_der_1024; + #elif defined(USE_CERT_BUFFERS_2048) + const unsigned char* rsaPriv = (const unsigned char*)client_key_der_2048; + unsigned char* rsaPub = (unsigned char*)client_keypub_der_2048; + #endif +#endif +#ifdef HAVE_ECC + const unsigned char* ecPriv = (const unsigned char*)ecc_clikey_der_256; + unsigned char* ecPub = (unsigned char*)ecc_clikeypub_der_256; + int len; +#endif + + AssertNotNull(name = X509_NAME_new()); + AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, + (byte*)"wolfssl.com", 11, 0, 1), + WOLFSSL_SUCCESS); + AssertIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8, + (byte*)"support@wolfssl.com", 19, -1, + 1), WOLFSSL_SUCCESS); + +#ifndef NO_RSA + AssertNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, &rsaPriv, + (long)sizeof_client_key_der_2048)); + AssertNotNull(pub = wolfSSL_d2i_PUBKEY(NULL, &rsaPub, + (long)sizeof_client_keypub_der_2048)); + AssertNotNull(req = X509_REQ_new()); + AssertIntEQ(X509_REQ_set_subject_name(NULL, name), WOLFSSL_FAILURE); + AssertIntEQ(X509_REQ_set_subject_name(req, NULL), WOLFSSL_FAILURE); + AssertIntEQ(X509_REQ_set_subject_name(req, name), WOLFSSL_SUCCESS); + AssertIntEQ(X509_REQ_set_pubkey(NULL, pub), WOLFSSL_FAILURE); + AssertIntEQ(X509_REQ_set_pubkey(req, NULL), WOLFSSL_FAILURE); + AssertIntEQ(X509_REQ_set_pubkey(req, pub), WOLFSSL_SUCCESS); + AssertIntEQ(X509_REQ_sign(NULL, priv, EVP_sha256()), WOLFSSL_FAILURE); + AssertIntEQ(X509_REQ_sign(req, NULL, EVP_sha256()), WOLFSSL_FAILURE); + AssertIntEQ(X509_REQ_sign(req, priv, NULL), WOLFSSL_FAILURE); + AssertIntEQ(X509_REQ_sign(req, priv, EVP_sha256()), WOLFSSL_SUCCESS); + AssertIntEQ(i2d_X509_REQ(req, &der), 643); + XFREE(der, NULL, DYNAMIC_TYPE_OPENSSL); + der = NULL; + X509_REQ_free(NULL); + X509_REQ_free(req); + EVP_PKEY_free(pub); + EVP_PKEY_free(priv); +#endif +#ifdef HAVE_ECC + AssertNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_EC, NULL, &ecPriv, + sizeof_ecc_clikey_der_256)); + AssertNotNull(pub = wolfSSL_d2i_PUBKEY(NULL, &ecPub, + sizeof_ecc_clikeypub_der_256)); + AssertNotNull(req = X509_REQ_new()); + AssertIntEQ(X509_REQ_set_subject_name(req, name), WOLFSSL_SUCCESS); + AssertIntEQ(X509_REQ_set_pubkey(req, pub), WOLFSSL_SUCCESS); + AssertIntEQ(X509_REQ_sign(req, priv, EVP_sha256()), WOLFSSL_SUCCESS); + /* Signature is random and may be shorter or longer. */ + AssertIntGE((len = i2d_X509_REQ(req, &der)), 245); + AssertIntLE(len, 253); + XFREE(der, NULL, DYNAMIC_TYPE_OPENSSL); + X509_REQ_free(req); + EVP_PKEY_free(pub); + EVP_PKEY_free(priv); + + wc_ecc_fp_free(); +#endif + + X509_NAME_free(name); + + printf(resultFmt, passed); +#endif +} + +static void test_wolfssl_PKCS7(void) +{ +#if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) + PKCS7* pkcs7; + byte data[FOURK_BUF]; + word32 len = sizeof(data); + const byte* p = data; + + AssertIntGT((len = CreatePKCS7SignedData(data, len)), 0); + + AssertNull(pkcs7 = d2i_PKCS7(NULL, NULL, len)); + AssertNull(pkcs7 = d2i_PKCS7(NULL, &p, 0)); + AssertNotNull(pkcs7 = d2i_PKCS7(NULL, &p, len)); + AssertIntEQ(wolfSSL_PKCS7_verify(NULL, NULL, NULL, NULL, NULL, + PKCS7_NOVERIFY), WOLFSSL_FAILURE); + AssertIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, NULL, NULL, + 0), WOLFSSL_FAILURE); + AssertIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, NULL, NULL, + PKCS7_NOVERIFY), WOLFSSL_SUCCESS); + + PKCS7_free(NULL); + PKCS7_free(pkcs7); + + printf(resultFmt, passed); +#endif +} /*----------------------------------------------------------------------------* | Certficate Failure Checks @@ -21885,6 +22267,118 @@ static void test_wolfSSL_PEM_read_X509(void) #endif } +static void test_wolfSSL_PEM_read(void) +{ +#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) + const char* filename = "./certs/server-keyEnc.pem"; + XFILE fp; + char* name = NULL; + char* header = NULL; + byte* data = NULL; + long len; + EVP_CIPHER_INFO cipher; + WOLFSSL_BIO* bio; + byte* fileData; + size_t fileDataSz; + byte* out; + + printf(testingFmt, "wolfSSL_PEM_read"); + fp = XFOPEN(filename, "rb"); + AssertTrue((fp != XBADFILE)); + + /* Fail cases. */ + AssertIntEQ(PEM_read(fp, NULL, &header, &data, &len), WOLFSSL_FAILURE); + AssertIntEQ(PEM_read(fp, &name, NULL, &data, &len), WOLFSSL_FAILURE); + AssertIntEQ(PEM_read(fp, &name, &header, NULL, &len), WOLFSSL_FAILURE); + AssertIntEQ(PEM_read(fp, &name, &header, &data, NULL), WOLFSSL_FAILURE); + + AssertIntEQ(PEM_read(fp, &name, &header, &data, &len), WOLFSSL_SUCCESS); + + AssertIntEQ(XSTRNCMP(name, "RSA PRIVATE KEY", 15), 0); + AssertIntGT(XSTRLEN(header), 0); + AssertIntGT(len, 0); + + AssertIntEQ(XFSEEK(fp, 0, SEEK_END), 0); + AssertIntGT((fileDataSz = XFTELL(fp)), 0); + AssertIntEQ(XFSEEK(fp, 0, SEEK_SET), 0); + AssertNotNull(fileData = (unsigned char*)XMALLOC(fileDataSz, NULL, + DYNAMIC_TYPE_TMP_BUFFER)); + AssertIntEQ(XFREAD(fileData, 1, fileDataSz, fp), fileDataSz); + XFCLOSE(fp); + + AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); + + /* Fail cases. */ + AssertIntEQ(PEM_write_bio(NULL, name, header, data, len), 0); + AssertIntEQ(PEM_write_bio(bio, NULL, header, data, len), 0); + AssertIntEQ(PEM_write_bio(bio, name, NULL, data, len), 0); + AssertIntEQ(PEM_write_bio(bio, name, header, NULL, len), 0); + + AssertIntEQ(PEM_write_bio(bio, name, header, data, len), fileDataSz); + AssertIntEQ(wolfSSL_BIO_get_mem_data(bio, &out), fileDataSz); + AssertIntEQ(XMEMCMP(out, fileData, fileDataSz), 0); + + /* Fail cases. */ + AssertIntEQ(PEM_get_EVP_CIPHER_INFO(NULL, &cipher), WOLFSSL_FAILURE); + AssertIntEQ(PEM_get_EVP_CIPHER_INFO(header, NULL), WOLFSSL_FAILURE); + AssertIntEQ(PEM_get_EVP_CIPHER_INFO((char*)"", &cipher), WOLFSSL_FAILURE); + +#ifndef NO_DES3 + AssertIntEQ(PEM_get_EVP_CIPHER_INFO(header, &cipher), WOLFSSL_SUCCESS); +#endif + + /* Fail cases. */ + AssertIntEQ(PEM_do_header(&cipher, NULL, &len, PasswordCallBack, + (void*)"yassl123"), WOLFSSL_FAILURE); + AssertIntEQ(PEM_do_header(&cipher, data, NULL, PasswordCallBack, + (void*)"yassl123"), WOLFSSL_FAILURE); + AssertIntEQ(PEM_do_header(&cipher, data, &len, NULL, + (void*)"yassl123"), WOLFSSL_FAILURE); + +#ifndef NO_DES3 + AssertIntEQ(PEM_do_header(&cipher, data, &len, PasswordCallBack, + (void*)"yassl123"), WOLFSSL_SUCCESS); +#endif + + BIO_free(bio); + XFREE(fileData, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(name, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(header, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + name = NULL; + header = NULL; + data = NULL; + fp = XFOPEN(svrKeyFile, "rb"); + AssertTrue((fp != XBADFILE)); + AssertIntEQ(PEM_read(fp, &name, &header, &data, &len), WOLFSSL_SUCCESS); + AssertIntEQ(XSTRNCMP(name, "RSA PRIVATE KEY", 15), 0); + AssertIntEQ(XSTRLEN(header), 0); + AssertIntGT(len, 0); + + AssertIntEQ(XFSEEK(fp, 0, SEEK_END), 0); + AssertIntGT((fileDataSz = XFTELL(fp)), 0); + AssertIntEQ(XFSEEK(fp, 0, SEEK_SET), 0); + AssertNotNull(fileData = (unsigned char*)XMALLOC(fileDataSz, NULL, + DYNAMIC_TYPE_TMP_BUFFER)); + AssertIntEQ(XFREAD(fileData, 1, fileDataSz, fp), fileDataSz); + XFCLOSE(fp); + + AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); + AssertIntEQ(PEM_write_bio(bio, name, header, data, len), fileDataSz); + AssertIntEQ(wolfSSL_BIO_get_mem_data(bio, &out), fileDataSz); + AssertIntEQ(XMEMCMP(out, fileData, fileDataSz), 0); + + BIO_free(bio); + XFREE(fileData, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(name, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(header, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + printf(resultFmt, passed); +#endif +} + static void test_wolfSSL_X509_NAME_ENTRY_get_object() { #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) @@ -22330,6 +22824,7 @@ void ApiTest(void) test_wolfSSL_CTX_set_srp_password(); test_wolfSSL_pseudo_rand(); test_wolfSSL_PKCS8_Compat(); + test_wolfSSL_PKCS8_d2i(); test_wolfSSL_ERR_put_error(); test_wolfSSL_HMAC(); test_wolfSSL_OBJ(); @@ -22353,6 +22848,7 @@ void ApiTest(void) test_wolfSSL_X509_get_serialNumber(); test_wolfSSL_X509_CRL(); test_wolfSSL_PEM_read_X509(); + test_wolfSSL_PEM_read(); test_wolfSSL_X509_NAME_ENTRY_get_object(); test_wolfSSL_OpenSSL_add_all_algorithms(); test_wolfSSL_ASN1_STRING_print_ex(); @@ -22374,6 +22870,18 @@ void ApiTest(void) /* test the no op functions for compatibility */ test_no_op_functions(); + /* OpenSSL EVP_PKEY API tests */ + test_EVP_PKEY_rsa(); + test_EVP_PKEY_ec(); + /* OpenSSL sk_X509 API test */ + test_sk_X509(); + /* OpenSSL X509 API test */ + test_X509_get_signature_nid(); + /* OpenSSL X509 REQ API test */ + test_X509_REQ(); + /* OpenSSL PKCS7 API test */ + test_wolfssl_PKCS7(); + /* wolfCrypt ASN tests */ test_wc_GetPkcs8TraditionalOffset(); test_wc_SetSubjectRaw(); diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index d5ed86b37..bfaecf0aa 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -1360,6 +1360,7 @@ static const byte pbkdf2Oid[] = {42, 134, 72, 134, 247, 13, 1, 5, 12}; #if !defined(NO_DES3) && !defined(NO_SHA) static const byte pbeSha1Des[] = {42, 134, 72, 134, 247, 13, 1, 5, 10}; #endif +static const byte pbes2[] = {42, 134, 72, 134, 247, 13, 1, 5, 13}; /* PKCS12 */ #if !defined(NO_RC4) && !defined(NO_SHA) @@ -1808,6 +1809,10 @@ const byte* OidFromId(word32 id, word32 type, word32* oidSz) *oidSz = sizeof(pbeSha1Des3); break; #endif + case PBES2: + oid = pbes2; + *oidSz = sizeof(pbes2); + break; } break; @@ -2262,9 +2267,10 @@ int wc_RsaPrivateKeyDecode(const byte* input, word32* inOutIdx, RsaKey* key, /* Remove PKCS8 header, place inOutIdx at beginning of traditional, * return traditional length on success, negative on error */ -int ToTraditionalInline(const byte* input, word32* inOutIdx, word32 sz) +int ToTraditionalInline(const byte* input, word32* inOutIdx, word32 sz, + word32* algId) { - word32 idx, oid; + word32 idx; int version, length; int ret; @@ -2279,7 +2285,7 @@ int ToTraditionalInline(const byte* input, word32* inOutIdx, word32 sz) if (GetMyVersion(input, &idx, &version, sz) < 0) return ASN_PARSE_E; - if (GetAlgoId(input, &idx, &oid, oidKeyType, sz) < 0) + if (GetAlgoId(input, &idx, algId, oidKeyType, sz) < 0) return ASN_PARSE_E; if (input[idx] == ASN_OBJECT_ID) { @@ -2297,7 +2303,7 @@ int ToTraditionalInline(const byte* input, word32* inOutIdx, word32 sz) } /* Remove PKCS8 header, move beginning of traditional to beginning of input */ -int ToTraditional(byte* input, word32 sz) +int ToTraditional(byte* input, word32 sz, word32* algId) { word32 inOutIdx = 0; int length; @@ -2305,7 +2311,7 @@ int ToTraditional(byte* input, word32 sz) if (input == NULL) return BAD_FUNC_ARG; - length = ToTraditionalInline(input, &inOutIdx, sz); + length = ToTraditionalInline(input, &inOutIdx, sz, algId); if (length < 0) return length; @@ -2322,11 +2328,12 @@ int ToTraditional(byte* input, word32 sz) int wc_GetPkcs8TraditionalOffset(byte* input, word32* inOutIdx, word32 sz) { int length; + word32 algId; if (input == NULL || inOutIdx == NULL || (*inOutIdx > sz)) return BAD_FUNC_ARG; - length = ToTraditionalInline(input, inOutIdx, sz); + length = ToTraditionalInline(input, inOutIdx, sz, &algId); return length; } @@ -2849,7 +2856,7 @@ static int Pkcs8Pad(byte* buf, int sz, int blockSz) * returns the size of encrypted data on success */ int UnTraditionalEnc(byte* key, word32 keySz, byte* out, word32* outSz, - const char* password,int passwordSz, int vPKCS, int vAlgo, + const char* password, int passwordSz, int vPKCS, int vAlgo, byte* salt, word32 saltSz, int itt, WC_RNG* rng, void* heap) { int algoID = 0; @@ -3058,10 +3065,231 @@ int UnTraditionalEnc(byte* key, word32 keySz, byte* out, word32* outSz, return totalSz + sz; } +static int GetAlgoV2(int encAlgId, const byte** oid, int *len, int* id, + int *blkSz) +{ + int ret = 0; + + switch (encAlgId) { +#if !defined(NO_DES3) && !defined(NO_SHA) + case DESb: + *len = sizeof(blkDesCbcOid); + *oid = blkDesCbcOid; + *id = PBE_SHA1_DES; + *blkSz = 8; + break; + case DES3b: + *len = sizeof(blkDes3CbcOid); + *oid = blkDes3CbcOid; + *id = PBE_SHA1_DES3; + *blkSz = 8; + break; +#endif +#if defined(WOLFSSL_AES_256) && defined(HAVE_AES_CBC) + case AES256CBCb: + *len = sizeof(blkAes256CbcOid); + *oid = blkAes256CbcOid; + *id = PBE_AES256_CBC; + *blkSz = 16; + break; +#endif + default: + (void)len; + (void)oid; + (void)id; + (void)blkSz; + ret = ALGO_ID_E; + } + + return ret; +} + +/* Converts Encrypted PKCS#8 to 'traditional' (i.e. PKCS#8 removed from + * decrypted key.) + */ +int TraditionalEnc(byte* key, word32 keySz, byte* out, word32* outSz, + const char* password, int passwordSz, int vPKCS, int vAlgo, + int encAlgId, byte* salt, word32 saltSz, int itt, WC_RNG* rng, + void* heap) +{ + int ret = 0; + int version, blockSz, id; + word32 idx = 0, encIdx; +#ifdef WOLFSSL_SMALL_STACK + byte* saltTmp = NULL; +#else + byte saltTmp[MAX_SALT_SIZE]; +#endif + byte cbcIv[MAX_IV_SIZE]; + byte *pkcs8Key = NULL; + word32 pkcs8KeySz, padSz; + int algId; + const byte* curveOid = NULL; + word32 curveOidSz = 0; + const byte* pbeOid; + word32 pbeOidSz; + const byte* encOid = NULL; + int encOidSz = 0; + word32 pbeLen, kdfLen = 0, encLen = 0; + word32 innerLen, outerLen; + + ret = CheckAlgo(vPKCS, vAlgo, &id, &version, &blockSz); + /* create random salt if one not provided */ + if (ret == 0 && (salt == NULL || saltSz <= 0)) { + saltSz = 8; + #ifdef WOLFSSL_SMALL_STACK + saltTmp = (byte*)XMALLOC(saltSz, heap, DYNAMIC_TYPE_TMP_BUFFER); + if (saltTmp == NULL) + return MEMORY_E; + #endif + salt = saltTmp; + + if ((ret = wc_RNG_GenerateBlock(rng, saltTmp, saltSz)) != 0) { + WOLFSSL_MSG("Error generating random salt"); + #ifdef WOLFSSL_SMALL_STACK + XFREE(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER); + #endif + return ret; + } + } + + if (ret == 0) { + /* check key type and get OID if ECC */ + ret = wc_GetKeyOID(key, keySz, &curveOid, &curveOidSz, &algId, heap); + if (ret == 1) + ret = 0; + } + if (ret == 0) { + ret = wc_CreatePKCS8Key(NULL, &pkcs8KeySz, key, keySz, algId, curveOid, + curveOidSz); + if (ret == LENGTH_ONLY_E) + ret = 0; + } + if (ret == 0) { + pkcs8Key = (byte*)XMALLOC(pkcs8KeySz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (pkcs8Key == NULL) + ret = MEMORY_E; + } + if (ret == 0) { + ret = wc_CreatePKCS8Key(pkcs8Key, &pkcs8KeySz, key, keySz, algId, + curveOid, curveOidSz); + if (ret >= 0) { + pkcs8KeySz = ret; + ret = 0; + } + } + + if (ret == 0 && version == PKCS5v2) + ret = GetAlgoV2(encAlgId, &encOid, &encOidSz, &id, &blockSz); + + if (ret == 0) { + padSz = (blockSz - (pkcs8KeySz & (blockSz - 1))) & (blockSz - 1); + /* inner = OCT salt INT itt */ + innerLen = 2 + saltSz + 2 + (itt < 256 ? 1 : 2); + + if (version != PKCS5v2) { + pbeOid = OidFromId(id, oidPBEType, &pbeOidSz); + /* pbe = OBJ pbse1 SEQ [ inner ] */ + pbeLen = 2 + pbeOidSz + 2 + innerLen; + } + else { + pbeOid = pbes2; + pbeOidSz = sizeof(pbes2); + /* kdf = OBJ pbkdf2 [ SEQ innerLen ] */ + kdfLen = 2 + sizeof(pbkdf2Oid) + 2 + innerLen; + /* enc = OBJ enc_alg OCT iv */ + encLen = 2 + encOidSz + 2 + blockSz; + /* pbe = OBJ pbse2 SEQ [ SEQ [ kdf ] SEQ [ enc ] ] */ + pbeLen = 2 + sizeof(pbes2) + 2 + 2 + kdfLen + 2 + encLen; + + ret = wc_RNG_GenerateBlock(rng, cbcIv, blockSz); + } + } + if (ret == 0) { + /* outer = SEQ [ pbe ] OCT encrypted_PKCS#8_key */ + outerLen = 2 + pbeLen; + outerLen += SetOctetString(pkcs8KeySz + padSz, out); + outerLen += pkcs8KeySz + padSz; + + idx += SetSequence(outerLen, out + idx); + + encIdx = idx + outerLen - pkcs8KeySz - padSz; + /* Put Encrypted content in place. */ + XMEMCPY(out + encIdx, pkcs8Key, pkcs8KeySz); + if (padSz > 0) { + XMEMSET(out + encIdx + pkcs8KeySz, padSz, padSz); + pkcs8KeySz += padSz; + } + ret = wc_CryptKey(password, passwordSz, salt, saltSz, itt, id, + out + encIdx, pkcs8KeySz, version, cbcIv, 1); + } + if (ret == 0) { + if (version != PKCS5v2) { + /* PBE algorithm */ + idx += SetSequence(pbeLen, out + idx); + idx += SetObjectId(pbeOidSz, out + idx); + XMEMCPY(out + idx, pbeOid, pbeOidSz); + idx += pbeOidSz; + } + else { + /* PBES2 algorithm identifier */ + idx += SetSequence(pbeLen, out + idx); + idx += SetObjectId(pbeOidSz, out + idx); + XMEMCPY(out + idx, pbeOid, pbeOidSz); + idx += pbeOidSz; + /* PBES2 Parameters: SEQ [ kdf ] SEQ [ enc ] */ + idx += SetSequence(2 + kdfLen + 2 + encLen, out + idx); + /* KDF Algorithm Identifier */ + idx += SetSequence(kdfLen, out + idx); + idx += SetObjectId(sizeof(pbkdf2Oid), out + idx); + XMEMCPY(out + idx, pbkdf2Oid, sizeof(pbkdf2Oid)); + idx += sizeof(pbkdf2Oid); + } + idx += SetSequence(innerLen, out + idx); + idx += SetOctetString(saltSz, out + idx); + XMEMCPY(out + idx, salt, saltSz); idx += saltSz; + ret = SetShortInt(out, &idx, itt, *outSz); + if (ret > 0) + ret = 0; + } + if (ret == 0) { + if (version == PKCS5v2) { + /* Encryption Algorithm Identifier */ + idx += SetSequence(encLen, out + idx); + idx += SetObjectId(encOidSz, out + idx); + XMEMCPY(out + idx, encOid, encOidSz); + idx += encOidSz; + /* Encryption Algorithm Parameter: CBC IV */ + idx += SetOctetString(blockSz, out + idx); + XMEMCPY(out + idx, cbcIv, blockSz); + idx += blockSz; + } + idx += SetOctetString(pkcs8KeySz, out + idx); + /* Default PRF - no need to write out OID */ + idx += pkcs8KeySz; + + ret = idx; + } + + if (pkcs8Key != NULL) { + ForceZero(pkcs8Key, pkcs8KeySz); + XFREE(pkcs8Key, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } +#ifdef WOLFSSL_SMALL_STACK + if (saltTmp != NULL) { + XFREE(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER); + } +#endif + + (void)rng; + + return ret; +} /* Remove Encrypted PKCS8 header, move beginning of traditional to beginning of input */ -int ToTraditionalEnc(byte* input, word32 sz,const char* password,int passwordSz) +int ToTraditionalEnc(byte* input, word32 sz,const char* password, + int passwordSz, word32* algId) { word32 inOutIdx = 0, seqEnd, oid; int ret = 0, first, second, length = 0, version, saltSz, id; @@ -3195,7 +3423,7 @@ exit_tte: if (ret == 0) { XMEMMOVE(input, input + inOutIdx, length); - ret = ToTraditional(input, length); + ret = ToTraditional(input, length, algId); } return ret; @@ -3373,7 +3601,7 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz, if (inOutIdx + 1 + MAX_LENGTH_SZ + inputSz > *outSz) return BUFFER_E; - out[inOutIdx++] = ASN_LONG_LENGTH; totalSz++; + out[inOutIdx++] = ASN_CONTEXT_SPECIFIC | 0; totalSz++; sz = SetLength(inputSz, out + inOutIdx); inOutIdx += sz; totalSz += sz; @@ -3420,7 +3648,7 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz, * * returns the total size of decrypted content on success. */ -int DecryptContent(byte* input, word32 sz,const char* password,int passwordSz) +int DecryptContent(byte* input, word32 sz,const char* password, int passwordSz) { word32 inOutIdx = 0, seqEnd, oid; int ret = 0; @@ -8275,6 +8503,16 @@ int wc_PemGetHeaderFooter(int type, const char** header, const char** footer) if (footer) *footer = END_PUB_KEY; ret = 0; break; + case PKCS8_PRIVATEKEY_TYPE: + if (header) *header = BEGIN_PRIV_KEY; + if (footer) *footer = END_PRIV_KEY; + ret = 0; + break; + case PKCS8_ENC_PRIVATEKEY_TYPE: + if (header) *header = BEGIN_ENC_PRIV_KEY; + if (footer) *footer = END_ENC_PRIV_KEY; + ret = 0; + break; default: break; } @@ -8352,8 +8590,7 @@ int wc_EncryptedInfoGet(EncryptedInfo* info, const char* cipherInfo) return ret; } -static int wc_EncryptedInfoParse(EncryptedInfo* info, - char** pBuffer, size_t bufSz) +int wc_EncryptedInfoParse(EncryptedInfo* info, char** pBuffer, size_t bufSz) { int err = 0; char* bufferStart; @@ -8419,17 +8656,23 @@ static int wc_EncryptedInfoParse(EncryptedInfo* info, return BUFFER_E; info->name[finish - start] = '\0'; /* null term */ + /* populate info */ + err = wc_EncryptedInfoGet(info, info->name); + if (err != 0) + return err; + /* get IV */ - if (finishSz < sizeof(info->iv) + 1) - return BUFFER_E; - if (XMEMCPY(info->iv, finish + 1, sizeof(info->iv)) == NULL) + if (finishSz < info->ivSz + 1) return BUFFER_E; - if (newline == NULL) + if (newline == NULL) { newline = XSTRNSTR(finish, "\n", min(finishSz, PEM_LINE_LEN)); + } if ((newline != NULL) && (newline > finish)) { info->ivSz = (word32)(newline - (finish + 1)); + if (XMEMCPY(info->iv, finish + 1, info->ivSz) == NULL) + return BUFFER_E; info->set = 1; } else @@ -8444,9 +8687,6 @@ static int wc_EncryptedInfoParse(EncryptedInfo* info, /* return new headerEnd */ if (pBuffer) *pBuffer = newline; - - /* populate info */ - err = wc_EncryptedInfoGet(info, info->name); } return err; @@ -8636,6 +8876,7 @@ int PemToDer(const unsigned char* buff, long longSz, int type, int sz = (int)longSz; int encrypted_key = 0; DerBuffer* der; + word32 algId = 0; WOLFSSL_ENTER("PemToDer"); @@ -8758,7 +8999,7 @@ int PemToDer(const unsigned char* buff, long longSz, int type, ) && !encrypted_key) { /* pkcs8 key, convert and adjust length */ - if ((ret = ToTraditional(der->buffer, der->length)) > 0) { + if ((ret = ToTraditional(der->buffer, der->length, &algId)) > 0) { der->length = ret; } else { @@ -8798,10 +9039,13 @@ int PemToDer(const unsigned char* buff, long longSz, int type, if (header == BEGIN_ENC_PRIV_KEY) { #ifndef NO_PWDBASED ret = ToTraditionalEnc(der->buffer, der->length, - password, passwordSz); + password, passwordSz, &algId); if (ret >= 0) { der->length = ret; + if (algId == ECDSAk) + *eccKey = 1; + ret = 0; } #else ret = NOT_COMPILED_IN; diff --git a/wolfcrypt/src/pkcs12.c b/wolfcrypt/src/pkcs12.c index eb44d086d..973a1be5a 100644 --- a/wolfcrypt/src/pkcs12.c +++ b/wolfcrypt/src/pkcs12.c @@ -751,6 +751,7 @@ int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, byte* buf = NULL; word32 i, oid; int ret, pswSz; + word32 algId; WOLFSSL_ENTER("wc_PKCS12_parse"); @@ -900,7 +901,7 @@ int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, ERROR_OUT(MEMORY_E, exit_pk12par); } XMEMCPY(*pkey, data + idx, size); - *pkeySz = ToTraditional(*pkey, size); + *pkeySz = ToTraditional(*pkey, size, &algId); } #ifdef WOLFSSL_DEBUG_PKCS12 @@ -937,7 +938,8 @@ int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, XMEMCPY(k, data + idx, size); /* overwrites input, be warned */ - if ((ret = ToTraditionalEnc(k, size, psw, pswSz)) < 0) { + if ((ret = ToTraditionalEnc(k, size, psw, pswSz, + &algId)) < 0) { XFREE(k, pkcs12->heap, DYNAMIC_TYPE_PUBLIC_KEY); goto exit_pk12par; } diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index 6da67dff2..7c0caa787 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -905,9 +905,11 @@ int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* derCert, word32 derCertSz) heap = pkcs7->heap; devId = pkcs7->devId; + cert = pkcs7->certList; ret = wc_PKCS7_Init(pkcs7, heap, devId); if (ret != 0) return ret; + pkcs7->certList = cert; if (derCert != NULL && derCertSz > 0) { #ifdef WOLFSSL_SMALL_STACK @@ -3462,7 +3464,6 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, wc_PKCS7_StreamGetVar(pkcs7, &totalSz, 0, 0); pkiMsgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length :inSz; #endif - /* Get the inner ContentInfo sequence */ if (GetSequence_ex(pkiMsg, &idx, &length, pkiMsgSz, NO_USER_CHECK) < 0) diff --git a/wolfcrypt/src/wc_encrypt.c b/wolfcrypt/src/wc_encrypt.c index 0962acc51..a6520126b 100644 --- a/wolfcrypt/src/wc_encrypt.c +++ b/wolfcrypt/src/wc_encrypt.c @@ -347,7 +347,7 @@ int wc_BufferKeyEncrypt(EncryptedInfo* info, byte* der, word32 derSz, if (info->cipherType == WC_CIPHER_AES_CBC) ret = wc_AesCbcEncryptWithKey(der, der, derSz, key, info->keySz, info->iv); -#endif /* NO_AES */ +#endif /* !NO_AES && HAVE_AES_CBC */ #ifdef WOLFSSL_SMALL_STACK XFREE(key, NULL, DYNAMIC_TYPE_SYMETRIC_KEY); @@ -568,24 +568,35 @@ int wc_CryptKey(const char* password, int passwordSz, byte* salt, #ifdef WOLFSSL_AES_256 case PBE_AES256_CBC: { - Aes dec; - ret = wc_AesInit(&dec, NULL, INVALID_DEVID); - if (ret == 0) - ret = wc_AesSetKey(&dec, key, derivedLen, - cbcIv, AES_DECRYPTION); - if (ret == 0) - ret = wc_AesCbcDecrypt(&dec, input, input, length); + Aes aes; + ret = wc_AesInit(&aes, NULL, INVALID_DEVID); + if (ret == 0) { + if (enc) { + ret = wc_AesSetKey(&aes, key, derivedLen, cbcIv, + AES_ENCRYPTION); + } + else { + ret = wc_AesSetKey(&aes, key, derivedLen, cbcIv, + AES_DECRYPTION); + } + } + if (ret == 0) { + if (enc) + ret = wc_AesCbcEncrypt(&aes, input, input, length); + else + ret = wc_AesCbcDecrypt(&aes, input, input, length); + } if (ret != 0) { #ifdef WOLFSSL_SMALL_STACK XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return ret; } - ForceZero(&dec, sizeof(Aes)); + ForceZero(&aes, sizeof(Aes)); break; } #endif /* WOLFSSL_AES_256 */ -#endif +#endif /* !NO_AES && HAVE_AES_CBC */ default: #ifdef WOLFSSL_SMALL_STACK diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index d01a5e20b..f2f7c13ec 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -13124,7 +13124,7 @@ int openssl_test(void) return -7424; } /* end evp_cipher test: EVP_aes_128_cbc*/ -#endif /* WOLFSSL_AES_128 */ +#endif /* WOLFSSL_AES_128 && HAVE_AES_CBC */ #if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_256) { /* evp_cipher test: EVP_aes_256_ecb*/ @@ -13641,7 +13641,7 @@ int openssl_test(void) } -#endif /* WOLFSSL_AES_128 */ +#endif /* WOLFSSL_AES_128 && HAVE_AES_CBC */ #endif /* ifndef NO_AES */ return 0; } diff --git a/wolfssl/openssl/asn1.h b/wolfssl/openssl/asn1.h index d91d20d2c..8cf3c7eb0 100644 --- a/wolfssl/openssl/asn1.h +++ b/wolfssl/openssl/asn1.h @@ -53,4 +53,7 @@ ASN1_STRFLGS_UTF8_CONVERT | \ ASN1_STRFLGS_DUMP_UNKNOWN | \ ASN1_STRFLGS_DUMP_DER) + +#define MBSTRING_UTF8 0x1000 + #endif /* WOLFSSL_ASN1_H_ */ diff --git a/wolfssl/openssl/ec.h b/wolfssl/openssl/ec.h index e0b514704..44d76706e 100644 --- a/wolfssl/openssl/ec.h +++ b/wolfssl/openssl/ec.h @@ -33,6 +33,7 @@ extern "C" { /* Map OpenSSL NID value */ enum { + POINT_CONVERSION_COMPRESSED = 2, POINT_CONVERSION_UNCOMPRESSED = 4, #ifdef HAVE_ECC @@ -101,6 +102,7 @@ struct WOLFSSL_EC_KEY { char exSet; /* external set from internal ? */ }; + #define WOLFSSL_EC_KEY_LOAD_PRIVATE 1 #define WOLFSSL_EC_KEY_LOAD_PUBLIC 2 @@ -182,36 +184,42 @@ WOLFSSL_API int wolfSSL_EC_POINT_is_at_infinity(const WOLFSSL_EC_GROUP *group, const WOLFSSL_EC_POINT *a); -#define EC_KEY_free wolfSSL_EC_KEY_free -#define EC_KEY_get0_public_key wolfSSL_EC_KEY_get0_public_key -#define EC_KEY_get0_group wolfSSL_EC_KEY_get0_group -#define EC_KEY_set_private_key wolfSSL_EC_KEY_set_private_key -#define EC_KEY_get0_private_key wolfSSL_EC_KEY_get0_private_key -#define EC_KEY_new_by_curve_name wolfSSL_EC_KEY_new_by_curve_name -#define EC_KEY_set_group wolfSSL_EC_KEY_set_group -#define EC_KEY_generate_key wolfSSL_EC_KEY_generate_key -#define EC_KEY_set_asn1_flag wolfSSL_EC_KEY_set_asn1_flag -#define EC_KEY_set_public_key wolfSSL_EC_KEY_set_public_key -#define EC_KEY_new wolfSSL_EC_KEY_new +WOLFSSL_API +char* wolfSSL_EC_POINT_point2hex(const WOLFSSL_EC_GROUP* group, + const WOLFSSL_EC_POINT* point, int form, + WOLFSSL_BN_CTX* ctx); -#define EC_GROUP_set_asn1_flag wolfSSL_EC_GROUP_set_asn1_flag -#define EC_GROUP_new_by_curve_name wolfSSL_EC_GROUP_new_by_curve_name -#define EC_GROUP_cmp wolfSSL_EC_GROUP_cmp -#define EC_GROUP_get_curve_name wolfSSL_EC_GROUP_get_curve_name -#define EC_GROUP_get_degree wolfSSL_EC_GROUP_get_degree -#define EC_GROUP_get_order wolfSSL_EC_GROUP_get_order -#define EC_GROUP_free wolfSSL_EC_GROUP_free +#define EC_KEY_new wolfSSL_EC_KEY_new +#define EC_KEY_free wolfSSL_EC_KEY_free +#define EC_KEY_get0_public_key wolfSSL_EC_KEY_get0_public_key +#define EC_KEY_get0_group wolfSSL_EC_KEY_get0_group +#define EC_KEY_set_private_key wolfSSL_EC_KEY_set_private_key +#define EC_KEY_get0_private_key wolfSSL_EC_KEY_get0_private_key +#define EC_KEY_new_by_curve_name wolfSSL_EC_KEY_new_by_curve_name +#define EC_KEY_set_group wolfSSL_EC_KEY_set_group +#define EC_KEY_generate_key wolfSSL_EC_KEY_generate_key +#define EC_KEY_set_asn1_flag wolfSSL_EC_KEY_set_asn1_flag +#define EC_KEY_set_public_key wolfSSL_EC_KEY_set_public_key -#define EC_POINT_new wolfSSL_EC_POINT_new +#define EC_GROUP_free wolfSSL_EC_GROUP_free +#define EC_GROUP_set_asn1_flag wolfSSL_EC_GROUP_set_asn1_flag +#define EC_GROUP_new_by_curve_name wolfSSL_EC_GROUP_new_by_curve_name +#define EC_GROUP_cmp wolfSSL_EC_GROUP_cmp +#define EC_GROUP_get_curve_name wolfSSL_EC_GROUP_get_curve_name +#define EC_GROUP_get_degree wolfSSL_EC_GROUP_get_degree +#define EC_GROUP_get_order wolfSSL_EC_GROUP_get_order + +#define EC_POINT_new wolfSSL_EC_POINT_new +#define EC_POINT_free wolfSSL_EC_POINT_free #define EC_POINT_get_affine_coordinates_GFp \ - wolfSSL_EC_POINT_get_affine_coordinates_GFp -#define EC_POINT_mul wolfSSL_EC_POINT_mul -#define EC_POINT_clear_free wolfSSL_EC_POINT_clear_free -#define EC_POINT_cmp wolfSSL_EC_POINT_cmp -#define EC_POINT_free wolfSSL_EC_POINT_free -#define EC_POINT_is_at_infinity wolfSSL_EC_POINT_is_at_infinity + wolfSSL_EC_POINT_get_affine_coordinates_GFp +#define EC_POINT_mul wolfSSL_EC_POINT_mul +#define EC_POINT_clear_free wolfSSL_EC_POINT_clear_free +#define EC_POINT_cmp wolfSSL_EC_POINT_cmp +#define EC_POINT_is_at_infinity wolfSSL_EC_POINT_is_at_infinity -#define EC_POINT_dump wolfSSL_EC_POINT_dump +#define EC_POINT_point2hex wolfSSL_EC_POINT_point2hex +#define EC_POINT_dump wolfSSL_EC_POINT_dump #ifdef __cplusplus } /* extern "C" */ diff --git a/wolfssl/openssl/evp.h b/wolfssl/openssl/evp.h index 796259f4d..34be7ae22 100644 --- a/wolfssl/openssl/evp.h +++ b/wolfssl/openssl/evp.h @@ -355,6 +355,10 @@ WOLFSSL_API int wolfSSL_EVP_Cipher(WOLFSSL_EVP_CIPHER_CTX* ctx, WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_get_cipherbynid(int); WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_get_digestbynid(int); +WOLFSSL_API int wolfSSL_EVP_PKEY_assign_RSA(WOLFSSL_EVP_PKEY* pkey, + WOLFSSL_RSA* key); +WOLFSSL_API int wolfSSL_EVP_PKEY_assign_EC_KEY(WOLFSSL_EVP_PKEY* pkey, + WOLFSSL_EC_KEY* key); WOLFSSL_API WOLFSSL_RSA* wolfSSL_EVP_PKEY_get1_RSA(WOLFSSL_EVP_PKEY*); WOLFSSL_API WOLFSSL_DSA* wolfSSL_EVP_PKEY_get1_DSA(WOLFSSL_EVP_PKEY*); WOLFSSL_API WOLFSSL_EC_KEY *wolfSSL_EVP_PKEY_get1_EC_KEY(WOLFSSL_EVP_PKEY *key); @@ -545,34 +549,37 @@ typedef WOLFSSL_EVP_CIPHER_CTX EVP_CIPHER_CTX; #define EVP_get_cipherbyname wolfSSL_EVP_get_cipherbyname #define EVP_get_digestbyname wolfSSL_EVP_get_digestbyname -#define EVP_PKEY_get1_RSA wolfSSL_EVP_PKEY_get1_RSA -#define EVP_PKEY_get1_DSA wolfSSL_EVP_PKEY_get1_DSA -#define EVP_PKEY_set1_RSA wolfSSL_EVP_PKEY_set1_RSA -#define EVP_PKEY_get1_EC_KEY wolfSSL_EVP_PKEY_get1_EC_KEY -#define EVP_PKEY_get0_hmac wolfSSL_EVP_PKEY_get0_hmac -#define EVP_PKEY_new_mac_key wolfSSL_EVP_PKEY_new_mac_key -#define EVP_MD_CTX_copy wolfSSL_EVP_MD_CTX_copy -#define EVP_MD_CTX_copy_ex wolfSSL_EVP_MD_CTX_copy_ex -#define EVP_PKEY_bits wolfSSL_EVP_PKEY_bits -#define EVP_PKEY_CTX_free wolfSSL_EVP_PKEY_CTX_free -#define EVP_PKEY_CTX_new wolfSSL_EVP_PKEY_CTX_new -#define EVP_PKEY_CTX_set_rsa_padding wolfSSL_EVP_PKEY_CTX_set_rsa_padding -#define EVP_PKEY_decrypt wolfSSL_EVP_PKEY_decrypt -#define EVP_PKEY_decrypt_init wolfSSL_EVP_PKEY_decrypt_init -#define EVP_PKEY_encrypt wolfSSL_EVP_PKEY_encrypt -#define EVP_PKEY_encrypt_init wolfSSL_EVP_PKEY_encrypt_init -#define EVP_PKEY_new wolfSSL_PKEY_new -#define EVP_PKEY_free wolfSSL_EVP_PKEY_free -#define EVP_PKEY_size wolfSSL_EVP_PKEY_size -#define EVP_PKEY_type wolfSSL_EVP_PKEY_type -#define EVP_PKEY_base_id wolfSSL_EVP_PKEY_base_id -#define EVP_PKEY_id wolfSSL_EVP_PKEY_id -#define EVP_SignFinal wolfSSL_EVP_SignFinal -#define EVP_SignInit wolfSSL_EVP_SignInit -#define EVP_SignUpdate wolfSSL_EVP_SignUpdate -#define EVP_VerifyFinal wolfSSL_EVP_VerifyFinal -#define EVP_VerifyInit wolfSSL_EVP_VerifyInit -#define EVP_VerifyUpdate wolfSSL_EVP_VerifyUpdate +#define EVP_PKEY_asign_RSA wolfSSL_EVP_PKEY_assign_RSA +#define EVP_PKEY_asign_EC_KEY wolfSSL_EVP_PKEY_assign_EC_KEY +#define EVP_PKEY_get1_DSA wolfSSL_EVP_PKEY_get1_DSA +#define EVP_PKEY_get1_RSA wolfSSL_EVP_PKEY_get1_RSA +#define EVP_PKEY_get1_DSA wolfSSL_EVP_PKEY_get1_DSA +#define EVP_PKEY_set1_RSA wolfSSL_EVP_PKEY_set1_RSA +#define EVP_PKEY_get1_EC_KEY wolfSSL_EVP_PKEY_get1_EC_KEY +#define EVP_PKEY_get0_hmac wolfSSL_EVP_PKEY_get0_hmac +#define EVP_PKEY_new_mac_key wolfSSL_EVP_PKEY_new_mac_key +#define EVP_MD_CTX_copy wolfSSL_EVP_MD_CTX_copy +#define EVP_MD_CTX_copy_ex wolfSSL_EVP_MD_CTX_copy_ex +#define EVP_PKEY_bits wolfSSL_EVP_PKEY_bits +#define EVP_PKEY_CTX_free wolfSSL_EVP_PKEY_CTX_free +#define EVP_PKEY_CTX_new wolfSSL_EVP_PKEY_CTX_new +#define EVP_PKEY_CTX_set_rsa_padding wolfSSL_EVP_PKEY_CTX_set_rsa_padding +#define EVP_PKEY_decrypt wolfSSL_EVP_PKEY_decrypt +#define EVP_PKEY_decrypt_init wolfSSL_EVP_PKEY_decrypt_init +#define EVP_PKEY_encrypt wolfSSL_EVP_PKEY_encrypt +#define EVP_PKEY_encrypt_init wolfSSL_EVP_PKEY_encrypt_init +#define EVP_PKEY_new wolfSSL_PKEY_new +#define EVP_PKEY_free wolfSSL_EVP_PKEY_free +#define EVP_PKEY_size wolfSSL_EVP_PKEY_size +#define EVP_PKEY_type wolfSSL_EVP_PKEY_type +#define EVP_PKEY_base_id wolfSSL_EVP_PKEY_base_id +#define EVP_PKEY_id wolfSSL_EVP_PKEY_id +#define EVP_SignFinal wolfSSL_EVP_SignFinal +#define EVP_SignInit wolfSSL_EVP_SignInit +#define EVP_SignUpdate wolfSSL_EVP_SignUpdate +#define EVP_VerifyFinal wolfSSL_EVP_VerifyFinal +#define EVP_VerifyInit wolfSSL_EVP_VerifyInit +#define EVP_VerifyUpdate wolfSSL_EVP_VerifyUpdate #define EVP_CIPHER_CTX_block_size wolfSSL_EVP_CIPHER_CTX_block_size #define EVP_CIPHER_block_size wolfSSL_EVP_CIPHER_block_size diff --git a/wolfssl/openssl/include.am b/wolfssl/openssl/include.am index 3d0eebe28..ecba7f04d 100644 --- a/wolfssl/openssl/include.am +++ b/wolfssl/openssl/include.am @@ -32,6 +32,7 @@ nobase_include_HEADERS+= \ wolfssl/openssl/ossl_typ.h \ wolfssl/openssl/pem.h \ wolfssl/openssl/pkcs12.h \ + wolfssl/openssl/pkcs7.h \ wolfssl/openssl/rand.h \ wolfssl/openssl/rsa.h \ wolfssl/openssl/sha.h \ diff --git a/wolfssl/openssl/pem.h b/wolfssl/openssl/pem.h index 5e368ab85..78c781b2e 100644 --- a/wolfssl/openssl/pem.h +++ b/wolfssl/openssl/pem.h @@ -128,6 +128,23 @@ int wolfSSL_PEM_write_bio_PrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key, unsigned char* passwd, int len, pem_password_cb* cb, void* arg); + +WOLFSSL_API +int wolfSSL_PEM_read_bio(WOLFSSL_BIO* bio, char **name, char **header, + unsigned char **data, long *len); +WOLFSSL_API +int wolfSSL_PEM_write_bio(WOLFSSL_BIO *bio, const char *name, + const char *header, const unsigned char *data, + long len); +#if !defined(NO_FILESYSTEM) +WOLFSSL_API +int wolfSSL_PEM_read(XFILE fp, char **name, char **header, unsigned char **data, + long *len); +WOLFSSL_API +int wolfSSL_PEM_write(XFILE fp, const char *name, const char *header, + const unsigned char *data, long len); +#endif + #if !defined(NO_FILESYSTEM) WOLFSSL_API WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_PUBKEY(XFILE fp, EVP_PKEY **x, @@ -138,30 +155,40 @@ WOLFSSL_X509 *wolfSSL_PEM_read_X509(XFILE fp, WOLFSSL_X509 **x, WOLFSSL_API WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_PrivateKey(XFILE fp, WOLFSSL_EVP_PKEY **x, pem_password_cb *cb, void *u); + +WOLFSSL_API +int wolfSSL_PEM_write_X509(XFILE fp, WOLFSSL_X509 *x); #endif /* NO_FILESYSTEM */ -#define PEM_read_X509 wolfSSL_PEM_read_X509 -#define PEM_read_PrivateKey wolfSSL_PEM_read_PrivateKey -#define PEM_write_bio_PrivateKey wolfSSL_PEM_write_bio_PrivateKey +#define PEM_read wolfSSL_PEM_read +#define PEM_read_bio wolfSSL_PEM_read_bio +#define PEM_write wolfSSL_PEM_write +#define PEM_write_bio wolfSSL_PEM_write_bio + +#define PEM_read_X509 wolfSSL_PEM_read_X509 +#define PEM_read_PrivateKey wolfSSL_PEM_read_PrivateKey +#define PEM_write_X509 wolfSSL_PEM_write_X509 +#define PEM_write_bio_PrivateKey wolfSSL_PEM_write_bio_PrivateKey +#define PEM_write_bio_PKCS8PrivateKey wolfSSL_PEM_write_bio_PKCS8PrivateKey /* RSA */ -#define PEM_write_bio_RSAPrivateKey wolfSSL_PEM_write_bio_RSAPrivateKey -#define PEM_read_bio_RSAPrivateKey wolfSSL_PEM_read_bio_RSAPrivateKey -#define PEM_write_RSAPrivateKey wolfSSL_PEM_write_RSAPrivateKey -#define PEM_write_RSA_PUBKEY wolfSSL_PEM_write_RSA_PUBKEY -#define PEM_write_RSAPublicKey wolfSSL_PEM_write_RSAPublicKey -#define PEM_read_RSAPublicKey wolfSSL_PEM_read_RSAPublicKey +#define PEM_write_bio_RSAPrivateKey wolfSSL_PEM_write_bio_RSAPrivateKey +#define PEM_read_bio_RSAPrivateKey wolfSSL_PEM_read_bio_RSAPrivateKey +#define PEM_write_RSAPrivateKey wolfSSL_PEM_write_RSAPrivateKey +#define PEM_write_RSA_PUBKEY wolfSSL_PEM_write_RSA_PUBKEY +#define PEM_write_RSAPublicKey wolfSSL_PEM_write_RSAPublicKey +#define PEM_read_RSAPublicKey wolfSSL_PEM_read_RSAPublicKey /* DSA */ -#define PEM_write_bio_DSAPrivateKey wolfSSL_PEM_write_bio_DSAPrivateKey -#define PEM_write_DSAPrivateKey wolfSSL_PEM_write_DSAPrivateKey -#define PEM_write_DSA_PUBKEY wolfSSL_PEM_write_DSA_PUBKEY +#define PEM_write_bio_DSAPrivateKey wolfSSL_PEM_write_bio_DSAPrivateKey +#define PEM_write_DSAPrivateKey wolfSSL_PEM_write_DSAPrivateKey +#define PEM_write_DSA_PUBKEY wolfSSL_PEM_write_DSA_PUBKEY /* ECC */ -#define PEM_write_bio_ECPrivateKey wolfSSL_PEM_write_bio_ECPrivateKey -#define PEM_write_EC_PUBKEY wolfSSL_PEM_write_EC_PUBKEY -#define PEM_write_ECPrivateKey wolfSSL_PEM_write_ECPrivateKey +#define PEM_write_bio_ECPrivateKey wolfSSL_PEM_write_bio_ECPrivateKey +#define PEM_write_EC_PUBKEY wolfSSL_PEM_write_EC_PUBKEY +#define PEM_write_ECPrivateKey wolfSSL_PEM_write_ECPrivateKey /* EVP_KEY */ -#define PEM_read_bio_PrivateKey wolfSSL_PEM_read_bio_PrivateKey -#define PEM_read_PUBKEY wolfSSL_PEM_read_PUBKEY -#define PEM_read_bio_PUBKEY wolfSSL_PEM_read_bio_PUBKEY +#define PEM_read_bio_PrivateKey wolfSSL_PEM_read_bio_PrivateKey +#define PEM_read_PUBKEY wolfSSL_PEM_read_PUBKEY +#define PEM_read_bio_PUBKEY wolfSSL_PEM_read_bio_PUBKEY #ifdef __cplusplus } /* extern "C" */ diff --git a/wolfssl/openssl/pkcs7.h b/wolfssl/openssl/pkcs7.h new file mode 100644 index 000000000..a4916e546 --- /dev/null +++ b/wolfssl/openssl/pkcs7.h @@ -0,0 +1,74 @@ +/* pkcs7.h + * + * Copyright (C) 2006-2018 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* pkcs7.h for openSSL */ + + +#ifndef WOLFSSL_PKCS7_H_ +#define WOLFSSL_PKCS7_H_ + +#include +#include + +#ifdef __cplusplus + extern "C" { +#endif + +#if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) + +#define PKCS7_NOINTERN 0x0010 +#define PKCS7_NOVERIFY 0x0020 + + +typedef struct WOLFSSL_PKCS7 +{ + PKCS7 pkcs7; + unsigned char* data; + int len; +} WOLFSSL_PKCS7; + + +WOLFSSL_API PKCS7* wolfSSL_PKCS7_new(void); +WOLFSSL_API void wolfSSL_PKCS7_free(PKCS7* p7); + +WOLFSSL_API PKCS7* wolfSSL_d2i_PKCS7(PKCS7** p7, const unsigned char** in, + int len); +WOLFSSL_API PKCS7* wolfSSL_d2i_PKCS7_bio(WOLFSSL_BIO* bio, PKCS7** p7); +WOLFSSL_API int wolfSSL_PKCS7_verify(PKCS7* p7, WOLFSSL_STACK* certs, + WOLFSSL_X509_STORE* store, WOLFSSL_BIO* in, WOLFSSL_BIO* out, int flags); +WOLFSSL_API WOLFSSL_STACK* wolfSSL_PKCS7_get0_signers(PKCS7* p7, + WOLFSSL_STACK* certs, int flags); + +#define PKCS7_new wolfSSL_PKCS7_new +#define PKCS7_free wolfSSL_PKCS7_free +#define d2i_PKCS7 wolfSSL_d2i_PKCS7 +#define d2i_PKCS7_bio wolfSSL_d2i_PKCS7_bio +#define PKCS7_verify wolfSSL_PKCS7_verify +#define PKCS7_get0_signers wolfSSL_PKCS7_get0_signers + +#endif /* OPENSSL_ALL && HAVE_PKCS7 */ + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* WOLFSSL_PKCS7_H_ */ + diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index c84fc3d82..32cd4b4f4 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -69,6 +69,8 @@ typedef WOLFSSL_X509 X509_REQ; typedef WOLFSSL_X509_NAME X509_NAME; typedef WOLFSSL_X509_CHAIN X509_CHAIN; +typedef WOLFSSL_STACK EXTENDED_KEY_USAGE; + /* redeclare guard */ #define WOLFSSL_TYPES_DEFINED @@ -101,14 +103,34 @@ typedef WOLFSSL_X509_OBJECT X509_OBJECT; typedef WOLFSSL_X509_STORE X509_STORE; typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; -#define CRYPTO_free XFREE -#define CRYPTO_malloc XMALLOC -#define CRYPTO_EX_new WOLFSSL_CRYPTO_EX_new -#define CRYPTO_EX_dup WOLFSSL_CRYPTO_EX_dup -#define CRYPTO_EX_free WOLFSSL_CRYPTO_EX_free +#define EVP_CIPHER_INFO EncryptedInfo #define STACK_OF(x) WOLFSSL_STACK +#define CRYPTO_free XFREE +#define CRYPTO_malloc XMALLOC +#define CRYPTO_EX_new WOLFSSL_CRYPTO_EX_new +#define CRYPTO_EX_dup WOLFSSL_CRYPTO_EX_dup +#define CRYPTO_EX_free WOLFSSL_CRYPTO_EX_free + +/* depreciated */ +#define CRYPTO_thread_id wolfSSL_thread_id +#define CRYPTO_set_id_callback wolfSSL_set_id_callback + +#define CRYPTO_LOCK 0x01 +#define CRYPTO_UNLOCK 0x02 +#define CRYPTO_READ 0x04 +#define CRYPTO_WRITE 0x08 + +#define CRYPTO_set_locking_callback wolfSSL_set_locking_callback +#define CRYPTO_set_dynlock_create_callback wolfSSL_set_dynlock_create_callback +#define CRYPTO_set_dynlock_lock_callback wolfSSL_set_dynlock_lock_callback +#define CRYPTO_set_dynlock_destroy_callback wolfSSL_set_dynlock_destroy_callback +#define CRYPTO_num_locks wolfSSL_num_locks +#define CRYPTO_dynlock_value WOLFSSL_dynlock_value + +#define CRYPTO_cleanup_all_ex_data wolfSSL_cleanup_all_ex_data + /* this function was used to set the default malloc, free, and realloc */ #define CRYPTO_malloc_init() /* CRYPTO_malloc_init is not needed */ @@ -119,337 +141,412 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define SSL_get_shared_ciphers(ctx,buf,len) \ wolfSSL_get_shared_ciphers((ctx),(buf),(len)) -#define ERR_print_errors_fp(file) wolfSSL_ERR_dump_errors_fp((file)) - /* at the moment only returns ok */ -#define SSL_get_verify_result wolfSSL_get_verify_result -#define SSL_get_verify_mode wolfSSL_SSL_get_mode -#define SSL_get_verify_depth wolfSSL_get_verify_depth -#define SSL_CTX_get_verify_mode wolfSSL_CTX_get_verify_mode -#define SSL_CTX_get_verify_depth wolfSSL_CTX_get_verify_depth -#define SSL_get_certificate wolfSSL_get_certificate -#define SSL_use_certificate wolfSSL_use_certificate -#define SSL_use_certificate_ASN1 wolfSSL_use_certificate_ASN1 -#define d2i_PKCS8_PRIV_KEY_INFO_bio wolfSSL_d2i_PKCS8_PKEY_bio -#define PKCS8_PRIV_KEY_INFO_free wolfSSL_EVP_PKEY_free -#define d2i_PKCS12_fp wolfSSL_d2i_PKCS12_fp +#define SSL_get_verify_result wolfSSL_get_verify_result +#define SSL_get_verify_mode wolfSSL_SSL_get_mode +#define SSL_get_verify_depth wolfSSL_get_verify_depth +#define SSL_CTX_get_verify_mode wolfSSL_CTX_get_verify_mode +#define SSL_CTX_get_verify_depth wolfSSL_CTX_get_verify_depth +#define SSL_get_certificate wolfSSL_get_certificate +#define SSL_use_certificate wolfSSL_use_certificate +#define SSL_use_certificate_ASN1 wolfSSL_use_certificate_ASN1 +#define d2i_PKCS8_PRIV_KEY_INFO_bio wolfSSL_d2i_PKCS8_PKEY_bio +#define d2i_PKCS8PrivateKey_bio wolfSSL_d2i_PKCS8PrivateKey_bio +#define PKCS8_PRIV_KEY_INFO_free wolfSSL_EVP_PKEY_free +#define d2i_PKCS12_fp wolfSSL_d2i_PKCS12_fp -#define d2i_PUBKEY_bio wolfSSL_d2i_PUBKEY_bio -#define d2i_PrivateKey wolfSSL_d2i_PrivateKey -#define SSL_use_PrivateKey wolfSSL_use_PrivateKey -#define SSL_use_PrivateKey_ASN1 wolfSSL_use_PrivateKey_ASN1 -#define SSL_use_RSAPrivateKey_ASN1 wolfSSL_use_RSAPrivateKey_ASN1 -#define SSL_get_privatekey wolfSSL_get_privatekey +#define d2i_PUBKEY wolfSSL_d2i_PUBKEY +#define d2i_PUBKEY_bio wolfSSL_d2i_PUBKEY_bio +#define d2i_PrivateKey wolfSSL_d2i_PrivateKey +#define d2i_AutoPrivateKey wolfSSL_d2i_AutoPrivateKey +#define SSL_use_PrivateKey wolfSSL_use_PrivateKey +#define SSL_use_PrivateKey_ASN1 wolfSSL_use_PrivateKey_ASN1 +#define SSL_use_RSAPrivateKey_ASN1 wolfSSL_use_RSAPrivateKey_ASN1 +#define SSL_get_privatekey wolfSSL_get_privatekey -#define SSLv23_method wolfSSLv23_method -#define SSLv3_server_method wolfSSLv3_server_method -#define SSLv3_client_method wolfSSLv3_client_method -#define TLSv1_method wolfTLSv1_method -#define TLSv1_server_method wolfTLSv1_server_method -#define TLSv1_client_method wolfTLSv1_client_method -#define TLSv1_1_method wolfTLSv1_1_method -#define TLSv1_1_server_method wolfTLSv1_1_server_method -#define TLSv1_1_client_method wolfTLSv1_1_client_method -#define TLSv1_2_method wolfTLSv1_2_method -#define TLSv1_2_server_method wolfTLSv1_2_server_method -#define TLSv1_2_client_method wolfTLSv1_2_client_method +#define SSLv23_method wolfSSLv23_method +#define SSLv23_client_method wolfSSLv23_client_method +#define SSLv2_client_method wolfSSLv2_client_method +#define SSLv2_server_method wolfSSLv2_server_method +#define SSLv3_server_method wolfSSLv3_server_method +#define SSLv3_client_method wolfSSLv3_client_method +#define TLSv1_method wolfTLSv1_method +#define TLSv1_server_method wolfTLSv1_server_method +#define TLSv1_client_method wolfTLSv1_client_method +#define TLSv1_1_method wolfTLSv1_1_method +#define TLSv1_1_server_method wolfTLSv1_1_server_method +#define TLSv1_1_client_method wolfTLSv1_1_client_method +#define TLSv1_2_method wolfTLSv1_2_method +#define TLSv1_2_server_method wolfTLSv1_2_server_method +#define TLSv1_2_client_method wolfTLSv1_2_client_method +#define TLSv1_3_method wolfTLSv1_3_method +#define TLSv1_3_server_method wolfTLSv1_3_server_method +#define TLSv1_3_client_method wolfTLSv1_3_client_method #define X509_FILETYPE_ASN1 SSL_FILETYPE_ASN1 #ifdef WOLFSSL_DTLS - #define DTLSv1_client_method wolfDTLSv1_client_method - #define DTLSv1_server_method wolfDTLSv1_server_method - #define DTLSv1_2_client_method wolfDTLSv1_2_client_method - #define DTLSv1_2_server_method wolfDTLSv1_2_server_method + #define DTLSv1_client_method wolfDTLSv1_client_method + #define DTLSv1_server_method wolfDTLSv1_server_method + #define DTLSv1_2_client_method wolfDTLSv1_2_client_method + #define DTLSv1_2_server_method wolfDTLSv1_2_server_method #endif #ifndef NO_FILESYSTEM - #define SSL_CTX_use_certificate_file wolfSSL_CTX_use_certificate_file - #define SSL_CTX_use_PrivateKey_file wolfSSL_CTX_use_PrivateKey_file - #define SSL_CTX_load_verify_locations wolfSSL_CTX_load_verify_locations + #define SSL_CTX_use_certificate_file wolfSSL_CTX_use_certificate_file + #define SSL_CTX_use_PrivateKey_file wolfSSL_CTX_use_PrivateKey_file + #define SSL_CTX_load_verify_locations wolfSSL_CTX_load_verify_locations #define SSL_CTX_use_certificate_chain_file wolfSSL_CTX_use_certificate_chain_file - #define SSL_CTX_use_RSAPrivateKey_file wolfSSL_CTX_use_RSAPrivateKey_file + #define SSL_CTX_use_RSAPrivateKey_file wolfSSL_CTX_use_RSAPrivateKey_file - #define SSL_use_certificate_file wolfSSL_use_certificate_file - #define SSL_use_PrivateKey_file wolfSSL_use_PrivateKey_file - #define SSL_use_certificate_chain_file wolfSSL_use_certificate_chain_file - #define SSL_use_RSAPrivateKey_file wolfSSL_use_RSAPrivateKey_file + #define SSL_use_certificate_file wolfSSL_use_certificate_file + #define SSL_use_PrivateKey_file wolfSSL_use_PrivateKey_file + #define SSL_use_certificate_chain_file wolfSSL_use_certificate_chain_file + #define SSL_use_RSAPrivateKey_file wolfSSL_use_RSAPrivateKey_file #endif -#define SSL_CTX_new wolfSSL_CTX_new -#define SSL_new wolfSSL_new -#define SSL_set_fd wolfSSL_set_fd -#define SSL_get_fd wolfSSL_get_fd -#define SSL_connect wolfSSL_connect -#define SSL_clear wolfSSL_clear -#define SSL_state wolfSSL_state +#define SSL_CTX_new wolfSSL_CTX_new +#define SSL_new wolfSSL_new +#define SSL_set_fd wolfSSL_set_fd +#define SSL_get_fd wolfSSL_get_fd +#define SSL_connect wolfSSL_connect +#define SSL_clear wolfSSL_clear +#define SSL_state wolfSSL_state -#define SSL_write wolfSSL_write -#define SSL_read wolfSSL_read -#define SSL_peek wolfSSL_peek -#define SSL_accept wolfSSL_accept -#define SSL_CTX_free wolfSSL_CTX_free -#define SSL_free wolfSSL_free -#define SSL_shutdown wolfSSL_shutdown +#define SSL_write wolfSSL_write +#define SSL_read wolfSSL_read +#define SSL_peek wolfSSL_peek +#define SSL_accept wolfSSL_accept +#define SSL_CTX_free wolfSSL_CTX_free +#define SSL_free wolfSSL_free +#define SSL_shutdown wolfSSL_shutdown -#define SSL_CTX_set_quiet_shutdown wolfSSL_CTX_set_quiet_shutdown -#define SSL_set_quiet_shutdown wolfSSL_set_quiet_shutdown -#define SSL_get_error wolfSSL_get_error -#define SSL_set_session wolfSSL_set_session -#define SSL_get_session wolfSSL_get_session -#define SSL_flush_sessions wolfSSL_flush_sessions +#define SSL_CTX_set_quiet_shutdown wolfSSL_CTX_set_quiet_shutdown +#define SSL_set_quiet_shutdown wolfSSL_set_quiet_shutdown +#define SSL_get_error wolfSSL_get_error +#define SSL_set_session wolfSSL_set_session +#define SSL_get_session wolfSSL_get_session +#define SSL_flush_sessions wolfSSL_flush_sessions /* assume unlimited temporarily */ #define SSL_CTX_get_session_cache_mode(ctx) 0 -#define SSL_CTX_set_verify wolfSSL_CTX_set_verify -#define SSL_set_verify wolfSSL_set_verify -#define SSL_pending wolfSSL_pending -#define SSL_load_error_strings wolfSSL_load_error_strings -#define SSL_library_init wolfSSL_library_init -#define SSL_CTX_set_session_cache_mode wolfSSL_CTX_set_session_cache_mode -#define SSL_CTX_set_cipher_list wolfSSL_CTX_set_cipher_list -#define SSL_set_cipher_list wolfSSL_set_cipher_list +#define SSL_CTX_set_verify wolfSSL_CTX_set_verify +#define SSL_set_verify wolfSSL_set_verify +#define SSL_pending wolfSSL_pending +#define SSL_load_error_strings wolfSSL_load_error_strings +#define SSL_library_init wolfSSL_library_init +#define SSL_CTX_set_session_cache_mode wolfSSL_CTX_set_session_cache_mode +#define SSL_CTX_set_cipher_list wolfSSL_CTX_set_cipher_list +#define SSL_set_cipher_list wolfSSL_set_cipher_list -#define ERR_error_string wolfSSL_ERR_error_string -#define ERR_error_string_n wolfSSL_ERR_error_string_n -#define ERR_reason_error_string wolfSSL_ERR_reason_error_string - -#define SSL_set_ex_data wolfSSL_set_ex_data -#define SSL_get_shutdown wolfSSL_get_shutdown -#define SSL_set_rfd wolfSSL_set_rfd -#define SSL_set_wfd wolfSSL_set_wfd -#define SSL_set_shutdown wolfSSL_set_shutdown -#define SSL_set_session_id_context wolfSSL_set_session_id_context -#define SSL_set_connect_state wolfSSL_set_connect_state -#define SSL_set_accept_state wolfSSL_set_accept_state -#define SSL_session_reused wolfSSL_session_reused -#define SSL_SESSION_free wolfSSL_SESSION_free -#define SSL_is_init_finished wolfSSL_is_init_finished - -#define SSL_get_version wolfSSL_get_version -#define SSL_get_current_cipher wolfSSL_get_current_cipher +#define SSL_set_ex_data wolfSSL_set_ex_data +#define SSL_get_shutdown wolfSSL_get_shutdown +#define SSL_set_rfd wolfSSL_set_rfd +#define SSL_set_wfd wolfSSL_set_wfd +#define SSL_set_shutdown wolfSSL_set_shutdown +#define SSL_set_session_id_context wolfSSL_set_session_id_context +#define SSL_set_connect_state wolfSSL_set_connect_state +#define SSL_set_accept_state wolfSSL_set_accept_state +#define SSL_session_reused wolfSSL_session_reused +#define SSL_SESSION_free wolfSSL_SESSION_free +#define SSL_is_init_finished wolfSSL_is_init_finished + +#define SSL_get_version wolfSSL_get_version +#define SSL_get_current_cipher wolfSSL_get_current_cipher /* use wolfSSL_get_cipher_name for its return format */ -#define SSL_get_cipher wolfSSL_get_cipher_name -#define SSL_CIPHER_description wolfSSL_CIPHER_description -#define SSL_CIPHER_get_name wolfSSL_CIPHER_get_name -#define SSL_get1_session wolfSSL_get1_session +#define SSL_get_cipher wolfSSL_get_cipher_name +#define SSL_CIPHER_description wolfSSL_CIPHER_description +#define SSL_CIPHER_get_name wolfSSL_CIPHER_get_name +#define SSL_get1_session wolfSSL_get1_session -#define SSL_get_keyblock_size wolfSSL_get_keyblock_size -#define SSL_get_keys wolfSSL_get_keys -#define SSL_SESSION_get_master_key wolfSSL_SESSION_get_master_key +#define SSL_get_keyblock_size wolfSSL_get_keyblock_size +#define SSL_get_keys wolfSSL_get_keys +#define SSL_SESSION_get_master_key wolfSSL_SESSION_get_master_key #define SSL_SESSION_get_master_key_length wolfSSL_SESSION_get_master_key_length -#define DSA_dup_DH wolfSSL_DSA_dup_DH +#define DSA_dup_DH wolfSSL_DSA_dup_DH + +#define i2d_X509_bio wolfSSL_i2d_X509_bio +#define d2i_X509_bio wolfSSL_d2i_X509_bio +#define d2i_X509_fp wolfSSL_d2i_X509_fp +#define i2d_X509 wolfSSL_i2d_X509 +#define d2i_X509 wolfSSL_d2i_X509 +#define PEM_read_bio_X509 wolfSSL_PEM_read_bio_X509 +#define PEM_read_bio_X509_AUX wolfSSL_PEM_read_bio_X509_AUX +#define PEM_read_X509 wolfSSL_PEM_read_X509 +#define PEM_write_bio_X509 wolfSSL_PEM_write_bio_X509 +#define PEM_write_bio_X509_AUX wolfSSL_PEM_write_bio_X509_AUX -#define X509_load_certificate_file wolfSSL_X509_load_certificate_file -#define X509_NAME_get_text_by_NID wolfSSL_X509_NAME_get_text_by_NID -#define X509_get_ext_d2i wolfSSL_X509_get_ext_d2i -#define X509_digest wolfSSL_X509_digest -#define X509_free wolfSSL_X509_free -#define X509_new wolfSSL_X509_new +#define i2d_X509_REQ wolfSSL_i2d_X509_REQ +#define X509_REQ_new wolfSSL_X509_REQ_new +#define X509_REQ_free wolfSSL_X509_REQ_free +#define X509_REQ_sign wolfSSL_X509_REQ_sign +#define X509_REQ_set_subject_name wolfSSL_X509_REQ_set_subject_name +#define X509_REQ_set_pubkey wolfSSL_X509_REQ_set_pubkey +#define PEM_write_bio_X509_REQ wolfSSL_PEM_write_bio_X509_REQ -#define OCSP_parse_url wolfSSL_OCSP_parse_url -#define SSLv23_client_method wolfSSLv23_client_method -#define SSLv2_client_method wolfSSLv2_client_method -#define SSLv2_server_method wolfSSLv2_server_method +#define X509_new wolfSSL_X509_new +#define X509_free wolfSSL_X509_free +#define X509_load_certificate_file wolfSSL_X509_load_certificate_file +#define X509_digest wolfSSL_X509_digest +#define X509_get_ext_d2i wolfSSL_X509_get_ext_d2i +#define X509_get_issuer_name wolfSSL_X509_get_issuer_name +#define X509_get_subject_name wolfSSL_X509_get_subject_name +#define X509_get_pubkey wolfSSL_X509_get_pubkey +#define X509_get_notBefore(cert) (ASN1_TIME*)wolfSSL_X509_notBefore((cert)) +#define X509_get_notAfter(cert) (ASN1_TIME*)wolfSSL_X509_notAfter((cert)) +#define X509_get_serialNumber wolfSSL_X509_get_serialNumber +#define X509_get0_pubkey_bitstr wolfSSL_X509_get0_pubkey_bitstr +#define X509_get_ex_new_index wolfSSL_X509_get_ex_new_index +#define X509_get_ex_data wolfSSL_X509_get_ex_data +#define X509_set_ex_data wolfSSL_X509_set_ex_data +#define X509_get1_ocsp wolfSSL_X509_get1_ocsp +#ifndef WOLFSSL_HAPROXY +#define X509_get_version wolfSSL_X509_get_version +#endif +#define X509_get_signature_nid wolfSSL_X509_get_signature_nid +#define X509_set_subject_name wolfSSL_X509_set_subject_name +#define X509_set_pubkey wolfSSL_X509_set_pubkey +#define X509_print wolfSSL_X509_print +#define X509_verify_cert_error_string wolfSSL_X509_verify_cert_error_string +#define X509_verify_cert wolfSSL_X509_verify_cert +#define X509_check_private_key wolfSSL_X509_check_private_key +#define X509_check_ca wolfSSL_X509_check_ca +#define X509_check_host wolfSSL_X509_check_host +#define X509_email_free wolfSSL_X509_email_free +#define X509_check_issued wolfSSL_X509_check_issued +#define X509_dup wolfSSL_X509_dup + +#define sk_X509_new wolfSSL_sk_X509_new +#define sk_X509_num wolfSSL_sk_X509_num +#define sk_X509_value wolfSSL_sk_X509_value +#define sk_X509_push wolfSSL_sk_X509_push +#define sk_X509_pop wolfSSL_sk_X509_pop +#define sk_X509_pop_free wolfSSL_sk_X509_pop_free +#define sk_X509_free wolfSSL_sk_X509_free -#define MD4_Init wolfSSL_MD4_Init -#define MD4_Update wolfSSL_MD4_Update -#define MD4_Final wolfSSL_MD4_Final +#define i2d_X509_NAME wolfSSL_i2d_X509_NAME +#define X509_NAME_new wolfSSL_X509_NAME_new +#define X509_NAME_free wolfSSL_X509_NAME_free +#define X509_NAME_get_text_by_NID wolfSSL_X509_NAME_get_text_by_NID +#define X509_NAME_cmp wolfSSL_X509_NAME_cmp +#define X509_NAME_ENTRY_free wolfSSL_X509_NAME_ENTRY_free +#define X509_NAME_ENTRY_create_by_NID wolfSSL_X509_NAME_ENTRY_create_by_NID +#define X509_NAME_add_entry wolfSSL_X509_NAME_add_entry +#define X509_NAME_add_entry_by_txt wolfSSL_X509_NAME_add_entry_by_txt +#define X509_NAME_oneline wolfSSL_X509_NAME_oneline +#define X509_NAME_get_index_by_NID wolfSSL_X509_NAME_get_index_by_NID +#define X509_NAME_print_ex wolfSSL_X509_NAME_print_ex +#define X509_NAME_digest wolfSSL_X509_NAME_digest +#define X509_cmp_current_time wolfSSL_X509_cmp_current_time -#define BIO_new wolfSSL_BIO_new -#define BIO_free wolfSSL_BIO_free -#define BIO_free_all wolfSSL_BIO_free_all -#define BIO_nread0 wolfSSL_BIO_nread0 -#define BIO_nread wolfSSL_BIO_nread -#define BIO_read wolfSSL_BIO_read -#define BIO_nwrite0 wolfSSL_BIO_nwrite0 -#define BIO_nwrite wolfSSL_BIO_nwrite -#define BIO_write wolfSSL_BIO_write -#define BIO_push wolfSSL_BIO_push -#define BIO_pop wolfSSL_BIO_pop -#define BIO_flush wolfSSL_BIO_flush -#define BIO_pending wolfSSL_BIO_pending +#define sk_X509_NAME_pop_free wolfSSL_sk_X509_NAME_pop_free +#define sk_X509_NAME_num wolfSSL_sk_X509_NAME_num +#define sk_X509_NAME_value wolfSSL_sk_X509_NAME_value -#define BIO_get_mem_data wolfSSL_BIO_get_mem_data -#define BIO_new_mem_buf wolfSSL_BIO_new_mem_buf + typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; -#define BIO_f_buffer wolfSSL_BIO_f_buffer -#define BIO_set_write_buffer_size wolfSSL_BIO_set_write_buffer_size -#define BIO_f_ssl wolfSSL_BIO_f_ssl -#define BIO_new_socket wolfSSL_BIO_new_socket -#define SSL_set_bio wolfSSL_set_bio -#define BIO_eof wolfSSL_BIO_eof -#define BIO_set_ss wolfSSL_BIO_set_ss +#define X509_NAME_entry_count wolfSSL_X509_NAME_entry_count +#define X509_NAME_ENTRY_get_object wolfSSL_X509_NAME_ENTRY_get_object +#define X509_NAME_get_entry wolfSSL_X509_NAME_get_entry +#define X509_NAME_ENTRY_get_data wolfSSL_X509_NAME_ENTRY_get_data +#define X509_NAME_ENTRY_get_object wolfSSL_X509_NAME_ENTRY_get_object -#define BIO_s_mem wolfSSL_BIO_s_mem -#define BIO_f_base64 wolfSSL_BIO_f_base64 -#define BIO_set_flags wolfSSL_BIO_set_flags +#define X509_V_FLAG_CRL_CHECK WOLFSSL_CRL_CHECK +#define X509_V_FLAG_CRL_CHECK_ALL WOLFSSL_CRL_CHECKALL -#define SSLeay_add_ssl_algorithms wolfSSL_add_all_algorithms -#define SSLeay_add_all_algorithms wolfSSL_add_all_algorithms +#define X509_V_FLAG_USE_CHECK_TIME WOLFSSL_USE_CHECK_TIME +#define X509_V_FLAG_NO_CHECK_TIME WOLFSSL_NO_CHECK_TIME +#define X509_CHECK_FLAG_NO_WILDCARDS WOLFSSL_NO_WILDCARDS -#define RAND_screen wolfSSL_RAND_screen -#define RAND_file_name wolfSSL_RAND_file_name -#define RAND_write_file wolfSSL_RAND_write_file -#define RAND_load_file wolfSSL_RAND_load_file -#define RAND_egd wolfSSL_RAND_egd -#define RAND_seed wolfSSL_RAND_seed -#define RAND_cleanup wolfSSL_RAND_Cleanup -#define RAND_add wolfSSL_RAND_add -#define RAND_poll wolfSSL_RAND_poll +#define X509_STORE_CTX_get_current_cert wolfSSL_X509_STORE_CTX_get_current_cert +#define X509_STORE_CTX_set_verify_cb wolfSSL_X509_STORE_CTX_set_verify_cb +#define X509_STORE_CTX_new wolfSSL_X509_STORE_CTX_new +#define X509_STORE_CTX_free wolfSSL_X509_STORE_CTX_free +#define X509_STORE_CTX_get_chain wolfSSL_X509_STORE_CTX_get_chain +#define X509_STORE_CTX_get_error wolfSSL_X509_STORE_CTX_get_error +#define X509_STORE_CTX_get_error_depth wolfSSL_X509_STORE_CTX_get_error_depth +#define X509_STORE_CTX_init wolfSSL_X509_STORE_CTX_init +#define X509_STORE_CTX_cleanup wolfSSL_X509_STORE_CTX_cleanup +#define X509_STORE_CTX_set_error wolfSSL_X509_STORE_CTX_set_error +#define X509_STORE_CTX_get_ex_data wolfSSL_X509_STORE_CTX_get_ex_data + +#define X509_STORE_new wolfSSL_X509_STORE_new +#define X509_STORE_free wolfSSL_X509_STORE_free +#define X509_STORE_add_lookup wolfSSL_X509_STORE_add_lookup +#define X509_STORE_add_cert wolfSSL_X509_STORE_add_cert +#define X509_STORE_add_crl wolfSSL_X509_STORE_add_crl +#define X509_STORE_set_flags wolfSSL_X509_STORE_set_flags +#define X509_STORE_get1_certs wolfSSL_X509_STORE_get1_certs +#define X509_STORE_get_by_subject wolfSSL_X509_STORE_get_by_subject +#define X509_STORE_CTX_get1_issuer wolfSSL_X509_STORE_CTX_get1_issuer +#define X509_STORE_CTX_set_time wolfSSL_X509_STORE_CTX_set_time + +#define X509_LOOKUP_add_dir wolfSSL_X509_LOOKUP_add_dir +#define X509_LOOKUP_load_file wolfSSL_X509_LOOKUP_load_file +#define X509_LOOKUP_hash_dir wolfSSL_X509_LOOKUP_hash_dir +#define X509_LOOKUP_file wolfSSL_X509_LOOKUP_file + +#define d2i_X509_CRL wolfSSL_d2i_X509_CRL +#define d2i_X509_CRL_fp wolfSSL_d2i_X509_CRL_fp +#define PEM_read_X509_CRL wolfSSL_PEM_read_X509_CRL + +#define X509_CRL_free wolfSSL_X509_CRL_free +#define X509_CRL_get_lastUpdate wolfSSL_X509_CRL_get_lastUpdate +#define X509_CRL_get_nextUpdate wolfSSL_X509_CRL_get_nextUpdate +#define X509_CRL_verify wolfSSL_X509_CRL_verify +#define X509_CRL_get_REVOKED wolfSSL_X509_CRL_get_REVOKED + +#define sk_X509_REVOKED_num wolfSSL_sk_X509_REVOKED_num +#define sk_X509_REVOKED_value wolfSSL_sk_X509_REVOKED_value + +#define X509_OBJECT_free_contents wolfSSL_X509_OBJECT_free_contents + +#define OCSP_parse_url wolfSSL_OCSP_parse_url + +#define MD4_Init wolfSSL_MD4_Init +#define MD4_Update wolfSSL_MD4_Update +#define MD4_Final wolfSSL_MD4_Final + +#define BIO_new wolfSSL_BIO_new +#define BIO_free wolfSSL_BIO_free +#define BIO_free_all wolfSSL_BIO_free_all +#define BIO_nread0 wolfSSL_BIO_nread0 +#define BIO_nread wolfSSL_BIO_nread +#define BIO_read wolfSSL_BIO_read +#define BIO_nwrite0 wolfSSL_BIO_nwrite0 +#define BIO_nwrite wolfSSL_BIO_nwrite +#define BIO_write wolfSSL_BIO_write +#define BIO_push wolfSSL_BIO_push +#define BIO_pop wolfSSL_BIO_pop +#define BIO_flush wolfSSL_BIO_flush +#define BIO_pending wolfSSL_BIO_pending + +#define BIO_get_mem_data wolfSSL_BIO_get_mem_data +#define BIO_new_mem_buf wolfSSL_BIO_new_mem_buf + +#define BIO_f_buffer wolfSSL_BIO_f_buffer +#define BIO_set_write_buffer_size wolfSSL_BIO_set_write_buffer_size +#define BIO_f_ssl wolfSSL_BIO_f_ssl +#define BIO_new_socket wolfSSL_BIO_new_socket +#define SSL_set_bio wolfSSL_set_bio +#define BIO_eof wolfSSL_BIO_eof +#define BIO_set_ss wolfSSL_BIO_set_ss + +#define BIO_s_mem wolfSSL_BIO_s_mem +#define BIO_f_base64 wolfSSL_BIO_f_base64 +#define BIO_set_flags wolfSSL_BIO_set_flags + +#define SSLeay_add_ssl_algorithms wolfSSL_add_all_algorithms +#define SSLeay_add_all_algorithms wolfSSL_add_all_algorithms + +#define RAND_screen wolfSSL_RAND_screen +#define RAND_file_name wolfSSL_RAND_file_name +#define RAND_write_file wolfSSL_RAND_write_file +#define RAND_load_file wolfSSL_RAND_load_file +#define RAND_egd wolfSSL_RAND_egd +#define RAND_seed wolfSSL_RAND_seed +#define RAND_cleanup wolfSSL_RAND_Cleanup +#define RAND_add wolfSSL_RAND_add +#define RAND_poll wolfSSL_RAND_poll +#define RAND_status wolfSSL_RAND_status +#define RAND_bytes wolfSSL_RAND_bytes +#define RAND_pseudo_bytes wolfSSL_RAND_pseudo_bytes #define COMP_zlib wolfSSL_COMP_zlib #define COMP_rle wolfSSL_COMP_rle #define SSL_COMP_add_compression_method wolfSSL_COMP_add_compression_method -#define SSL_get_ex_new_index wolfSSL_get_ex_new_index - -/* depreciated */ -#define CRYPTO_thread_id wolfSSL_thread_id -#define CRYPTO_set_id_callback wolfSSL_set_id_callback - -#define CRYPTO_set_locking_callback wolfSSL_set_locking_callback -#define CRYPTO_set_dynlock_create_callback wolfSSL_set_dynlock_create_callback -#define CRYPTO_set_dynlock_lock_callback wolfSSL_set_dynlock_lock_callback -#define CRYPTO_set_dynlock_destroy_callback wolfSSL_set_dynlock_destroy_callback -#define CRYPTO_num_locks wolfSSL_num_locks +#define SSL_get_ex_new_index wolfSSL_get_ex_new_index -#define CRYPTO_LOCK 1 -#define CRYPTO_UNLOCK 2 -#define CRYPTO_READ 4 -#define CRYPTO_WRITE 8 +typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING; -#define X509_STORE_CTX_get_current_cert wolfSSL_X509_STORE_CTX_get_current_cert -#define X509_STORE_add_cert wolfSSL_X509_STORE_add_cert -#define X509_STORE_add_crl wolfSSL_X509_STORE_add_crl -#define X509_STORE_set_flags wolfSSL_X509_STORE_set_flags -#define X509_STORE_CTX_set_verify_cb wolfSSL_X509_STORE_CTX_set_verify_cb -#define X509_STORE_CTX_free wolfSSL_X509_STORE_CTX_free -#define X509_STORE_CTX_new wolfSSL_X509_STORE_CTX_new -#define X509_STORE_CTX_get_chain wolfSSL_X509_STORE_CTX_get_chain -#define X509_STORE_CTX_get_error wolfSSL_X509_STORE_CTX_get_error -#define X509_STORE_CTX_get_error_depth wolfSSL_X509_STORE_CTX_get_error_depth +#define ASN1_TIME_adj wolfSSL_ASN1_TIME_adj +#define ASN1_TIME_print wolfSSL_ASN1_TIME_print +#define ASN1_TIME_to_generalizedtime wolfSSL_ASN1_TIME_to_generalizedtime +#define ASN1_GENERALIZEDTIME_print wolfSSL_ASN1_GENERALIZEDTIME_print +#define ASN1_GENERALIZEDTIME_free wolfSSL_ASN1_GENERALIZEDTIME_free -#define X509_print wolfSSL_X509_print -#define X509_NAME_cmp wolfSSL_X509_NAME_cmp -#define i2d_X509_NAME wolfSSL_i2d_X509_NAME -#define X509_NAME_ENTRY_free wolfSSL_X509_NAME_ENTRY_free -#define X509_NAME_ENTRY_create_by_NID wolfSSL_X509_NAME_ENTRY_create_by_NID -#define X509_NAME_add_entry wolfSSL_X509_NAME_add_entry -#define X509_NAME_oneline wolfSSL_X509_NAME_oneline -#define X509_get_issuer_name wolfSSL_X509_get_issuer_name -#define X509_get_subject_name wolfSSL_X509_get_subject_name -#define X509_verify_cert_error_string wolfSSL_X509_verify_cert_error_string -#define X509_verify_cert wolfSSL_X509_verify_cert +#define ASN1_tag2str wolfSSL_ASN1_tag2str -#define X509_LOOKUP_add_dir wolfSSL_X509_LOOKUP_add_dir -#define X509_LOOKUP_load_file wolfSSL_X509_LOOKUP_load_file -#define X509_LOOKUP_hash_dir wolfSSL_X509_LOOKUP_hash_dir -#define X509_LOOKUP_file wolfSSL_X509_LOOKUP_file +#define i2a_ASN1_INTEGER wolfSSL_i2a_ASN1_INTEGER +#define i2c_ASN1_INTEGER wolfSSL_i2c_ASN1_INTEGER +#define ASN1_INTEGER_new wolfSSL_ASN1_INTEGER_new +#define ASN1_INTEGER_free wolfSSL_ASN1_INTEGER_free +#define ASN1_INTEGER_cmp wolfSSL_ASN1_INTEGER_cmp +#define ASN1_INTEGER_get wolfSSL_ASN1_INTEGER_get +#define ASN1_INTEGER_to_BN wolfSSL_ASN1_INTEGER_to_BN -#define X509_STORE_add_lookup wolfSSL_X509_STORE_add_lookup -#define X509_STORE_new wolfSSL_X509_STORE_new -#define X509_STORE_free wolfSSL_X509_STORE_free -#define X509_STORE_get_by_subject wolfSSL_X509_STORE_get_by_subject -#define X509_STORE_CTX_init wolfSSL_X509_STORE_CTX_init -#define X509_STORE_CTX_cleanup wolfSSL_X509_STORE_CTX_cleanup +#define ASN1_STRING_data wolfSSL_ASN1_STRING_data +#define ASN1_STRING_get0_data wolfSSL_ASN1_STRING_data +#define ASN1_STRING_length wolfSSL_ASN1_STRING_length +#define ASN1_STRING_to_UTF8 wolfSSL_ASN1_STRING_to_UTF8 +#define ASN1_STRING_print_ex wolfSSL_ASN1_STRING_print_ex -#define X509_CRL_get_lastUpdate wolfSSL_X509_CRL_get_lastUpdate -#define X509_CRL_get_nextUpdate wolfSSL_X509_CRL_get_nextUpdate +#define ASN1_UTCTIME_pr wolfSSL_ASN1_UTCTIME_pr -#define X509_get_pubkey wolfSSL_X509_get_pubkey -#define X509_CRL_verify wolfSSL_X509_CRL_verify -#define X509_STORE_CTX_set_error wolfSSL_X509_STORE_CTX_set_error -#define X509_OBJECT_free_contents wolfSSL_X509_OBJECT_free_contents -#define d2i_PUBKEY wolfSSL_d2i_PUBKEY -#define X509_cmp_current_time wolfSSL_X509_cmp_current_time -#define sk_X509_REVOKED_num wolfSSL_sk_X509_REVOKED_num -#define X509_CRL_get_REVOKED wolfSSL_X509_CRL_get_REVOKED -#define sk_X509_REVOKED_value wolfSSL_sk_X509_REVOKED_value -#define X509_get_notBefore(cert) (ASN1_TIME*)wolfSSL_X509_notBefore((cert)) -#define X509_get_notAfter(cert) (ASN1_TIME*)wolfSSL_X509_notAfter((cert)) +#define ASN1_IA5STRING WOLFSSL_ASN1_STRING +#define ASN1_OCTET_STRING WOLFSSL_ASN1_STRING -#define X509_get_serialNumber wolfSSL_X509_get_serialNumber +#define SSL_load_client_CA_file wolfSSL_load_client_CA_file -#define ASN1_TIME_print wolfSSL_ASN1_TIME_print -#define ASN1_GENERALIZEDTIME_print wolfSSL_ASN1_GENERALIZEDTIME_print -#define ASN1_TIME_adj wolfSSL_ASN1_TIME_adj -#define ASN1_GENERALIZEDTIME_free wolfSSL_ASN1_GENERALIZEDTIME_free -#define ASN1_STRING_print_ex wolfSSL_ASN1_STRING_print_ex -#define ASN1_tag2str wolfSSL_ASN1_tag2str -#define ASN1_TIME_to_generalizedtime wolfSSL_ASN1_TIME_to_generalizedtime - -#define ASN1_INTEGER_new wolfSSL_ASN1_INTEGER_new -#define ASN1_INTEGER_free wolfSSL_ASN1_INTEGER_free -#define ASN1_INTEGER_cmp wolfSSL_ASN1_INTEGER_cmp -#define ASN1_INTEGER_get wolfSSL_ASN1_INTEGER_get -#define ASN1_INTEGER_to_BN wolfSSL_ASN1_INTEGER_to_BN -#define ASN1_STRING_to_UTF8 wolfSSL_ASN1_STRING_to_UTF8 - -#define SSL_load_client_CA_file wolfSSL_load_client_CA_file - -#define SSL_CTX_get_client_CA_list wolfSSL_SSL_CTX_get_client_CA_list -#define SSL_CTX_set_client_CA_list wolfSSL_CTX_set_client_CA_list -#define SSL_CTX_set_cert_store wolfSSL_CTX_set_cert_store -#define SSL_CTX_get_cert_store wolfSSL_CTX_get_cert_store -#define X509_STORE_CTX_get_ex_data wolfSSL_X509_STORE_CTX_get_ex_data +#define SSL_CTX_get_client_CA_list wolfSSL_SSL_CTX_get_client_CA_list +#define SSL_CTX_set_client_CA_list wolfSSL_CTX_set_client_CA_list +#define SSL_CTX_set_cert_store wolfSSL_CTX_set_cert_store +#define SSL_CTX_get_cert_store wolfSSL_CTX_get_cert_store #define SSL_get_ex_data_X509_STORE_CTX_idx wolfSSL_get_ex_data_X509_STORE_CTX_idx -#define SSL_get_ex_data wolfSSL_get_ex_data +#define SSL_get_ex_data wolfSSL_get_ex_data #define SSL_CTX_set_default_passwd_cb_userdata wolfSSL_CTX_set_default_passwd_cb_userdata -#define SSL_CTX_set_default_passwd_cb wolfSSL_CTX_set_default_passwd_cb +#define SSL_CTX_set_default_passwd_cb wolfSSL_CTX_set_default_passwd_cb -#define SSL_CTX_set_timeout(ctx, to) wolfSSL_CTX_set_timeout(ctx, (unsigned int) to) -#define SSL_CTX_set_info_callback wolfSSL_CTX_set_info_callback -#define SSL_CTX_set_alpn_protos wolfSSL_CTX_set_alpn_protos -#define ERR_peek_error wolfSSL_ERR_peek_error -#define ERR_peek_last_error_line wolfSSL_ERR_peek_last_error_line -#define ERR_peek_errors_fp wolfSSL_ERR_peek_errors_fp -#define ERR_GET_REASON wolfSSL_ERR_GET_REASON +#define SSL_CTX_set_timeout(ctx, to) \ + wolfSSL_CTX_set_timeout(ctx, (unsigned int) to) +#define SSL_CTX_set_info_callback wolfSSL_CTX_set_info_callback +#define SSL_CTX_set_alpn_protos wolfSSL_CTX_set_alpn_protos -#define SSL_alert_type_string wolfSSL_alert_type_string -#define SSL_alert_desc_string wolfSSL_alert_desc_string -#define SSL_state_string wolfSSL_state_string +#define SSL_alert_type_string wolfSSL_alert_type_string +#define SSL_alert_desc_string wolfSSL_alert_desc_string +#define SSL_state_string wolfSSL_state_string -#define RSA_free wolfSSL_RSA_free -#define RSA_generate_key wolfSSL_RSA_generate_key -#define SSL_CTX_set_tmp_rsa_callback wolfSSL_CTX_set_tmp_rsa_callback +#define RSA_free wolfSSL_RSA_free +#define RSA_generate_key wolfSSL_RSA_generate_key +#define SSL_CTX_set_tmp_rsa_callback wolfSSL_CTX_set_tmp_rsa_callback + +#define PEM_def_callback wolfSSL_PEM_def_callback -#define PEM_def_callback wolfSSL_PEM_def_callback - -#define SSL_CTX_sess_accept wolfSSL_CTX_sess_accept -#define SSL_CTX_sess_connect wolfSSL_CTX_sess_connect -#define SSL_CTX_sess_accept_good wolfSSL_CTX_sess_accept_good -#define SSL_CTX_sess_connect_good wolfSSL_CTX_sess_connect_good +#define SSL_CTX_sess_accept wolfSSL_CTX_sess_accept +#define SSL_CTX_sess_connect wolfSSL_CTX_sess_connect +#define SSL_CTX_sess_accept_good wolfSSL_CTX_sess_accept_good +#define SSL_CTX_sess_connect_good wolfSSL_CTX_sess_connect_good #define SSL_CTX_sess_accept_renegotiate wolfSSL_CTX_sess_accept_renegotiate #define SSL_CTX_sess_connect_renegotiate wolfSSL_CTX_sess_connect_renegotiate -#define SSL_CTX_sess_hits wolfSSL_CTX_sess_hits -#define SSL_CTX_sess_cb_hits wolfSSL_CTX_sess_cb_hits -#define SSL_CTX_sess_cache_full wolfSSL_CTX_sess_cache_full -#define SSL_CTX_sess_misses wolfSSL_CTX_sess_misses -#define SSL_CTX_sess_timeouts wolfSSL_CTX_sess_timeouts -#define SSL_CTX_sess_number wolfSSL_CTX_sess_number -#define SSL_CTX_sess_get_cache_size wolfSSL_CTX_sess_get_cache_size +#define SSL_CTX_sess_hits wolfSSL_CTX_sess_hits +#define SSL_CTX_sess_cb_hits wolfSSL_CTX_sess_cb_hits +#define SSL_CTX_sess_cache_full wolfSSL_CTX_sess_cache_full +#define SSL_CTX_sess_misses wolfSSL_CTX_sess_misses +#define SSL_CTX_sess_timeouts wolfSSL_CTX_sess_timeouts +#define SSL_CTX_sess_number wolfSSL_CTX_sess_number +#define SSL_CTX_sess_get_cache_size wolfSSL_CTX_sess_get_cache_size #define SSL_DEFAULT_CIPHER_LIST WOLFSSL_DEFAULT_CIPHER_LIST #define SSL_CTX_set_psk_client_callback wolfSSL_CTX_set_psk_client_callback -#define SSL_set_psk_client_callback wolfSSL_set_psk_client_callback +#define SSL_set_psk_client_callback wolfSSL_set_psk_client_callback -#define SSL_get_psk_identity_hint wolfSSL_get_psk_identity_hint -#define SSL_get_psk_identity wolfSSL_get_psk_identity +#define SSL_get_psk_identity_hint wolfSSL_get_psk_identity_hint +#define SSL_get_psk_identity wolfSSL_get_psk_identity -#define SSL_CTX_use_psk_identity_hint wolfSSL_CTX_use_psk_identity_hint -#define SSL_use_psk_identity_hint wolfSSL_use_psk_identity_hint +#define SSL_CTX_use_psk_identity_hint wolfSSL_CTX_use_psk_identity_hint +#define SSL_use_psk_identity_hint wolfSSL_use_psk_identity_hint #define SSL_CTX_set_psk_server_callback wolfSSL_CTX_set_psk_server_callback -#define SSL_set_psk_server_callback wolfSSL_set_psk_server_callback +#define SSL_set_psk_server_callback wolfSSL_set_psk_server_callback /* system file ints for ERR_put_error */ #define SYS_F_ACCEPT WOLFSSL_SYS_ACCEPT @@ -469,124 +566,107 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define SYS_F_IOCTLSOCKET WOLFSSL_SYS_IOCTLSOCKET #define SYS_F_LISTEN WOLFSSL_SYS_LISTEN -#define ERR_put_error wolfSSL_ERR_put_error -#define ERR_get_error_line wolfSSL_ERR_get_error_line -#define ERR_get_error_line_data wolfSSL_ERR_get_error_line_data +#define ERR_GET_REASON wolfSSL_ERR_GET_REASON -#define ERR_get_error wolfSSL_ERR_get_error -#define ERR_clear_error wolfSSL_ERR_clear_error +#define ERR_put_error wolfSSL_ERR_put_error +#define ERR_peek_error wolfSSL_ERR_peek_error +#define ERR_peek_errors_fp wolfSSL_ERR_peek_errors_fp +#define ERR_peek_error_line_data wolfSSL_ERR_peek_error_line_data +#define ERR_peek_last_error wolfSSL_ERR_peek_last_error +#define ERR_peek_last_error_line wolfSSL_ERR_peek_last_error_line +#define ERR_get_error_line wolfSSL_ERR_get_error_line +#define ERR_get_error_line_data wolfSSL_ERR_get_error_line_data +#define ERR_get_error wolfSSL_ERR_get_error +#define ERR_print_errors_fp(file) wolfSSL_ERR_dump_errors_fp((file)) +#define ERR_clear_error wolfSSL_ERR_clear_error +#define ERR_free_strings wolfSSL_ERR_free_strings +#define ERR_remove_state wolfSSL_ERR_remove_state +#define ERR_remove_thread_state wolfSSL_ERR_remove_thread_state +#define ERR_error_string wolfSSL_ERR_error_string +#define ERR_error_string_n wolfSSL_ERR_error_string_n +#define ERR_reason_error_string wolfSSL_ERR_reason_error_string +#define ERR_load_BIO_strings wolfSSL_ERR_load_BIO_strings -#define RAND_status wolfSSL_RAND_status -#define RAND_bytes wolfSSL_RAND_bytes -#define RAND_pseudo_bytes wolfSSL_RAND_pseudo_bytes -#define SSLv23_server_method wolfSSLv23_server_method -#define SSL_CTX_set_options wolfSSL_CTX_set_options -#define SSL_CTX_get_options wolfSSL_CTX_get_options -#define SSL_CTX_clear_options wolfSSL_CTX_clear_options +#define SSLv23_server_method wolfSSLv23_server_method +#define SSL_CTX_set_options wolfSSL_CTX_set_options +#define SSL_CTX_get_options wolfSSL_CTX_get_options +#define SSL_CTX_clear_options wolfSSL_CTX_clear_options -#define SSL_CTX_check_private_key wolfSSL_CTX_check_private_key -#define SSL_check_private_key wolfSSL_check_private_key +#define SSL_CTX_check_private_key wolfSSL_CTX_check_private_key +#define SSL_check_private_key wolfSSL_check_private_key -#define ERR_free_strings wolfSSL_ERR_free_strings -#define ERR_remove_state wolfSSL_ERR_remove_state +#define SSL_CTX_set_mode wolfSSL_CTX_set_mode +#define SSL_CTX_get_mode wolfSSL_CTX_get_mode +#define SSL_CTX_set_default_read_ahead wolfSSL_CTX_set_default_read_ahead -#define CRYPTO_cleanup_all_ex_data wolfSSL_cleanup_all_ex_data -#define SSL_CTX_set_mode wolfSSL_CTX_set_mode -#define SSL_CTX_get_mode wolfSSL_CTX_get_mode -#define SSL_CTX_set_default_read_ahead wolfSSL_CTX_set_default_read_ahead - -#define SSL_CTX_sess_set_cache_size wolfSSL_CTX_sess_set_cache_size +#define SSL_CTX_sess_set_cache_size wolfSSL_CTX_sess_set_cache_size #define SSL_CTX_set_default_verify_paths wolfSSL_CTX_set_default_verify_paths -#define SSL_CTX_set_session_id_context wolfSSL_CTX_set_session_id_context -#define SSL_get_peer_certificate wolfSSL_get_peer_certificate -#define SSL_get_peer_cert_chain wolfSSL_get_peer_cert_chain +#define SSL_CTX_set_session_id_context wolfSSL_CTX_set_session_id_context +#define SSL_get_peer_certificate wolfSSL_get_peer_certificate +#define SSL_get_peer_cert_chain wolfSSL_get_peer_cert_chain -#define SSL_want_read wolfSSL_want_read -#define SSL_want_write wolfSSL_want_write +#define SSL_want_read wolfSSL_want_read +#define SSL_want_write wolfSSL_want_write -#define BIO_prf wolfSSL_BIO_prf -#define ASN1_UTCTIME_pr wolfSSL_ASN1_UTCTIME_pr +#define BIO_prf wolfSSL_BIO_prf + +#define sk_num wolfSSL_sk_num +#define sk_value wolfSSL_sk_value -#define sk_num wolfSSL_sk_num -#define sk_value wolfSSL_sk_value -#define sk_X509_pop wolfSSL_sk_X509_pop -#define sk_X509_free wolfSSL_sk_X509_free -#define i2d_X509_bio wolfSSL_i2d_X509_bio -#define d2i_X509_bio wolfSSL_d2i_X509_bio -#define d2i_X509_fp wolfSSL_d2i_X509_fp -#define i2d_X509 wolfSSL_i2d_X509 -#define d2i_X509 wolfSSL_d2i_X509 -#define d2i_PKCS12_bio wolfSSL_d2i_PKCS12_bio -#define d2i_PKCS12_fp wolfSSL_d2i_PKCS12_fp -#define d2i_RSAPublicKey wolfSSL_d2i_RSAPublicKey -#define d2i_RSAPrivateKey wolfSSL_d2i_RSAPrivateKey -#define i2d_RSAPrivateKey wolfSSL_i2d_RSAPrivateKey -#define i2d_RSAPublicKey wolfSSL_i2d_RSAPublicKey -#define d2i_X509_CRL wolfSSL_d2i_X509_CRL -#define d2i_X509_CRL_fp wolfSSL_d2i_X509_CRL_fp -#define X509_CRL_free wolfSSL_X509_CRL_free +#define d2i_PKCS12_bio wolfSSL_d2i_PKCS12_bio +#define d2i_PKCS12_fp wolfSSL_d2i_PKCS12_fp -#define SSL_CTX_get_ex_data wolfSSL_CTX_get_ex_data -#define SSL_CTX_set_ex_data wolfSSL_CTX_set_ex_data -#define SSL_CTX_sess_set_get_cb wolfSSL_CTX_sess_set_get_cb -#define SSL_CTX_sess_set_new_cb wolfSSL_CTX_sess_set_new_cb -#define SSL_CTX_sess_set_remove_cb wolfSSL_CTX_sess_set_remove_cb +#define d2i_RSAPublicKey wolfSSL_d2i_RSAPublicKey +#define d2i_RSAPrivateKey wolfSSL_d2i_RSAPrivateKey +#define i2d_RSAPrivateKey wolfSSL_i2d_RSAPrivateKey +#define i2d_RSAPublicKey wolfSSL_i2d_RSAPublicKey -#define i2d_SSL_SESSION wolfSSL_i2d_SSL_SESSION -#define d2i_SSL_SESSION wolfSSL_d2i_SSL_SESSION -#define SSL_SESSION_set_timeout wolfSSL_SSL_SESSION_set_timeout -#define SSL_SESSION_get_timeout wolfSSL_SESSION_get_timeout -#define SSL_SESSION_get_time wolfSSL_SESSION_get_time -#define SSL_CTX_get_ex_new_index wolfSSL_CTX_get_ex_new_index -#define PEM_read_bio_X509 wolfSSL_PEM_read_bio_X509 -#define PEM_read_bio_X509_AUX wolfSSL_PEM_read_bio_X509_AUX -#define PEM_read_X509_CRL wolfSSL_PEM_read_X509_CRL -#define PEM_read_X509 wolfSSL_PEM_read_X509 +#define SSL_CTX_get_ex_data wolfSSL_CTX_get_ex_data +#define SSL_CTX_set_ex_data wolfSSL_CTX_set_ex_data +#define SSL_CTX_sess_set_get_cb wolfSSL_CTX_sess_set_get_cb +#define SSL_CTX_sess_set_new_cb wolfSSL_CTX_sess_set_new_cb +#define SSL_CTX_sess_set_remove_cb wolfSSL_CTX_sess_set_remove_cb + +#define i2d_SSL_SESSION wolfSSL_i2d_SSL_SESSION +#define d2i_SSL_SESSION wolfSSL_d2i_SSL_SESSION +#define SSL_SESSION_set_timeout wolfSSL_SSL_SESSION_set_timeout +#define SSL_SESSION_get_timeout wolfSSL_SESSION_get_timeout +#define SSL_SESSION_get_time wolfSSL_SESSION_get_time +#define SSL_CTX_get_ex_new_index wolfSSL_CTX_get_ex_new_index +#define PEM_read wolfSSL_PEM_read +#define PEM_write wolfSSL_PEM_write +#define PEM_get_EVP_CIPHER_INFO wolfSSL_PEM_get_EVP_CIPHER_INFO +#define PEM_do_header wolfSSL_PEM_do_header /*#if OPENSSL_API_COMPAT < 0x10100000L*/ #define CONF_modules_free() #define ENGINE_cleanup() -#define HMAC_CTX_cleanup wolfSSL_HMAC_cleanup -#define SSL_CTX_need_tmp_RSA(ctx) 0 -#define SSL_CTX_set_tmp_rsa(ctx,rsa) 1 -#define SSL_need_tmp_RSA(ssl) 0 -#define SSL_set_tmp_rsa(ssl,rsa) 1 +#define HMAC_CTX_cleanup wolfSSL_HMAC_cleanup +#define SSL_CTX_need_tmp_RSA(ctx) 0 +#define SSL_CTX_set_tmp_rsa(ctx,rsa) 1 +#define SSL_need_tmp_RSA(ssl) 0 +#define SSL_set_tmp_rsa(ssl,rsa) 1 /*#endif*/ #define CONF_modules_unload(a) -#define SSL_get_hit wolfSSL_session_reused +#define SSL_get_hit wolfSSL_session_reused /* yassl had set the default to be 500 */ -#define SSL_get_default_timeout(ctx) 500 +#define SSL_get_default_timeout(ctx) 500 -#define X509_NAME_free wolfSSL_X509_NAME_free -#define X509_NAME_new wolfSSL_X509_NAME_new +#define SSL_CTX_use_certificate wolfSSL_CTX_use_certificate +#define SSL_CTX_use_PrivateKey wolfSSL_CTX_use_PrivateKey +#define BIO_read_filename wolfSSL_BIO_read_filename +#define BIO_s_file wolfSSL_BIO_s_file +#define SSL_CTX_set_verify_depth wolfSSL_CTX_set_verify_depth +#define SSL_set_verify_depth wolfSSL_set_verify_depth +#define SSL_get_app_data wolfSSL_get_app_data +#define SSL_set_app_data wolfSSL_set_app_data +#define SHA1 wolfSSL_SHA1 - typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; - -#define SSL_CTX_use_certificate wolfSSL_CTX_use_certificate -#define SSL_CTX_use_PrivateKey wolfSSL_CTX_use_PrivateKey -#define BIO_read_filename wolfSSL_BIO_read_filename -#define BIO_s_file wolfSSL_BIO_s_file -#define SSL_CTX_set_verify_depth wolfSSL_CTX_set_verify_depth -#define SSL_set_verify_depth wolfSSL_set_verify_depth -#define SSL_get_app_data wolfSSL_get_app_data -#define SSL_set_app_data wolfSSL_set_app_data -#define X509_NAME_entry_count wolfSSL_X509_NAME_entry_count -#define X509_NAME_ENTRY_get_object wolfSSL_X509_NAME_ENTRY_get_object -#define X509_NAME_get_entry wolfSSL_X509_NAME_get_entry -#define ASN1_STRING_data wolfSSL_ASN1_STRING_data -#define ASN1_STRING_length wolfSSL_ASN1_STRING_length -#define X509_NAME_get_index_by_NID wolfSSL_X509_NAME_get_index_by_NID -#define X509_NAME_ENTRY_get_data wolfSSL_X509_NAME_ENTRY_get_data -#define sk_X509_NAME_pop_free wolfSSL_sk_X509_NAME_pop_free -#define SHA1 wolfSSL_SHA1 - -#define X509_check_private_key wolfSSL_X509_check_private_key -#define SSL_dup_CA_list wolfSSL_dup_CA_list -#define X509_check_ca wolfSSL_X509_check_ca +#define SSL_dup_CA_list wolfSSL_dup_CA_list enum { GEN_DNS = 0x02, /* ASN_DNS_TYPE */ @@ -594,26 +674,20 @@ enum { GEN_URI = 0x06 /* ASN_URI_TYPE */ }; -#define PEM_write_bio_X509_REQ wolfSSL_PEM_write_bio_X509_REQ -#define PEM_write_bio_X509_AUX wolfSSL_PEM_write_bio_X509_AUX - -#define PEM_read_bio_DHparams wolfSSL_PEM_read_bio_DHparams -#define PEM_read_bio_DSAparams wolfSSL_PEM_read_bio_DSAparams -#define PEM_write_bio_X509 wolfSSL_PEM_write_bio_X509 -#define PEM_write_bio_X509_REQ wolfSSL_PEM_write_bio_X509_REQ -#define PEM_write_bio_X509_AUX wolfSSL_PEM_write_bio_X509_AUX +#define PEM_read_bio_DHparams wolfSSL_PEM_read_bio_DHparams +#define PEM_read_bio_DSAparams wolfSSL_PEM_read_bio_DSAparams #if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY) -#define SSL_get_rbio wolfSSL_SSL_get_rbio -#define SSL_get_wbio wolfSSL_SSL_get_wbio -#define SSL_do_handshake wolfSSL_SSL_do_handshake -#define SSL_get_ciphers(x) wolfSSL_get_ciphers_compat(x) -#define SSL_SESSION_get_id wolfSSL_SESSION_get_id -#define ASN1_STRING_get0_data wolfSSL_ASN1_STRING_data -#define SSL_get_cipher_bits(s,np) wolfSSL_CIPHER_get_bits(SSL_get_current_cipher(s),np) -#define sk_SSL_CIPHER_num wolfSSL_sk_SSL_CIPHER_num -#define sk_SSL_COMP_zero wolfSSL_sk_SSL_COMP_zero -#define sk_SSL_CIPHER_value wolfSSL_sk_SSL_CIPHER_value +#define SSL_get_rbio wolfSSL_SSL_get_rbio +#define SSL_get_wbio wolfSSL_SSL_get_wbio +#define SSL_do_handshake wolfSSL_SSL_do_handshake +#define SSL_get_ciphers(x) wolfSSL_get_ciphers_compat(x) +#define SSL_SESSION_get_id wolfSSL_SESSION_get_id +#define SSL_get_cipher_bits(s,np) \ + wolfSSL_CIPHER_get_bits(SSL_get_current_cipher(s),np) +#define sk_SSL_CIPHER_num wolfSSL_sk_SSL_CIPHER_num +#define sk_SSL_COMP_zero wolfSSL_sk_SSL_COMP_zero +#define sk_SSL_CIPHER_value wolfSSL_sk_SSL_CIPHER_value #endif /* OPENSSL_ALL || WOLFSSL_HAPROXY */ #if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) @@ -629,75 +703,73 @@ typedef STACK_OF(WOLFSSL_ASN1_OBJECT) GENERAL_NAMES; #define V_ASN1_IA5STRING 22 #define SSL_CTRL_MODE 33 -#define SSL_CTX_clear_chain_certs(ctx) SSL_CTX_set0_chain(ctx,NULL) -#define d2i_RSAPrivateKey_bio wolfSSL_d2i_RSAPrivateKey_bio -#define SSL_CTX_use_RSAPrivateKey wolfSSL_CTX_use_RSAPrivateKey -#define d2i_PrivateKey_bio wolfSSL_d2i_PrivateKey_bio -#define ASN1_IA5STRING WOLFSSL_ASN1_STRING -#define ASN1_OCTET_STRING WOLFSSL_ASN1_STRING -#define BIO_new_bio_pair wolfSSL_BIO_new_bio_pair -#define SSL_get_verify_callback wolfSSL_get_verify_callback +#define SSL_CTX_clear_chain_certs(ctx) SSL_CTX_set0_chain(ctx,NULL) +#define d2i_RSAPrivateKey_bio wolfSSL_d2i_RSAPrivateKey_bio +#define SSL_CTX_use_RSAPrivateKey wolfSSL_CTX_use_RSAPrivateKey +#define d2i_PrivateKey_bio wolfSSL_d2i_PrivateKey_bio +#define BIO_new_bio_pair wolfSSL_BIO_new_bio_pair +#define SSL_get_verify_callback wolfSSL_get_verify_callback #define GENERAL_NAMES_free(GENERAL_NAMES)NULL -#define SSL_set_mode(ssl,op) wolfSSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL) +#define SSL_set_mode(ssl,op) wolfSSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL) -#define SSL_CTX_use_certificate_ASN1 wolfSSL_CTX_use_certificate_ASN1 +#define SSL_CTX_use_certificate_ASN1 wolfSSL_CTX_use_certificate_ASN1 #define SSL_CTX_set0_chain(ctx,sk) \ - wolfSSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN,0,(char *)(sk)) -#define SSL_CTX_get_app_data(ctx) wolfSSL_CTX_get_ex_data(ctx,0) -#define SSL_CTX_set_app_data(ctx,arg) wolfSSL_CTX_set_ex_data(ctx,0, \ - (char *)(arg)) + wolfSSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN,0,(char *)(sk)) +#define SSL_CTX_get_app_data(ctx) wolfSSL_CTX_get_ex_data(ctx,0) +#define SSL_CTX_set_app_data(ctx,arg) wolfSSL_CTX_set_ex_data(ctx,0, \ + (char *)(arg)) #endif /* OPENSSL_ALL || WOLFSSL_ASIO */ -#define SSL_CTX_set_tmp_dh wolfSSL_CTX_set_tmp_dh +#define SSL_CTX_set_tmp_dh wolfSSL_CTX_set_tmp_dh -#define BIO_new_file wolfSSL_BIO_new_file -#define BIO_ctrl wolfSSL_BIO_ctrl -#define BIO_ctrl_pending wolfSSL_BIO_ctrl_pending -#define BIO_wpending wolfSSL_BIO_wpending -#define BIO_get_mem_ptr wolfSSL_BIO_get_mem_ptr -#define BIO_int_ctrl wolfSSL_BIO_int_ctrl -#define BIO_reset wolfSSL_BIO_reset -#define BIO_s_file wolfSSL_BIO_s_file -#define BIO_s_bio wolfSSL_BIO_s_bio -#define BIO_s_socket wolfSSL_BIO_s_socket -#define BIO_set_fd wolfSSL_BIO_set_fd -#define BIO_ctrl_reset_read_request wolfSSL_BIO_ctrl_reset_read_request +#define BIO_new_file wolfSSL_BIO_new_file +#define BIO_ctrl wolfSSL_BIO_ctrl +#define BIO_ctrl_pending wolfSSL_BIO_ctrl_pending +#define BIO_wpending wolfSSL_BIO_wpending +#define BIO_get_mem_ptr wolfSSL_BIO_get_mem_ptr +#define BIO_int_ctrl wolfSSL_BIO_int_ctrl +#define BIO_reset wolfSSL_BIO_reset +#define BIO_s_file wolfSSL_BIO_s_file +#define BIO_s_bio wolfSSL_BIO_s_bio +#define BIO_s_socket wolfSSL_BIO_s_socket +#define BIO_set_fd wolfSSL_BIO_set_fd +#define BIO_ctrl_reset_read_request wolfSSL_BIO_ctrl_reset_read_request -#define BIO_set_write_buf_size wolfSSL_BIO_set_write_buf_size -#define BIO_make_bio_pair wolfSSL_BIO_make_bio_pair +#define BIO_set_write_buf_size wolfSSL_BIO_set_write_buf_size +#define BIO_make_bio_pair wolfSSL_BIO_make_bio_pair -#define BIO_set_fp wolfSSL_BIO_set_fp -#define BIO_get_fp wolfSSL_BIO_get_fp -#define BIO_seek wolfSSL_BIO_seek -#define BIO_write_filename wolfSSL_BIO_write_filename -#define BIO_set_mem_eof_return wolfSSL_BIO_set_mem_eof_return +#define BIO_set_fp wolfSSL_BIO_set_fp +#define BIO_get_fp wolfSSL_BIO_get_fp +#define BIO_seek wolfSSL_BIO_seek +#define BIO_write_filename wolfSSL_BIO_write_filename +#define BIO_set_mem_eof_return wolfSSL_BIO_set_mem_eof_return #define TLSEXT_STATUSTYPE_ocsp 1 -#define SSL_set_options wolfSSL_set_options -#define SSL_get_options wolfSSL_get_options -#define SSL_clear_options wolfSSL_clear_options -#define SSL_set_tmp_dh wolfSSL_set_tmp_dh +#define SSL_set_options wolfSSL_set_options +#define SSL_get_options wolfSSL_get_options +#define SSL_clear_options wolfSSL_clear_options +#define SSL_set_tmp_dh wolfSSL_set_tmp_dh #define SSL_clear_num_renegotiations wolfSSL_clear_num_renegotiations -#define SSL_total_renegotiations wolfSSL_total_renegotiations +#define SSL_total_renegotiations wolfSSL_total_renegotiations #define SSL_set_tlsext_debug_arg wolfSSL_set_tlsext_debug_arg #define SSL_set_tlsext_status_type wolfSSL_set_tlsext_status_type #define SSL_set_tlsext_status_exts wolfSSL_set_tlsext_status_exts #define SSL_get_tlsext_status_ids wolfSSL_get_tlsext_status_ids #define SSL_set_tlsext_status_ids wolfSSL_set_tlsext_status_ids -#define SSL_get_tlsext_status_ocsp_resp wolfSSL_get_tlsext_status_ocsp_resp -#define SSL_set_tlsext_status_ocsp_resp wolfSSL_set_tlsext_status_ocsp_resp - -#define SSL_CTX_add_extra_chain_cert wolfSSL_CTX_add_extra_chain_cert -#define SSL_CTX_get_read_ahead wolfSSL_CTX_get_read_ahead -#define SSL_CTX_set_read_ahead wolfSSL_CTX_set_read_ahead -#define SSL_CTX_set_tlsext_status_arg wolfSSL_CTX_set_tlsext_status_arg +#define SSL_get_tlsext_status_ocsp_res wolfSSL_get_tlsext_status_ocsp_resp +#define SSL_set_tlsext_status_ocsp_res wolfSSL_set_tlsext_status_ocsp_resp + +#define SSL_CTX_add_extra_chain_cert wolfSSL_CTX_add_extra_chain_cert +#define SSL_CTX_get_read_ahead wolfSSL_CTX_get_read_ahead +#define SSL_CTX_set_read_ahead wolfSSL_CTX_set_read_ahead +#define SSL_CTX_set_tlsext_status_arg wolfSSL_CTX_set_tlsext_status_arg #define SSL_CTX_set_tlsext_opaque_prf_input_callback_arg \ - wolfSSL_CTX_set_tlsext_opaque_prf_input_callback_arg -#define SSL_get_server_random wolfSSL_get_server_random + wolfSSL_CTX_set_tlsext_opaque_prf_input_callback_arg +#define SSL_get_server_random wolfSSL_get_server_random -#define SSL_get_tlsext_status_exts wolfSSL_get_tlsext_status_exts +#define SSL_get_tlsext_status_exts wolfSSL_get_tlsext_status_exts #define BIO_C_SET_FILE_PTR 106 #define BIO_C_GET_FILE_PTR 107 @@ -737,17 +809,10 @@ typedef STACK_OF(WOLFSSL_ASN1_OBJECT) GENERAL_NAMES; #define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82 -#define SSL_ctrl wolfSSL_ctrl -#define SSL_CTX_ctrl wolfSSL_CTX_ctrl +#define SSL_ctrl wolfSSL_ctrl +#define SSL_CTX_ctrl wolfSSL_CTX_ctrl -#define X509_V_FLAG_CRL_CHECK WOLFSSL_CRL_CHECK -#define X509_V_FLAG_CRL_CHECK_ALL WOLFSSL_CRL_CHECKALL - -#define X509_V_FLAG_USE_CHECK_TIME WOLFSSL_USE_CHECK_TIME -#define X509_V_FLAG_NO_CHECK_TIME WOLFSSL_NO_CHECK_TIME -#define X509_CHECK_FLAG_NO_WILDCARDS WOLFSSL_NO_WILDCARDS - -#define SSL3_RANDOM_SIZE 32 /* same as RAN_LEN in internal.h */ +#define SSL3_RANDOM_SIZE 32 /* same as RAN_LEN in internal.h */ #if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(OPENSSL_EXTRA) \ || defined(OPENSSL_ALL) #include @@ -760,59 +825,48 @@ typedef STACK_OF(WOLFSSL_ASN1_OBJECT) GENERAL_NAMES; #define SSL3_ST_SR_CLNT_HELLO_A (0x110|0x2000) #define ASN1_STRFLGS_ESC_MSB 4 -#define SSL_MAX_MASTER_KEY_LENGTH WOLFSSL_MAX_MASTER_KEY_LENGTH +#define SSL_MAX_MASTER_KEY_LENGTH WOLFSSL_MAX_MASTER_KEY_LENGTH -#define SSL_alert_desc_string_long wolfSSL_alert_desc_string_long -#define SSL_alert_type_string_long wolfSSL_alert_type_string_long -#define SSL_CIPHER_get_bits wolfSSL_CIPHER_get_bits -#define sk_X509_NAME_num wolfSSL_sk_X509_NAME_num -#define sk_GENERAL_NAME_num wolfSSL_sk_GENERAL_NAME_num -#define sk_X509_num wolfSSL_sk_X509_num -#define X509_NAME_print_ex wolfSSL_X509_NAME_print_ex -#define X509_get0_pubkey_bitstr wolfSSL_X509_get0_pubkey_bitstr -#define SSL_CTX_get_options wolfSSL_CTX_get_options +#define SSL_alert_desc_string_long wolfSSL_alert_desc_string_long +#define SSL_alert_type_string_long wolfSSL_alert_type_string_long +#define SSL_CIPHER_get_bits wolfSSL_CIPHER_get_bits +#define sk_GENERAL_NAME_num wolfSSL_sk_GENERAL_NAME_num +#define SSL_CTX_get_options wolfSSL_CTX_get_options -#define SSL_CTX_flush_sessions wolfSSL_flush_sessions -#define SSL_CTX_add_session wolfSSL_CTX_add_session -#define SSL_version wolfSSL_version -#define SSL_get_state wolfSSL_get_state -#define SSL_state_string_long wolfSSL_state_string_long +#define SSL_CTX_flush_sessions wolfSSL_flush_sessions +#define SSL_CTX_add_session wolfSSL_CTX_add_session +#define SSL_version wolfSSL_version +#define SSL_get_state wolfSSL_get_state +#define SSL_state_string_long wolfSSL_state_string_long -#define sk_X509_NAME_value wolfSSL_sk_X509_NAME_value -#define sk_X509_value wolfSSL_sk_X509_value -#define sk_GENERAL_NAME_value wolfSSL_sk_GENERAL_NAME_value -#define SSL_SESSION_get_ex_data wolfSSL_SESSION_get_ex_data -#define SSL_SESSION_set_ex_data wolfSSL_SESSION_set_ex_data -#define SSL_SESSION_get_ex_new_index wolfSSL_SESSION_get_ex_new_index -#define SSL_SESSION_get_id wolfSSL_SESSION_get_id -#define CRYPTO_dynlock_value WOLFSSL_dynlock_value -typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING; -#define X509_STORE_get1_certs wolfSSL_X509_STORE_get1_certs -#define sk_X509_pop_free wolfSSL_sk_X509_pop_free -#define sk_GENERAL_NAME_pop_free wolfSSL_sk_GENERAL_NAME_pop_free -#define GENERAL_NAME_free NULL +#define sk_GENERAL_NAME_value wolfSSL_sk_GENERAL_NAME_value +#define SSL_SESSION_get_ex_data wolfSSL_SESSION_get_ex_data +#define SSL_SESSION_set_ex_data wolfSSL_SESSION_set_ex_data +#define SSL_SESSION_get_ex_new_index wolfSSL_SESSION_get_ex_new_index +#define SSL_SESSION_get_id wolfSSL_SESSION_get_id +#define sk_GENERAL_NAME_pop_free wolfSSL_sk_GENERAL_NAME_pop_free +#define GENERAL_NAME_free NULL -#define SSL3_AL_FATAL 2 -#define SSL_TLSEXT_ERR_OK 0 -#define SSL_TLSEXT_ERR_ALERT_FATAL alert_fatal -#define SSL_TLSEXT_ERR_NOACK alert_warning -#define TLSEXT_NAMETYPE_host_name WOLFSSL_SNI_HOST_NAME +#define SSL3_AL_FATAL 2 +#define SSL_TLSEXT_ERR_OK 0 +#define SSL_TLSEXT_ERR_ALERT_FATAL alert_fatal +#define SSL_TLSEXT_ERR_NOACK alert_warning +#define TLSEXT_NAMETYPE_host_name WOLFSSL_SNI_HOST_NAME -#define SSL_set_tlsext_host_name wolfSSL_set_tlsext_host_name -#define SSL_get_servername wolfSSL_get_servername -#define SSL_set_SSL_CTX wolfSSL_set_SSL_CTX -#define SSL_CTX_get_verify_callback wolfSSL_CTX_get_verify_callback +#define SSL_set_tlsext_host_name wolfSSL_set_tlsext_host_name +#define SSL_get_servername wolfSSL_get_servername +#define SSL_set_SSL_CTX wolfSSL_set_SSL_CTX +#define SSL_CTX_get_verify_callback wolfSSL_CTX_get_verify_callback #define SSL_CTX_set_tlsext_servername_callback wolfSSL_CTX_set_tlsext_servername_callback -#define SSL_CTX_set_tlsext_servername_arg wolfSSL_CTX_set_servername_arg +#define SSL_CTX_set_tlsext_servername_arg wolfSSL_CTX_set_servername_arg -#define PSK_MAX_PSK_LEN 256 -#define PSK_MAX_IDENTITY_LEN 128 -#define ERR_remove_thread_state wolfSSL_ERR_remove_thread_state -#define SSL_CTX_clear_options wolfSSL_CTX_clear_options +#define PSK_MAX_PSK_LEN 256 +#define PSK_MAX_IDENTITY_LEN 128 +#define SSL_CTX_clear_options wolfSSL_CTX_clear_options #endif /* HAVE_STUNNEL || WOLFSSL_NGINX */ -#define SSL_CTX_get_default_passwd_cb wolfSSL_CTX_get_default_passwd_cb +#define SSL_CTX_get_default_passwd_cb wolfSSL_CTX_get_default_passwd_cb #define SSL_CTX_get_default_passwd_cb_userdata wolfSSL_CTX_get_default_passwd_cb_userdata #define SSL_CTX_set_msg_callback wolfSSL_CTX_set_msg_callback @@ -871,59 +925,37 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING; #define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72 #endif -#define OPENSSL_config wolfSSL_OPENSSL_config -#define OPENSSL_memdup wolfSSL_OPENSSL_memdup -#define X509_get_ex_new_index wolfSSL_X509_get_ex_new_index -#define X509_get_ex_data wolfSSL_X509_get_ex_data -#define X509_set_ex_data wolfSSL_X509_set_ex_data -#define X509_NAME_digest wolfSSL_X509_NAME_digest -#define SSL_CTX_get_timeout wolfSSL_SSL_CTX_get_timeout -#define SSL_CTX_set_tmp_ecdh wolfSSL_SSL_CTX_set_tmp_ecdh -#define SSL_CTX_remove_session wolfSSL_SSL_CTX_remove_session -#define SSL_get_rbio wolfSSL_SSL_get_rbio -#define SSL_get_wbio wolfSSL_SSL_get_wbio -#define SSL_do_handshake wolfSSL_SSL_do_handshake -#define SSL_in_init wolfSSL_SSL_in_init -#define SSL_get0_session wolfSSL_SSL_get0_session -#define X509_check_host wolfSSL_X509_check_host -#define i2a_ASN1_INTEGER wolfSSL_i2a_ASN1_INTEGER -#define ERR_peek_error_line_data wolfSSL_ERR_peek_error_line_data -#define ERR_load_BIO_strings wolfSSL_ERR_load_BIO_strings -#define SSL_CTX_set_tlsext_ticket_key_cb wolfSSL_CTX_set_tlsext_ticket_key_cb -#define X509_email_free wolfSSL_X509_email_free -#define X509_get1_ocsp wolfSSL_X509_get1_ocsp -#define SSL_CTX_set_tlsext_status_cb wolfSSL_CTX_set_tlsext_status_cb -#define X509_check_issued wolfSSL_X509_check_issued -#define X509_dup wolfSSL_X509_dup -#define X509_STORE_CTX_new wolfSSL_X509_STORE_CTX_new -#define X509_STORE_CTX_free wolfSSL_X509_STORE_CTX_free -#define SSL_CTX_get_extra_chain_certs wolfSSL_CTX_get_extra_chain_certs -#define X509_STORE_CTX_get1_issuer wolfSSL_X509_STORE_CTX_get1_issuer -#define sk_OPENSSL_STRING_value wolfSSL_sk_WOLFSSL_STRING_value -#define SSL_get0_alpn_selected wolfSSL_get0_alpn_selected -#define SSL_select_next_proto wolfSSL_select_next_proto -#define SSL_CTX_set_alpn_select_cb wolfSSL_CTX_set_alpn_select_cb -#define SSL_CTX_set_next_protos_advertised_cb wolfSSL_CTX_set_next_protos_advertised_cb -#define SSL_CTX_set_next_proto_select_cb wolfSSL_CTX_set_next_proto_select_cb -#define SSL_get0_next_proto_negotiated wolfSSL_get0_next_proto_negotiated -#define SSL_is_server wolfSSL_is_server -#define SSL_CTX_set1_curves_list wolfSSL_CTX_set1_curves_list +#define OPENSSL_config wolfSSL_OPENSSL_config +#define OPENSSL_memdup wolfSSL_OPENSSL_memdup +#define SSL_CTX_get_timeout wolfSSL_SSL_CTX_get_timeout +#define SSL_CTX_set_tmp_ecdh wolfSSL_SSL_CTX_set_tmp_ecdh +#define SSL_CTX_remove_session wolfSSL_SSL_CTX_remove_session +#define SSL_get_rbio wolfSSL_SSL_get_rbio +#define SSL_get_wbio wolfSSL_SSL_get_wbio +#define SSL_do_handshake wolfSSL_SSL_do_handshake +#define SSL_in_init wolfSSL_SSL_in_init +#define SSL_get0_session wolfSSL_SSL_get0_session +#define SSL_CTX_set_tlsext_ticket_key_cb wolfSSL_CTX_set_tlsext_ticket_key_cb +#define SSL_CTX_set_tlsext_status_cb wolfSSL_CTX_set_tlsext_status_cb +#define SSL_CTX_get_extra_chain_certs wolfSSL_CTX_get_extra_chain_certs +#define sk_OPENSSL_STRING_value wolfSSL_sk_WOLFSSL_STRING_value +#define SSL_get0_alpn_selected wolfSSL_get0_alpn_selected +#define SSL_select_next_proto wolfSSL_select_next_proto +#define SSL_CTX_set_alpn_select_cb wolfSSL_CTX_set_alpn_select_cb +#define SSL_CTX_set_next_protos_advertised_cb wolfSSL_CTX_set_next_protos_advertised_cb +#define SSL_CTX_set_next_proto_select_cb wolfSSL_CTX_set_next_proto_select_cb +#define SSL_get0_next_proto_negotiated wolfSSL_get0_next_proto_negotiated +#define SSL_is_server wolfSSL_is_server +#define SSL_CTX_set1_curves_list wolfSSL_CTX_set1_curves_list #endif /* WOLFSSL_NGINX || WOLFSSL_HAPROXY || WOLFSSL_MYSQL_COMPATIBLE || OPENSSL_ALL || HAVE_LIGHTY */ #ifdef OPENSSL_EXTRA -#define X509_STORE_CTX_set_time wolfSSL_X509_STORE_CTX_set_time -#define SSL_CTX_add_client_CA wolfSSL_CTX_add_client_CA -#define SSL_CTX_set_srp_password wolfSSL_CTX_set_srp_password -#define SSL_CTX_set_srp_username wolfSSL_CTX_set_srp_username -#define i2c_ASN1_INTEGER wolfSSL_i2c_ASN1_INTEGER -#define X509_NAME_ENTRY_get_object wolfSSL_X509_NAME_ENTRY_get_object -#define SSL_get_SSL_CTX wolfSSL_get_SSL_CTX -#define ERR_peek_last_error wolfSSL_ERR_peek_last_error -#ifndef WOLFSSL_HAPROXY -#define X509_get_version wolfSSL_X509_get_version -#endif +#define SSL_CTX_add_client_CA wolfSSL_CTX_add_client_CA +#define SSL_CTX_set_srp_password wolfSSL_CTX_set_srp_password +#define SSL_CTX_set_srp_username wolfSSL_CTX_set_srp_username +#define SSL_get_SSL_CTX wolfSSL_get_SSL_CTX #define ERR_NUM_ERRORS 16 #define EVP_PKEY_RSA 6 @@ -933,9 +965,9 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING; #define NID_pkcs9_emailAddress 48 #define OBJ_pkcs9_emailAddress 1L,2L,840L,113539L,1L,9L,1L -#define SSL_get_rbio wolfSSL_SSL_get_rbio -#define SSL_get_wbio wolfSSL_SSL_get_wbio -#define SSL_do_handshake wolfSSL_SSL_do_handshake +#define SSL_get_rbio wolfSSL_SSL_get_rbio +#define SSL_get_wbio wolfSSL_SSL_get_wbio +#define SSL_do_handshake wolfSSL_SSL_do_handshake #endif /* OPENSSL_EXTRA */ #ifdef __cplusplus diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index d1deb8722..1f6a22649 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -922,12 +922,18 @@ WOLFSSL_API unsigned char* wolfSSL_X509_get_authorityKeyID( WOLFSSL_X509*, unsigned char*, int*); WOLFSSL_API unsigned char* wolfSSL_X509_get_subjectKeyID( WOLFSSL_X509*, unsigned char*, int*); + +WOLFSSL_API int wolfSSL_X509_set_subject_name(WOLFSSL_X509*, + WOLFSSL_X509_NAME*); +WOLFSSL_API int wolfSSL_X509_set_pubkey(WOLFSSL_X509*, WOLFSSL_EVP_PKEY*); + WOLFSSL_API int wolfSSL_X509_NAME_entry_count(WOLFSSL_X509_NAME*); WOLFSSL_API int wolfSSL_X509_NAME_get_text_by_NID( WOLFSSL_X509_NAME*, int, char*, int); WOLFSSL_API int wolfSSL_X509_NAME_get_index_by_NID( WOLFSSL_X509_NAME*, int, int); WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_X509_NAME_ENTRY_get_data(WOLFSSL_X509_NAME_ENTRY*); + WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_ASN1_STRING_new(void); WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_ASN1_STRING_type_new(int type); WOLFSSL_API void wolfSSL_ASN1_STRING_free(WOLFSSL_ASN1_STRING* asn1); @@ -2614,6 +2620,9 @@ WOLFSSL_API WOLFSSL_X509_NAME_ENTRY* wolfSSL_X509_NAME_ENTRY_create_by_NID( unsigned char* data, int dataSz); WOLFSSL_API int wolfSSL_X509_NAME_add_entry(WOLFSSL_X509_NAME* name, WOLFSSL_X509_NAME_ENTRY* entry, int idx, int set); +WOLFSSL_API int wolfSSL_X509_NAME_add_entry_by_txt(WOLFSSL_X509_NAME *name, + const char *field, int type, const unsigned char *bytes, int len, int loc, + int set); WOLFSSL_API int wolfSSL_X509_NAME_cmp(const WOLFSSL_X509_NAME* x, const WOLFSSL_X509_NAME* y); WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_NAME_new(void); @@ -2661,9 +2670,14 @@ WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X50 WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_AUX (WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u); #ifndef NO_FILESYSTEM -WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_PEM_read_X509_CRL(XFILE fp, WOLFSSL_X509_CRL **x, - pem_password_cb *cb, void *u); +WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_PEM_read_X509_CRL(XFILE fp, + WOLFSSL_X509_CRL **x, pem_password_cb *cb, void *u); #endif +WOLFSSL_API int wolfSSL_PEM_get_EVP_CIPHER_INFO(char* header, + EncryptedInfo* cipher); +WOLFSSL_API int wolfSSL_PEM_do_header(EncryptedInfo* cipher, + unsigned char* data, long* len, + pem_password_cb* callback, void* ctx); /*lighttp compatibility */ @@ -2731,6 +2745,18 @@ WOLFSSL_API int wolfSSL_PEM_write_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 *x); #endif /* HAVE_STUNNEL || HAVE_LIGHTY */ +#ifdef OPENSSL_ALL +WOLFSSL_API int wolfSSL_i2d_X509_REQ(WOLFSSL_X509* req, unsigned char** out); +WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_REQ_new(void); +WOLFSSL_API void wolfSSL_X509_REQ_free(WOLFSSL_X509* req); +WOLFSSL_API int wolfSSL_X509_REQ_sign(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey, + const WOLFSSL_EVP_MD *md); +WOLFSSL_API int wolfSSL_X509_REQ_set_subject_name(WOLFSSL_X509 *req, + WOLFSSL_X509_NAME *name); +WOLFSSL_API int wolfSSL_X509_REQ_set_pubkey(WOLFSSL_X509 *req, + WOLFSSL_EVP_PKEY *pkey); +#endif + #if defined(OPENSSL_ALL) \ || defined(HAVE_STUNNEL) \ @@ -2770,6 +2796,7 @@ WOLFSSL_API int wolfSSL_CIPHER_get_bits(const WOLFSSL_CIPHER *c, int *alg_bits); WOLFSSL_API int wolfSSL_sk_X509_NAME_num(const WOLF_STACK_OF(WOLFSSL_X509_NAME) *s); +WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_X509_new(void); WOLFSSL_API int wolfSSL_sk_X509_num(const WOLF_STACK_OF(WOLFSSL_X509) *s); WOLFSSL_API int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO*,WOLFSSL_X509_NAME*,int, @@ -3021,6 +3048,16 @@ WOLFSSL_API WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_to_generalizedtime(WOLFSSL_ASN1 WOLFSSL_API int wolfSSL_i2c_ASN1_INTEGER(WOLFSSL_ASN1_INTEGER *a, unsigned char **pp); WOLFSSL_API int wolfSSL_X509_CA_num(WOLFSSL_X509_STORE *store); WOLFSSL_API long wolfSSL_X509_get_version(const WOLFSSL_X509 *x); +WOLFSSL_API int wolfSSL_X509_get_signature_nid(const WOLFSSL_X509* x); + +WOLFSSL_API int wolfSSL_PEM_write_bio_PKCS8PrivateKey(WOLFSSL_BIO* bio, + WOLFSSL_EVP_PKEY* pkey, const WOLFSSL_EVP_CIPHER* enc, char* passwd, + int passwdSz, pem_password_cb* cb, void* ctx); +WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PKCS8PrivateKey_bio(WOLFSSL_BIO* bio, + WOLFSSL_EVP_PKEY** pkey, pem_password_cb* cb, void* u); +WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_AutoPrivateKey( + WOLFSSL_EVP_PKEY** pkey, const unsigned char** data, long length); + #endif /* OPENSSL_EXTRA */ #ifdef HAVE_PK_CALLBACKS diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index ad0400ad6..ac52823b3 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -335,6 +335,7 @@ enum Oid_Types { oidPBEType = 14, oidHmacType = 15, oidCompressType = 16, + oidCertNameType = 17, oidIgnoreType }; @@ -981,13 +982,18 @@ WOLFSSL_LOCAL void FreeTrustedPeer(TrustedPeerCert*, void*); WOLFSSL_LOCAL void FreeTrustedPeerTable(TrustedPeerCert**, int, void*); #endif /* WOLFSSL_TRUST_PEER_CERT */ -WOLFSSL_ASN_API int ToTraditional(byte* buffer, word32 length); +WOLFSSL_ASN_API int ToTraditional(byte* buffer, word32 length, word32* algId); WOLFSSL_LOCAL int ToTraditionalInline(const byte* input, word32* inOutIdx, - word32 length); -WOLFSSL_LOCAL int ToTraditionalEnc(byte* buffer, word32 length,const char*,int); + word32 length, word32* algId); +WOLFSSL_LOCAL int ToTraditionalEnc(byte* buffer, word32 length,const char*,int, + word32* algId); WOLFSSL_ASN_API int UnTraditionalEnc(byte* key, word32 keySz, byte* out, word32* outSz, const char* password, int passwordSz, int vPKCS, int vAlgo, byte* salt, word32 saltSz, int itt, WC_RNG* rng, void* heap); +WOLFSSL_ASN_API int TraditionalEnc(byte* key, word32 keySz, byte* out, + word32* outSz, const char* password, int passwordSz, int vPKCS, + int vAlgo, int encAlgId, byte* salt, word32 saltSz, int itt, + WC_RNG* rng, void* heap); WOLFSSL_LOCAL int DecryptContent(byte* input, word32 sz,const char* psw,int pswSz); WOLFSSL_LOCAL int EncryptContent(byte* input, word32 sz, byte* out, word32* outSz, const char* password,int passwordSz, int vPKCS, int vAlgo, @@ -1074,6 +1080,9 @@ WOLFSSL_LOCAL void FreeSignatureCtx(SignatureCtx* sigCtx); #ifndef NO_CERTS +WOLFSSL_LOCAL int wc_EncryptedInfoParse(EncryptedInfo* info, char** pBuffer, + size_t bufSz); + WOLFSSL_LOCAL int PemToDer(const unsigned char* buff, long sz, int type, DerBuffer** pDer, void* heap, EncryptedInfo* info, int* eccKey); diff --git a/wolfssl/wolfcrypt/asn_public.h b/wolfssl/wolfcrypt/asn_public.h index 00334b45e..fd3190838 100644 --- a/wolfssl/wolfcrypt/asn_public.h +++ b/wolfssl/wolfcrypt/asn_public.h @@ -71,7 +71,9 @@ enum CertType { TRUSTED_PEER_TYPE, EDDSA_PRIVATEKEY_TYPE, ED25519_TYPE, - PKCS12_TYPE + PKCS12_TYPE, + PKCS8_PRIVATEKEY_TYPE, + PKCS8_ENC_PRIVATEKEY_TYPE };