diff --git a/src/ssl.c b/src/ssl.c index bd538526c..855530c29 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -8862,6 +8862,20 @@ int wolfSSL_X509V3_EXT_print(WOLFSSL_BIO *out, WOLFSSL_X509_EXTENSION *ext, } #endif /* !NO_BIO */ +#ifndef NO_WOLFSSL_STUB +int wolfSSL_X509V3_EXT_add_nconf(WOLFSSL_CONF *conf, WOLFSSL_X509V3_CTX *ctx, + const char *section, WOLFSSL_X509 *cert) +{ + WOLFSSL_ENTER("wolfSSL_X509V3_EXT_add_nconf"); + WOLFSSL_STUB("wolfSSL_X509V3_EXT_add_nconf"); + (void)conf; + (void)ctx; + (void)section; + (void)cert; + return WOLFSSL_SUCCESS; +} +#endif + /* Returns crit flag in X509_EXTENSION object */ int wolfSSL_X509_EXTENSION_get_critical(const WOLFSSL_X509_EXTENSION* ex) { @@ -18726,6 +18740,9 @@ int wolfSSL_sk_push(WOLFSSL_STACK* sk, const void *data) sizeof(WOLFSSL_CIPHER)) == 0) { sk->data.cipher = *(WOLFSSL_CIPHER*)data; sk->num = 1; + if (sk->hash_fn) { + sk->hash = sk->hash_fn(&sk->data.cipher); + } return WOLFSSL_SUCCESS; } break; @@ -18735,6 +18752,9 @@ int wolfSSL_sk_push(WOLFSSL_STACK* sk, const void *data) if (!sk->data.generic) { sk->data.generic = (void*)data; sk->num = 1; + if (sk->hash_fn) { + sk->hash = sk->hash_fn(sk->data.generic); + } return WOLFSSL_SUCCESS; } break; @@ -19265,32 +19285,35 @@ WOLFSSL_CONF_VALUE *wolfSSL_CONF_VALUE_new_values(char* section, if (section) { len = XSTRLEN(section); - ret->section = (char*)XMALLOC(len, NULL, DYNAMIC_TYPE_OPENSSL); + ret->section = (char*)XMALLOC(len+1, NULL, DYNAMIC_TYPE_OPENSSL); if (!ret->section) { WOLFSSL_MSG("malloc error"); wolfSSL_X509V3_conf_free(ret); return NULL; } + XMEMCPY(ret->section, section, len+1); } if (name) { len = XSTRLEN(name); - ret->name = (char*)XMALLOC(len, NULL, DYNAMIC_TYPE_OPENSSL); + ret->name = (char*)XMALLOC(len+1, NULL, DYNAMIC_TYPE_OPENSSL); if (!ret->name) { WOLFSSL_MSG("malloc error"); wolfSSL_X509V3_conf_free(ret); return NULL; } + XMEMCPY(ret->name, name, len+1); } if (value) { len = XSTRLEN(value); - ret->value = (char*)XMALLOC(len, NULL, DYNAMIC_TYPE_OPENSSL); + ret->value = (char*)XMALLOC(len+1, NULL, DYNAMIC_TYPE_OPENSSL); if (!ret->value) { WOLFSSL_MSG("malloc error"); wolfSSL_X509V3_conf_free(ret); return NULL; } + XMEMCPY(ret->value, value, len+1); } return ret; @@ -19346,6 +19369,7 @@ WOLFSSL_CONF_VALUE *wolfSSL_CONF_new_section(WOLFSSL_CONF *conf, WOLFSSL_MSG("section malloc error"); goto error; } + XMEMCPY(ret->section, section, slen+1); if (!(sk = wolfSSL_sk_CONF_VALUE_new(NULL))) { WOLFSSL_MSG("wolfSSL_sk_CONF_VALUE_new error"); @@ -19409,8 +19433,14 @@ WOLFSSL_CONF *wolfSSL_NCONF_new(void *meth) } ret = (WOLFSSL_CONF*)XMALLOC(sizeof(WOLFSSL_CONF), NULL, DYNAMIC_TYPE_OPENSSL); - if (ret) + if (ret) { XMEMSET(ret, 0, sizeof(WOLFSSL_CONF)); + ret->data = wolfSSL_sk_CONF_VALUE_new(NULL); + if (!ret->data) { + wolfSSL_NCONF_free(ret); + return NULL; + } + } return ret; } @@ -19539,7 +19569,7 @@ int wolfSSL_NCONF_load(WOLFSSL_CONF *conf, const char *file, long *eline) WOLFSSL_MSG("malloc error"); goto cleanup; } - if (wolfSSL_BIO_read(in, buf, bufLen) != WOLFSSL_SUCCESS) { + if (wolfSSL_BIO_read(in, buf, bufLen) != bufLen) { WOLFSSL_MSG("wolfSSL_BIO_read error"); goto cleanup; } @@ -19573,6 +19603,13 @@ int wolfSSL_NCONF_load(WOLFSSL_CONF *conf, const char *file, long *eline) char* sectionName; int sectionNameLen; + if (idx < maxIdx) + idx++; + else { + WOLFSSL_MSG("Invalid section definition."); + goto cleanup; + } + SKIP_WHITESPACE(idx, maxIdx); sectionName = idx; /* Find end of section name */ @@ -19613,10 +19650,10 @@ int wolfSSL_NCONF_load(WOLFSSL_CONF *conf, const char *file, long *eline) SKIP_WHITESPACE(idx, maxIdx); value = idx; /* Find end of value */ - idx = maxIdx; + idx = maxIdx-1; while (*idx == ' ' || *idx == '\t') idx--; - valueLen = idx - value; + valueLen = idx - value + 1; /* Sanity checks */ if (nameLen <= 0 || valueLen <= 0) { @@ -21151,7 +21188,7 @@ WOLFSSL_TXT_DB *wolfSSL_TXT_DB_read(WOLFSSL_BIO *in, int num) bufSz = wolfSSL_BIO_get_len(in); if (bufSz <= 0 || - !(buf = (char*)XMALLOC(sizeof(bufSz+1), NULL, + !(buf = (char*)XMALLOC(bufSz+1, NULL, DYNAMIC_TYPE_TMP_BUFFER))) { WOLFSSL_MSG("malloc error or no data in BIO"); goto error; @@ -21163,6 +21200,7 @@ WOLFSSL_TXT_DB *wolfSSL_TXT_DB_read(WOLFSSL_BIO *in, int num) } buf[bufSz] = '\0'; + idx = buf; for (bufEnd = buf + bufSz; idx < bufEnd; idx = lineEnd + 1) { char* strBuf = NULL; char** fieldPtr = NULL; @@ -21183,6 +21221,7 @@ WOLFSSL_TXT_DB *wolfSSL_TXT_DB_read(WOLFSSL_BIO *in, int num) goto error; } XMEMCPY(strBuf + fieldsSz, idx, lineEnd - idx + 1); /* + 1 for NULL */ + XMEMSET(strBuf, 0, fieldsSz); /* Check for appropriate number of fields */ fieldPtr = (char**)strBuf; fieldCheckIdx = strBuf + fieldsSz; @@ -25063,8 +25102,8 @@ void wolfSSL_X509_CRL_free(WOLFSSL_X509_CRL *crl) { WOLFSSL_ENTER("wolfSSL_X509_CRL_free"); - FreeCRL(crl, 1); - return; + if (crl) + FreeCRL(crl, 1); } #endif /* HAVE_CRL && (OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL) */ @@ -28661,10 +28700,24 @@ WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_set(WOLFSSL_ASN1_TIME *s, time_t t) int wolfSSL_ASN1_TIME_set_string(WOLFSSL_ASN1_TIME *s, const char *str) { - WOLFSSL_STUB("wolfSSL_ASN1_TIME_set_string"); - (void)s; - (void)str; - return WOLFSSL_FAILURE; + int slen; + WOLFSSL_ENTER("wolfSSL_ASN1_TIME_set_string"); + + if (!str) { + WOLFSSL_MSG("Bad parameter"); + return WOLFSSL_FAILURE; + } + slen = XSTRLEN(str)+1; + if (slen > CTC_DATE_SIZE) { + WOLFSSL_MSG("Date string too long"); + return WOLFSSL_FAILURE; + } + if (s) { + XMEMCPY(s->data, str, slen); + s->length = slen; + s->type = slen == ASN_UTC_TIME_SIZE ? ASN_UTC_TIME : ASN_GENERALIZED_TIME; + } + return WOLFSSL_SUCCESS; } #endif /* !NO_WOLFSSL_STUB */ @@ -40850,7 +40903,10 @@ err: } if (loc <= DN_NAMES_MAX + name->fullName.dcNum) { - name->fullName.loc[loc] = ASN_DN_NULL; + XMEMMOVE(&name->fullName.loc[loc], &name->fullName.loc[loc+1], + DN_NAMES_MAX + name->fullName.dcNum - loc - 1); + if (name->fullName.dcNum > 0) + name->fullName.dcNum--; } else if (name->fullName.dcMode) { if (name->fullName.fullName != NULL) { @@ -40862,6 +40918,12 @@ err: } } } + else if (loc == name->fullName.cnIdx && name->x509 != NULL) { + name->fullName.cnIdx = -1; + } + else { + WOLFSSL_MSG("Couldn't find name entry"); + } return ret; } @@ -46104,7 +46166,7 @@ int wolfSSL_a2i_ASN1_INTEGER(WOLFSSL_BIO *bio, WOLFSSL_ASN1_INTEGER *asn1, WOLFSSL_MSG("wolfSSL_BIO_gets error"); return WOLFSSL_FAILURE; } - while (lineLen && buf[lineLen-1] == '\n' && buf[lineLen-1] == '\r') + while (lineLen && (buf[lineLen-1] == '\n' || buf[lineLen-1] == '\r')) lineLen--; if (buf[lineLen-1] == '\\') readNextLine = 1; @@ -46157,8 +46219,13 @@ int wolfSSL_a2i_ASN1_INTEGER(WOLFSSL_BIO *bio, WOLFSSL_ASN1_INTEGER *asn1, XMEMMOVE(asn1->data + outLen + 1, asn1->data, asn1->length); asn1->data[0] = ASN_INTEGER; (void)SetLength(asn1->length, asn1->data + 1); - if (asn1->data[outLen+1] == 0x80) + if (asn1->data[outLen+1] == 0x80) { asn1->data[outLen] = 0; + asn1->dataMax = asn1->length += 1 + outLen + 1; + } + else { + asn1->dataMax = asn1->length += 1 + outLen; + } return WOLFSSL_SUCCESS; } @@ -46649,14 +46716,14 @@ WOLF_STACK_OF(WOLFSSL_STRING)* wolfSSL_sk_WOLFSSL_STRING_new(void) return ret; } -char* wolfSSL_sk_WOLFSSL_STRING_value(WOLF_STACK_OF(WOLFSSL_STRING)* strings, +WOLFSSL_STRING* wolfSSL_sk_WOLFSSL_STRING_value(WOLF_STACK_OF(WOLFSSL_STRING)* strings, int idx) { for (; idx > 0 && strings != NULL; idx--) strings = strings->next; if (strings == NULL) return NULL; - return strings->data.string; + return (WOLFSSL_STRING*)strings->data.string; } int wolfSSL_sk_WOLFSSL_STRING_num(WOLF_STACK_OF(WOLFSSL_STRING)* strings) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index efbdc078a..33f909daa 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -9443,7 +9443,7 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm) int ret = 0; int checkPathLen = 0; int decrementMaxPathLen = 0; - word32 confirmOID; + word32 confirmOID = 0; #if defined(WOLFSSL_RENESAS_TSIP) int idx = 0; #endif diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index 74f6294dc..8dd4773db 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -1885,6 +1885,87 @@ int wolfSSL_EVP_PKEY_size(WOLFSSL_EVP_PKEY *pkey) return 0; } + +int wolfSSL_EVP_PKEY_copy_parameters(WOLFSSL_EVP_PKEY *to, + const WOLFSSL_EVP_PKEY *from) +{ + WOLFSSL_ENTER("wolfSSL_EVP_PKEY_copy_parameters"); + + if (!to || !from) { + WOLFSSL_MSG("Bad parameter"); + return WOLFSSL_FAILURE; + } + + if (to->type == EVP_PKEY_NONE) { + to->type = from->type; + } + else if (to->type != from->type) { + WOLFSSL_MSG("Different key types"); + return WOLFSSL_FAILURE; + } + + switch(from->type) { +#ifdef HAVE_ECC + case EVP_PKEY_EC: + if (from->ecc) { + if (!to->ecc && !(to->ecc = wolfSSL_EC_KEY_new())) { + WOLFSSL_MSG("wolfSSL_EC_KEY_new error"); + return WOLFSSL_FAILURE; + } + to->ecc->group->curve_idx = from->ecc->group->curve_idx; + to->ecc->group->curve_nid = from->ecc->group->curve_nid; + to->ecc->group->curve_oid = from->ecc->group->curve_oid; + } + else { + WOLFSSL_MSG("Missing ECC struct"); + return WOLFSSL_FAILURE; + } + break; +#endif +#ifndef NO_DSA + case EVP_PKEY_DSA: + if (from->dsa) { + WOLFSSL_BIGNUM cpy; + if (!to->dsa && !(to->dsa = wolfSSL_DSA_new())) { + WOLFSSL_MSG("wolfSSL_DSA_new error"); + return WOLFSSL_FAILURE; + } + if (!(cpy = wolfSSL_BN_dup(from->dsa->p))) { + WOLFSSL_MSG("wolfSSL_BN_dup error"); + return WOLFSSL_FAILURE; + } + to->dsa->p = cpy; + if (!(cpy = wolfSSL_BN_dup(from->dsa->q)) { + WOLFSSL_MSG("wolfSSL_BN_dup error"); + return WOLFSSL_FAILURE; + } + to->dsa->q = cpy; + if (!(cpy = wolfSSL_BN_dup(from->dsa->g)) { + WOLFSSL_MSG("wolfSSL_BN_dup error"); + return WOLFSSL_FAILURE; + } + to->dsa->g = cpy; + } + else { + WOLFSSL_MSG("Missing DSA struct"); + return WOLFSSL_FAILURE; + } + break; +#endif +#ifndef NO_RSA + case EVP_PKEY_RSA: +#endif +#ifndef NO_DH + case EVP_PKEY_DH: +#endif + default: + WOLFSSL_MSG("Copy parameters not available for this key type"); + return WOLFSSL_FAILURE; + } + + return WOLFSSL_SUCCESS; +} + #ifndef NO_WOLFSSL_STUB WOLFSSL_API int wolfSSL_EVP_PKEY_missing_parameters(WOLFSSL_EVP_PKEY *pkey) { @@ -3183,11 +3264,21 @@ const WOLFSSL_EVP_MD *wolfSSL_EVP_get_digestbyname(const char *name) {"SHA", "SHA1"}, { NULL, NULL} }; + char nameUpper[15]; /* 15 bytes should be enough for any name */ + size_t i; const struct alias *al; const struct s_ent *ent; + for (i = 0; i < sizeof(nameUpper) && name[i] != '\0'; i++) { + nameUpper[i] = XTOUPPER(name[i]); + } + if (i < sizeof(nameUpper)) + nameUpper[i] = '\0'; + else + return NULL; + name = nameUpper; for (al = alias_tbl; al->name != NULL; al++) if(XSTRNCMP(name, al->alias, XSTRLEN(al->alias)+1) == 0) { name = al->name; diff --git a/wolfssl/openssl/evp.h b/wolfssl/openssl/evp.h index 2ee0cc28c..9848921c1 100644 --- a/wolfssl/openssl/evp.h +++ b/wolfssl/openssl/evp.h @@ -572,6 +572,7 @@ WOLFSSL_API WOLFSSL_EVP_PKEY *wolfSSL_EVP_PKEY_new(void); WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_ex(void* heap); WOLFSSL_API void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY*); WOLFSSL_API int wolfSSL_EVP_PKEY_size(WOLFSSL_EVP_PKEY *pkey); +WOLFSSL_API int wolfSSL_EVP_PKEY_copy_parameters(WOLFSSL_EVP_PKEY *to, const WOLFSSL_EVP_PKEY *from); WOLFSSL_API int wolfSSL_EVP_PKEY_missing_parameters(WOLFSSL_EVP_PKEY *pkey); WOLFSSL_API int wolfSSL_EVP_PKEY_cmp(const WOLFSSL_EVP_PKEY *a, const WOLFSSL_EVP_PKEY *b); WOLFSSL_API int wolfSSL_EVP_PKEY_type(int type); @@ -829,6 +830,7 @@ typedef WOLFSSL_EVP_CIPHER_CTX EVP_CIPHER_CTX; #define EVP_PKEY_free wolfSSL_EVP_PKEY_free #define EVP_PKEY_up_ref wolfSSL_EVP_PKEY_up_ref #define EVP_PKEY_size wolfSSL_EVP_PKEY_size +#define EVP_PKEY_copy_parameters wolfSSL_EVP_PKEY_copy_parameters #define EVP_PKEY_missing_parameters wolfSSL_EVP_PKEY_missing_parameters #define EVP_PKEY_cmp wolfSSL_EVP_PKEY_cmp #define EVP_PKEY_type wolfSSL_EVP_PKEY_type diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 7174c2c0a..5b2b05e36 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -505,6 +505,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define X509_NAME_add_entry wolfSSL_X509_NAME_add_entry #define X509_NAME_add_entry_by_txt wolfSSL_X509_NAME_add_entry_by_txt #define X509_NAME_add_entry_by_NID wolfSSL_X509_NAME_add_entry_by_NID +#define X509_NAME_delete_entry wolfSSL_X509_NAME_delete_entry #define X509_NAME_oneline wolfSSL_X509_NAME_oneline #define X509_NAME_get_index_by_NID wolfSSL_X509_NAME_get_index_by_NID #define X509_NAME_print_ex wolfSSL_X509_NAME_print_ex @@ -730,6 +731,9 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define ASN1_STRING_print_ex wolfSSL_ASN1_STRING_print_ex #define ASN1_STRING_print(x, y) wolfSSL_ASN1_STRING_print ((WOLFSSL_BIO*)(x), (WOLFSSL_ASN1_STRING*)(y)) #define d2i_DISPLAYTEXT wolfSSL_d2i_DISPLAYTEXT +#ifndef NO_WOLFSSL_STUB +#define ASN1_STRING_set_default_mask_asc(...) 1 +#endif #define ASN1_PRINTABLE_type(...) V_ASN1_PRINTABLESTRING @@ -1303,6 +1307,10 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define OpenSSL_version(x) wolfSSL_OpenSSL_version() +#ifndef NO_WOLFSSL_STUB +#define OBJ_create_objects(...) +#endif + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/wolfssl/openssl/x509v3.h b/wolfssl/openssl/x509v3.h index ba8a73051..75e128a4f 100644 --- a/wolfssl/openssl/x509v3.h +++ b/wolfssl/openssl/x509v3.h @@ -101,6 +101,8 @@ WOLFSSL_API char* wolfSSL_i2s_ASN1_STRING(WOLFSSL_v3_ext_method *method, const WOLFSSL_ASN1_STRING *s); WOLFSSL_API int wolfSSL_X509V3_EXT_print(WOLFSSL_BIO *out, WOLFSSL_X509_EXTENSION *ext, unsigned long flag, int indent); +WOLFSSL_API int wolfSSL_X509V3_EXT_add_nconf(WOLFSSL_CONF *conf, WOLFSSL_X509V3_CTX *ctx, + const char *section, WOLFSSL_X509 *cert); #define BASIC_CONSTRAINTS_free wolfSSL_BASIC_CONSTRAINTS_free #define AUTHORITY_KEYID_free wolfSSL_AUTHORITY_KEYID_free @@ -109,8 +111,8 @@ WOLFSSL_API int wolfSSL_X509V3_EXT_print(WOLFSSL_BIO *out, #define ASN1_OCTET_STRING WOLFSSL_ASN1_STRING #define X509V3_EXT_get wolfSSL_X509V3_EXT_get #define X509V3_EXT_d2i wolfSSL_X509V3_EXT_d2i +#define X509V3_EXT_add_nconf wolfSSL_X509V3_EXT_add_nconf #ifndef NO_WOLFSSL_STUB -#define X509V3_EXT_add_nconf(...) 0 #define X509V3_parse_list(...) NULL #endif #define i2s_ASN1_OCTET_STRING wolfSSL_i2s_ASN1_STRING diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index d1b79c60a..71e046d0f 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -3658,8 +3658,8 @@ WOLFSSL_API void wolfSSL_sk_X509_INFO_pop_free(WOLF_STACK_OF(WOLFSSL_X509_INFO)* void (*f) (WOLFSSL_X509_INFO*)); WOLFSSL_API void wolfSSL_sk_X509_INFO_free(WOLF_STACK_OF(WOLFSSL_X509_INFO)*); -typedef int (*wolf_sk_compare_cb)(const void* const *a, - const void* const *b); +typedef int (*wolf_sk_compare_cb)(const void* a, + const void* b); typedef unsigned long (*wolf_sk_hash_cb) (const void *v); WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_sk_X509_NAME_new( wolf_sk_compare_cb); @@ -3913,7 +3913,7 @@ WOLFSSL_API int wolfSSL_X509_check_issued(WOLFSSL_X509 *issuer, WOLFSSL_X509 *subject); WOLFSSL_API WOLF_STACK_OF(WOLFSSL_STRING)* wolfSSL_sk_WOLFSSL_STRING_new(void); -WOLFSSL_API char* wolfSSL_sk_WOLFSSL_STRING_value( +WOLFSSL_API WOLFSSL_STRING* wolfSSL_sk_WOLFSSL_STRING_value( WOLF_STACK_OF(WOLFSSL_STRING)* strings, int idx); WOLFSSL_API int wolfSSL_sk_WOLFSSL_STRING_num( WOLF_STACK_OF(WOLFSSL_STRING)* strings);