feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #398 from JacobBarthelmeh/master

Browse Source 
update to MYSQL compatibility
This commit is contained in:
toddouska
2016-05-04 09:10:39 -07:00
parent 1b5ed7fb09 197672d4fc
commit ab53d732ce
14 changed files with 562 additions and 74 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
IDE/MYSQL/CMakeLists_wolfCrypt.txt
View File

@@ -27,7 +27,7 @@ SET(WOLFCRYPT_SOURCES src/aes.c src/arc4.c src/asn.c src/blake2b.c
src/camellia.c src/chacha.c src/coding.c src/compress.c src/des3.c
src/dh.c src/dsa.c src/ecc.c src/error.c src/hc128.c src/hmac.c
src/integer.c src/logging.c src/md2.c src/md4.c src/md5.c src/memory.c
src/misc.c src/pkcs7.c src/poly1305.c src/pwdbased.c src/rabbit.c
src/pkcs7.c src/poly1305.c src/pwdbased.c src/rabbit.c
src/random.c src/ripemd.c src/rsa.c src/sha.c src/sha256.c src/sha512.c
src/tfm.c src/wc_port.c src/wc_encrypt.c src/hash.c
../wolfssl/wolfcrypt/aes.h ../wolfssl/wolfcrypt/arc4.h ../wolfssl/wolfcrypt/asn.h ../wolfssl/wolfcrypt/blake2.h
@@ -39,6 +39,7 @@ SET(WOLFCRYPT_SOURCES src/aes.c src/arc4.c src/asn.c src/blake2b.c
../wolfssl/wolfcrypt/tfm.h ../wolfssl/wolfcrypt/wc_port.h ../wolfssl/wolfcrypt/wc_encrypt.h
../wolfssl/wolfcrypt/hash.h
)
# misc.c is not compiled in since using INLINE
ADD_CONVENIENCE_LIBRARY(wolfcrypt ${WOLFCRYPT_SOURCES})
RESTRICT_SYMBOL_EXPORTS(wolfcrypt)

83
src/internal.c
View File

@@ -643,6 +643,12 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx)
#ifndef NO_CERTS
FreeDer(&ctx->privateKey);
FreeDer(&ctx->certificate);
#ifdef KEEP_OUR_CERT
FreeX509(ctx->ourCert);
if (ctx->ourCert) {
XFREE(ctx->ourCert, ctx->heap, DYNAMIC_TYPE_X509);
}
#endif
FreeDer(&ctx->certChain);
wolfSSL_CertManagerFree(ctx->cm);
#endif
@@ -1295,6 +1301,13 @@ void InitSuites(Suites* suites, ProtocolVersion pv, word16 haveRSA,
}
#endif
#ifdef BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
if (tls && haveDH && haveRSA) {
suites->suites[idx++] = 0;
suites->suites[idx++] = TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA;
}
#endif
#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
if (tls1_2 && haveDH && haveRSA) {
suites->suites[idx++] = 0;
@@ -1692,6 +1705,9 @@ void InitX509Name(WOLFSSL_X509_NAME* name, int dynamicFlag)
name->dynamicName = 0;
#ifdef OPENSSL_EXTRA
XMEMSET(&name->fullName, 0, sizeof(DecodedName));
XMEMSET(&name->cnEntry, 0, sizeof(WOLFSSL_X509_NAME_ENTRY));
name->cnEntry.value = &(name->cnEntry.data); /* point to internal data*/
name->x509 = NULL;
#endif /* OPENSSL_EXTRA */
}
}
@@ -2576,6 +2592,7 @@ void SSL_ResourceFree(WOLFSSL* ssl)
}
#endif
#ifndef NO_CERTS
ssl->keepCert = 0; /* make sure certificate is free'd */
wolfSSL_UnloadCertsKeys(ssl);
#endif
#ifndef NO_RSA
@@ -4724,6 +4741,15 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
if (requirement == REQUIRES_DHE)
return 1;
break;
case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
if (requirement == REQUIRES_RSA)
return 1;
if (requirement == REQUIRES_RSA_SIG)
return 1;
if (requirement == REQUIRES_DHE)
return 1;
break;
#endif
#ifdef HAVE_ANON
case TLS_DH_anon_WITH_AES_128_CBC_SHA :
@@ -4846,6 +4872,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
XMEMCPY(x509->issuer.fullName.fullName,
dCert->issuerName.fullName, dCert->issuerName.fullNameLen);
}
x509->issuer.x509 = x509;
#endif /* OPENSSL_EXTRA */
XSTRNCPY(x509->subject.name, dCert->subject, ASN_NAME_MAX);
@@ -4861,6 +4888,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
XMEMCPY(x509->subject.fullName.fullName,
dCert->subjectName.fullName, dCert->subjectName.fullNameLen);
}
x509->subject.x509 = x509;
#endif /* OPENSSL_EXTRA */
XMEMCPY(x509->serial, dCert->serial, EXTERNAL_SERIAL_SIZE);
@@ -10658,6 +10686,10 @@ static const char* const cipher_names[] =
#ifdef BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256
"DHE-PSK-CHACHA20-POLY1305",
#endif
#ifdef BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
"EDH-RSA-DES-CBC3-SHA",
#endif
};
@@ -11096,6 +11128,10 @@ static int cipher_name_idx[] =
#ifdef BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256
TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
#endif
#ifdef BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
#endif
};
@@ -11112,6 +11148,53 @@ int GetCipherNamesSize(void)
return (int)(sizeof(cipher_names) / sizeof(char*));
}
/* gets cipher name in the format DHE-RSA-... rather then TLS_DHE... */
const char* wolfSSL_get_cipher_name_internal(WOLFSSL* ssl)
{
const char* fullName;
const char* first;
WOLFSSL_CIPHER* cipher;
word32 i;
if (ssl == NULL) {
WOLFSSL_MSG("Bad argument");
return NULL;
}
cipher = wolfSSL_get_current_cipher(ssl);
fullName = wolfSSL_CIPHER_get_name(cipher);
if (fullName) {
first = (XSTRSTR(fullName, "CHACHA")) ? "CHACHA"
: (XSTRSTR(fullName, "EC")) ? "EC"
: (XSTRSTR(fullName, "CCM")) ? "CCM"
: NULL; /* normal */
for (i = 0; i < sizeof(cipher_name_idx); i++) {
if (cipher_name_idx[i] == ssl->options.cipherSuite) {
const char* nameFound = cipher_names[i];
/* extra sanity check on returned cipher name */
if (nameFound == NULL) {
continue;
}
/* if first is null then not any */
if (first == NULL) {
if (!XSTRSTR(nameFound, "CHACHA") &&
!XSTRSTR(nameFound, "EC") && !XSTRSTR(nameFound, "CCM")) {
return cipher_names[i];
}
}
else if (XSTRSTR(nameFound, first)) {
return cipher_names[i];
}
}
}
}
return NULL; /* error or not found */
}
/**
Set the enabled cipher suites.

17
src/keys.c
View File

@@ -1551,6 +1551,23 @@ int SetCipherSpecs(WOLFSSL* ssl)
break;
#endif
#ifdef BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = diffie_hellman_kea;
ssl->specs.sig_algo = rsa_sa_algo;
ssl->specs.hash_size = SHA_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = DES3_KEY_SIZE;
ssl->specs.block_size = DES_BLOCK_SIZE;
ssl->specs.iv_size = DES_IV_SIZE;
break;
#endif
#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 :
ssl->specs.bulk_cipher_algorithm = wolfssl_aes;

268
src/ssl.c
View File

@@ -3468,12 +3468,29 @@ static int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
/* Make sure previous is free'd */
if (ssl->buffers.weOwnCert) {
FreeDer(&ssl->buffers.certificate);
#ifdef KEEP_OUR_CERT
FreeX509(ssl->ourCert);
if (ssl->ourCert) {
XFREE(ssl->ourCert, ssl->heap, DYNAMIC_TYPE_X509);
ssl->ourCert = NULL;
}
#endif
}
XMEMCPY(&ssl->buffers.certificate, &der, sizeof(der));
#ifdef KEEP_OUR_CERT
ssl->keepCert = 1; /* hold cert for ssl lifetime */
#endif
ssl->buffers.weOwnCert = 1;
}
else if (ctx) {
FreeDer(&ctx->certificate); /* Make sure previous is free'd */
#ifdef KEEP_OUR_CERT
FreeX509(ctx->ourCert);
if (ctx->ourCert) {
XFREE(ctx->ourCert, ctx->heap, DYNAMIC_TYPE_X509);
ctx->ourCert = NULL;
}
#endif
XMEMCPY(&ctx->certificate, &der, sizeof(der));
}
}
@@ -8017,9 +8034,16 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
return BAD_FUNC_ARG;
}
if (ssl->buffers.weOwnCert) {
if (ssl->buffers.weOwnCert && !ssl->keepCert) {
WOLFSSL_MSG("Unloading cert");
FreeDer(&ssl->buffers.certificate);
#ifdef KEEP_OUR_CERT
FreeX509(ssl->ourCert);
if (ssl->ourCert) {
XFREE(ssl->ourCert, ssl->heap, DYNAMIC_TYPE_X509);
ssl->ourCert = NULL;
}
#endif
ssl->buffers.weOwnCert = 0;
}
@@ -9760,6 +9784,35 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
}
/* WOLFSSL_DES_key_schedule is a unsigned char array of size 8 */
void wolfSSL_DES_ede3_cbc_encrypt(const unsigned char* input,
unsigned char* output, long sz,
WOLFSSL_DES_key_schedule* ks1,
WOLFSSL_DES_key_schedule* ks2,
WOLFSSL_DES_key_schedule* ks3,
WOLFSSL_DES_cblock* ivec, int enc)
{
Des3 des;
byte key[24];/* EDE uses 24 size key */
WOLFSSL_ENTER("wolfSSL_DES_ede3_cbc_encrypt");
XMEMSET(key, 0, sizeof(key));
XMEMCPY(key, *ks1, DES_BLOCK_SIZE);
XMEMCPY(&key[DES_BLOCK_SIZE], *ks2, DES_BLOCK_SIZE);
XMEMCPY(&key[DES_BLOCK_SIZE * 2], *ks3, DES_BLOCK_SIZE);
if (enc) {
wc_Des3_SetKey(&des, key, (const byte*)ivec, DES_ENCRYPTION);
wc_Des3_CbcEncrypt(&des, output, input, (word32)sz);
}
else {
wc_Des3_SetKey(&des, key, (const byte*)ivec, DES_DECRYPTION);
wc_Des3_CbcDecrypt(&des, output, input, (word32)sz);
}
}
/* correctly sets ivec for next call */
void wolfSSL_DES_ncbc_encrypt(const unsigned char* input,
unsigned char* output, long length,
@@ -10216,6 +10269,72 @@ static void ExternalFreeX509(WOLFSSL_X509* x509)
WOLFSSL_LEAVE("wolfSSL_X509_NAME_get_text_by_NID", textSz);
return textSz;
}
int wolfSSL_X509_NAME_get_index_by_NID(WOLFSSL_X509_NAME* name,
int nid, int pos)
{
int ret = -1;
WOLFSSL_ENTER("wolfSSL_X509_NAME_get_index_by_NID");
if (name == NULL) {
return BAD_FUNC_ARG;
}
/* these index values are already stored in DecodedName
use those when available */
if (name->fullName.fullName && name->fullName.fullNameLen > 0) {
switch (nid) {
case ASN_COMMON_NAME:
ret = name->fullName.cnIdx;
break;
default:
WOLFSSL_MSG("NID not yet implemented");
break;
}
}
WOLFSSL_LEAVE("wolfSSL_X509_NAME_get_index_by_NID", ret);
(void)pos;
(void)nid;
return ret;
}
WOLFSSL_ASN1_STRING* wolfSSL_X509_NAME_ENTRY_get_data(
WOLFSSL_X509_NAME_ENTRY* in)
{
WOLFSSL_ENTER("wolfSSL_X509_NAME_ENTRY_get_data");
return in->value;
}
char* wolfSSL_ASN1_STRING_data(WOLFSSL_ASN1_STRING* asn)
{
WOLFSSL_ENTER("wolfSSL_ASN1_STRING_data");
if (asn) {
return asn->data;
}
else {
return NULL;
}
}
int wolfSSL_ASN1_STRING_length(WOLFSSL_ASN1_STRING* asn)
{
WOLFSSL_ENTER("wolfSSL_ASN1_STRING_length");
if (asn) {
return asn->length;
}
else {
return 0;
}
}
#endif
@@ -10636,6 +10755,39 @@ WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format)
#endif /* NO_FILESYSTEM */
#endif /* KEEP_PEER_CERT || SESSION_CERTS */
/* OPENSSL_EXTRA is needed for wolfSSL_X509_d21 function
KEEP_OUR_CERT is to insure ability for returning ssl certificate */
#if defined(OPENSSL_EXTRA) && defined(KEEP_OUR_CERT)
WOLFSSL_X509* wolfSSL_get_certificate(WOLFSSL* ssl)
{
if (ssl == NULL) {
return NULL;
}
if (ssl->buffers.weOwnCert) {
if (ssl->ourCert == NULL) {
ssl->ourCert = wolfSSL_X509_d2i(NULL,
ssl->buffers.certificate->buffer,
ssl->buffers.certificate->length);
}
return ssl->ourCert;
}
else { /* if cert not owned get parent ctx cert or return null */
if (ssl->ctx) {
if (ssl->ctx->ourCert == NULL) {
ssl->ctx->ourCert = wolfSSL_X509_d2i(NULL,
ssl->ctx->certificate->buffer,
ssl->ctx->certificate->length);
}
return ssl->ctx->ourCert;
}
else {
return NULL;
}
}
}
#endif /* OPENSSL_EXTRA && KEEP_OUR_CERT */
#endif /* NO_CERTS */
@@ -11042,6 +11194,10 @@ const char* wolfSSL_CIPHER_get_name(const WOLFSSL_CIPHER* cipher)
return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA";
case TLS_DHE_RSA_WITH_AES_256_CBC_SHA :
return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA";
#ifndef NO_DES3
case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
return "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA";
#endif
#endif
#ifndef NO_HC128
#ifndef NO_MD5
@@ -11130,6 +11286,12 @@ const char* wolfSSL_get_cipher(WOLFSSL* ssl)
return wolfSSL_CIPHER_get_name(wolfSSL_get_current_cipher(ssl));
}
/* gets cipher name in the format DHE-RSA-... rather then TLS_DHE... */
const char* wolfSSL_get_cipher_name(WOLFSSL* ssl)
{
/* get access to cipher_name_idx in internal.c */
return wolfSSL_get_cipher_name_internal(ssl);
}
#ifdef OPENSSL_EXTRA
@@ -11656,6 +11818,66 @@ int wolfSSL_ASN1_TIME_print(WOLFSSL_BIO* bio, const WOLFSSL_ASN1_TIME* asnTime)
}
#if defined(WOLFSSL_MYSQL_COMPATIBLE)
char* wolfSSL_ASN1_TIME_to_string(WOLFSSL_ASN1_TIME* time, char* buf, int len)
{
struct tm t;
int idx = 0;
int format;
int dateLen;
byte* date = (byte*)time;
WOLFSSL_ENTER("wolfSSL_ASN1_TIME_to_string");
if (time == NULL || buf == NULL || len < 5) {
WOLFSSL_MSG("Bad argument");
return NULL;
}
format = *date; date++;
dateLen = *date; date++;
if (dateLen > len) {
return "error";
}
if (!ExtractDate(date, format, &t, &idx)) {
return "error";
}
if (date[idx] != 'Z') {
WOLFSSL_MSG("UTCtime, not Zulu") ;
return "Not Zulu";
}
/* place month in buffer */
buf[0] = '\0';
switch(t.tm_mon) {
case 0: XSTRNCAT(buf, "Jan ", 4); break;
case 1: XSTRNCAT(buf, "Feb ", 4); break;
case 2: XSTRNCAT(buf, "Mar ", 4); break;
case 3: XSTRNCAT(buf, "Apr ", 4); break;
case 4: XSTRNCAT(buf, "May ", 4); break;
case 5: XSTRNCAT(buf, "Jun ", 4); break;
case 6: XSTRNCAT(buf, "Jul ", 4); break;
case 7: XSTRNCAT(buf, "Aug ", 4); break;
case 8: XSTRNCAT(buf, "Sep ", 4); break;
case 9: XSTRNCAT(buf, "Oct ", 4); break;
case 10: XSTRNCAT(buf, "Nov ", 4); break;
case 11: XSTRNCAT(buf, "Dec ", 4); break;
default:
return "error";
}
idx = 4; /* use idx now for char buffer */
buf[idx] = ' ';
XSNPRINTF(buf + idx, len - idx, "%2d %02d:%02d:%02d %d GMT",
t.tm_mday, t.tm_hour, t.tm_min, t.tm_sec, t.tm_year + 1900);
return buf;
}
#endif /* WOLFSSL_MYSQL_COMPATIBLE */
int wolfSSL_ASN1_INTEGER_cmp(const WOLFSSL_ASN1_INTEGER* a,
const WOLFSSL_ASN1_INTEGER* b)
@@ -11835,14 +12057,16 @@ long wolfSSL_CTX_sess_number(WOLFSSL_CTX* ctx)
void wolfSSL_DES_set_key_unchecked(WOLFSSL_const_DES_cblock* myDes,
WOLFSSL_DES_key_schedule* key)
{
(void)myDes;
(void)key;
if (myDes != NULL && key != NULL) {
XMEMCPY(key, myDes, sizeof(WOLFSSL_const_DES_cblock));
}
}
void wolfSSL_DES_set_odd_parity(WOLFSSL_DES_cblock* myDes)
{
(void)myDes;
WOLFSSL_STUB("wolfSSL_DES_set_odd_parity");
}
@@ -11853,6 +12077,7 @@ void wolfSSL_DES_ecb_encrypt(WOLFSSL_DES_cblock* desa,
(void)desb;
(void)key;
(void)len;
WOLFSSL_STUB("wolfSSL_DES_ecb_encrypt");
}
#endif /* NO_DES3 */
@@ -16882,7 +17107,7 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl)
#ifdef OPENSSL_EXTRA /*Lighttp compatibility*/
#ifdef HAVE_LIGHTY
#if defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE)
unsigned char *wolfSSL_SHA1(const unsigned char *d, size_t n, unsigned char *md)
{
@@ -16997,11 +17222,33 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl)
return NULL;
}
WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(WOLFSSL_X509_NAME *name, int loc) {
WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(
WOLFSSL_X509_NAME *name, int loc) {
int maxLoc = name->fullName.fullNameLen;
WOLFSSL_ENTER("wolfSSL_X509_NAME_get_entry");
if (loc < 0 || loc > maxLoc) {
WOLFSSL_MSG("Bad argument");
return NULL;
}
/* common name index case */
if (loc == name->fullName.cnIdx) {
/* get CN shortcut from x509 since it has null terminator */
name->cnEntry.data.data = name->x509->subjectCN;
name->cnEntry.data.length = name->fullName.cnLen;
name->cnEntry.data.type = ASN_COMMON_NAME;
name->cnEntry.set = 1;
return &(name->cnEntry);
}
/* additionall cases to check for go here */
WOLFSSL_MSG("Entry not found or implemented");
(void)name;
(void)loc;
WOLFSSL_ENTER("wolfSSL_X509_NAME_get_entry");
WOLFSSL_STUB("wolfSSL_X509_NAME_get_entry");
return NULL;
}
@@ -17038,7 +17285,7 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl)
return NULL;
}
#endif
#endif /* HAVE_LIGHTY || WOLFSSL_MYSQL_COMPATIBLE */
#endif
@@ -17135,7 +17382,8 @@ void* wolfSSL_get_ex_data(const WOLFSSL* ssl, int idx)
#endif /* OPENSSL_EXTRA */
#if defined(HAVE_LIGHTY) || defined(HAVE_STUNNEL)
#if defined(HAVE_LIGHTY) || defined(HAVE_STUNNEL) \
|| defined(WOLFSSL_MYSQL_COMPATIBLE)
char * wolf_OBJ_nid2ln(int n) {
(void)n;
WOLFSSL_ENTER("wolf_OBJ_nid2ln");
@@ -17228,7 +17476,7 @@ long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX* ctx, WOLFSSL_DH* dh)
return pSz > 0 && gSz > 0 ? ret : SSL_FATAL_ERROR;
}
#endif /* NO_DH */
#endif /* HAVE_LIGHTY || HAVE_STUNNEL */
#endif /* HAVE_LIGHTY || HAVE_STUNNEL || WOLFSSL_MYSQL_COMPATIBLE */
/* stunnel compatibility functions*/

55
tests/api.c
View File

@@ -39,6 +39,10 @@
#include <wolfssl/test.h>
#include <tests/unit.h>
#ifdef OPENSSL_EXTRA
#include <wolfssl/openssl/ssl.h>
#endif
/* enable testing buffer load functions */
#ifndef USE_CERT_BUFFERS_2048
#define USE_CERT_BUFFERS_2048
@@ -1662,6 +1666,54 @@ static void test_wolfSSL_UseALPN(void)
#endif
}
/*----------------------------------------------------------------------------*
| X509 Tests
*----------------------------------------------------------------------------*/
static void test_wolfSSL_X509_NAME_get_entry(void)
{
#ifndef NO_CERTS
#if defined(OPENSSL_EXTRA) && (defined(KEEP_PEER_CERT) || defined(SESSION_CERTS)) \
&& (defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE))
printf(testingFmt, "wolfSSL_X509_NAME_get_entry()");
{
/* use openssl like name to test mapping */
X509_NAME_ENTRY* ne = NULL;
X509_NAME* name = NULL;
char* subCN = NULL;
X509* x509;
ASN1_STRING* asn;
int idx;
#ifndef NO_FILESYSTEM
x509 = wolfSSL_X509_load_certificate_file(cliCert, SSL_FILETYPE_PEM);
AssertNotNull(x509);
name = X509_get_subject_name(x509);
idx = X509_NAME_get_index_by_NID(name, NID_commonName, -1);
AssertIntGE(idx, 0);
ne = X509_NAME_get_entry(name, idx);
AssertNotNull(ne);
asn = X509_NAME_ENTRY_get_data(ne);
AssertNotNull(asn);
subCN = (char*)ASN1_STRING_data(asn);
AssertNotNull(subCN);
wolfSSL_FreeX509(x509);
#endif
}
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA */
#endif /* !NO_CERTS */
}
/*----------------------------------------------------------------------------*
| Main
*----------------------------------------------------------------------------*/
@@ -1692,6 +1744,9 @@ void ApiTest(void)
test_wolfSSL_UseSupportedCurve();
test_wolfSSL_UseALPN();
/* X509 tests */
test_wolfSSL_X509_NAME_get_entry();
test_wolfSSL_Cleanup();
printf(" End API Tests\n");
}

16
tests/test.conf
View File

@@ -1126,6 +1126,22 @@
-v 2
-l DHE-RSA-AES256-SHA256
# server TLSv1.1 DHE 3DES
-v 2
-l EDH-RSA-DES-CBC3-SHA
# client TLSv1.1 DHE 3DES
-v 2
-l EDH-RSA-DES-CBC3-SHA
# server TLSv1.2 DHE 3DES
-v 3
-l EDH-RSA-DES-CBC3-SHA
# client TLSv1.2 DHE 3DES
-v 3
-l EDH-RSA-DES-CBC3-SHA
# server TLSv1.2 DHE AES128
-v 3
-l DHE-RSA-AES128-SHA

51
wolfcrypt/src/asn.c
View File

@@ -3000,6 +3000,35 @@ static INLINE int DateLessThan(const struct tm* a, const struct tm* b)
return DateGreaterThan(b,a);
}
int ExtractDate(const unsigned char* date, unsigned char format,
struct tm* certTime, int* idx)
{
XMEMSET(certTime, 0, sizeof(struct tm));
if (format == ASN_UTC_TIME) {
if (btoi(date[0]) >= 5)
certTime->tm_year = 1900;
else
certTime->tm_year = 2000;
}
else { /* format == GENERALIZED_TIME */
certTime->tm_year += btoi(date[*idx]) * 1000; *idx = *idx + 1;
certTime->tm_year += btoi(date[*idx]) * 100; *idx = *idx + 1;
}
/* adjust tm_year, tm_mon */
GetTime((int*)&certTime->tm_year, date, idx); certTime->tm_year -= 1900;
GetTime((int*)&certTime->tm_mon, date, idx); certTime->tm_mon -= 1;
GetTime((int*)&certTime->tm_mday, date, idx);
GetTime((int*)&certTime->tm_hour, date, idx);
GetTime((int*)&certTime->tm_min, date, idx);
GetTime((int*)&certTime->tm_sec, date, idx);
return 1;
}
/* like atoi but only use first byte */
/* Make sure before and after dates are valid */
int ValidateDate(const byte* date, byte format, int dateType)
@@ -3021,26 +3050,10 @@ int ValidateDate(const byte* date, byte format, int dateType)
#endif
ltime = XTIME(0);
XMEMSET(&certTime, 0, sizeof(certTime));
if (format == ASN_UTC_TIME) {
if (btoi(date[0]) >= 5)
certTime.tm_year = 1900;
else
certTime.tm_year = 2000;
if (!ExtractDate(date, format, &certTime, &i)) {
WOLFSSL_MSG("Error extracting the date");
return 0;
}
else { /* format == GENERALIZED_TIME */
certTime.tm_year += btoi(date[i++]) * 1000;
certTime.tm_year += btoi(date[i++]) * 100;
}
/* adjust tm_year, tm_mon */
GetTime((int*)&certTime.tm_year, date, &i); certTime.tm_year -= 1900;
GetTime((int*)&certTime.tm_mon, date, &i); certTime.tm_mon -= 1;
GetTime((int*)&certTime.tm_mday, date, &i);
GetTime((int*)&certTime.tm_hour, date, &i);
GetTime((int*)&certTime.tm_min, date, &i);
GetTime((int*)&certTime.tm_sec, date, &i);
if ((date[i] == '+') || (date[i] == '-')) {
WOLFSSL_MSG("Using time differential, not Zulu") ;

20
wolfssl/internal.h
View File

@@ -395,6 +395,9 @@ typedef byte word24[3];
#if !defined(NO_SHA)
#define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
#define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
#if !defined(NO_DES3)
#define BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
#endif
#endif
#if !defined(NO_SHA256)
#define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
@@ -700,6 +703,7 @@ typedef byte word24[3];
/* actual cipher values, 2nd byte */
enum {
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x16,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x39,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x33,
TLS_DH_anon_WITH_AES_128_CBC_SHA = 0x34,
@@ -873,7 +877,11 @@ enum Misc {
ZLIB_COMPRESSION = 221, /* wolfSSL zlib compression */
HELLO_EXT_SIG_ALGO = 13, /* ID for the sig_algo hello extension */
SECRET_LEN = 48, /* pre RSA and all master */
#if defined(WOLFSSL_MYSQL_COMPATIBLE)
ENCRYPT_LEN = 1024, /* allow larger static buffer with mysql */
#else
ENCRYPT_LEN = 512, /* allow 4096 bit static buffer */
#endif
SIZEOF_SENDER = 4, /* clnt or srvr */
FINISHED_SZ = 36, /* MD5_DIGEST_SIZE + SHA_DIGEST_SIZE */
MAX_RECORD_SIZE = 16384, /* 2^14, max size by standard */
@@ -1894,6 +1902,9 @@ struct WOLFSSL_CTX {
/* chain after self, in DER, with leading size for each cert */
DerBuffer* privateKey;
WOLFSSL_CERT_MANAGER* cm; /* our cert manager, ctx owns SSL will use */
#endif
#ifdef KEEP_OUR_CERT
WOLFSSL_X509* ourCert; /* keep alive a X509 struct of cert */
#endif
Suites* suites; /* make dynamic, user may not need/set */
void* heap; /* for user memory overrides */
@@ -2435,6 +2446,8 @@ struct WOLFSSL_X509_NAME {
int sz;
#if defined(OPENSSL_EXTRA) && !defined(NO_ASN)
DecodedName fullName;
WOLFSSL_X509_NAME_ENTRY cnEntry;
WOLFSSL_X509* x509; /* x509 that struct belongs to */
#endif /* OPENSSL_EXTRA */
};
@@ -2713,6 +2726,12 @@ struct WOLFSSL {
#ifdef KEEP_PEER_CERT
WOLFSSL_X509 peerCert; /* X509 peer cert */
#endif
#ifdef KEEP_OUR_CERT
WOLFSSL_X509* ourCert; /* keep alive a X509 struct of cert.
points to ctx if not owned (owned
flag found in buffers.weOwnCert) */
#endif
byte keepCert; /* keep certificate after handshake */
#if defined(FORTRESS) || defined(HAVE_STUNNEL)
void* ex_data[MAX_EX_DATA]; /* external data, for Fortress */
#endif
@@ -3037,6 +3056,7 @@ WOLFSSL_LOCAL void c32to24(word32 in, word24 out);
WOLFSSL_LOCAL const char* const* GetCipherNames(void);
WOLFSSL_LOCAL int GetCipherNamesSize(void);
WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_internal(WOLFSSL* ssl);
enum encrypt_side {

23
wolfssl/openssl/des.h
View File

@@ -61,6 +61,12 @@ WOLFSSL_API void wolfSSL_DES_cbc_encrypt(const unsigned char* input,
unsigned char* output, long length,
WOLFSSL_DES_key_schedule* schedule, WOLFSSL_DES_cblock* ivec,
int enc);
WOLFSSL_API void wolfSSL_DES_ede3_cbc_encrypt(const unsigned char* input,
unsigned char* output, long sz,
WOLFSSL_DES_key_schedule* ks1,
WOLFSSL_DES_key_schedule* ks2,
WOLFSSL_DES_key_schedule* ks3,
WOLFSSL_DES_cblock* ivec, int enc);
WOLFSSL_API void wolfSSL_DES_ncbc_encrypt(const unsigned char* input,
unsigned char* output, long length,
WOLFSSL_DES_key_schedule* schedule,
@@ -81,22 +87,7 @@ typedef WOLFSSL_DES_key_schedule DES_key_schedule;
#define DES_ncbc_encrypt wolfSSL_DES_ncbc_encrypt
#define DES_set_odd_parity wolfSSL_DES_set_odd_parity
#define DES_ecb_encrypt wolfSSL_DES_ecb_encrypt
#define DES_ede3_cbc_encrypt(input, output, sz, ks1, ks2, ks3, ivec, enc) \
do { \
Des3 des; \
byte key[24];/* EDE uses 24 size key */ \
memcpy(key, (ks1), DES_BLOCK_SIZE); \
memcpy(&key[DES_BLOCK_SIZE], (ks2), DES_BLOCK_SIZE); \
memcpy(&key[DES_BLOCK_SIZE * 2], (ks3), DES_BLOCK_SIZE); \
if (enc) { \
wc_Des3_SetKey(&des, key, (const byte*)(ivec), DES_ENCRYPTION); \
wc_Des3_CbcEncrypt(&des, (output), (input), (sz)); \
} \
else { \
wc_Des3_SetKey(&des, key, (const byte*)(ivec), DES_ENCRYPTION); \
wc_Des3_CbcDecrypt(&des, (output), (input), (sz)); \
} \
} while(0)
#define DES_ede3_cbc_encrypt wolfSSL_DES_ede3_cbc_encrypt
#ifdef __cplusplus
} /* extern "C" */

18
wolfssl/openssl/ssl.h
View File

@@ -104,7 +104,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
#define SSL_get_verify_depth wolfSSL_get_verify_depth
#define SSL_CTX_get_verify_mode wolfSSL_CTX_get_verify_mode
#define SSL_CTX_get_verify_depth wolfSSL_CTX_get_verify_depth
#define SSL_get_certificate(ctx) 0 /* used to pass to get_privatekey */
#define SSL_get_certificate wolfSSL_get_certificate
#define SSLv3_server_method wolfSSLv3_server_method
#define SSLv3_client_method wolfSSLv3_client_method
@@ -187,7 +187,9 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
#define SSL_get_version wolfSSL_get_version
#define SSL_get_current_cipher wolfSSL_get_current_cipher
#define SSL_get_cipher wolfSSL_get_cipher
/* use wolfSSL_get_cipher_name for its return format */
#define SSL_get_cipher wolfSSL_get_cipher_name
#define SSL_CIPHER_description wolfSSL_CIPHER_description
#define SSL_CIPHER_get_name wolfSSL_CIPHER_get_name
#define SSL_get1_session wolfSSL_get1_session
@@ -409,7 +411,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
/* Lighthttp compatibility */
#ifdef HAVE_LIGHTY
#if defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE)
typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY;
#define SSL_CB_HANDSHAKE_START 0x10
@@ -428,14 +430,20 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY;
#define X509_NAME_entry_count wolfSSL_X509_NAME_entry_count
#define X509_NAME_ENTRY_get_object wolfSSL_X509_NAME_ENTRY_get_object
#define X509_NAME_get_entry wolfSSL_X509_NAME_get_entry
#define ASN1_STRING_data wolfSSL_ASN1_STRING_data
#define ASN1_STRING_length wolfSSL_ASN1_STRING_length
#define X509_NAME_get_index_by_NID wolfSSL_X509_NAME_get_index_by_NID
#define X509_NAME_ENTRY_get_data wolfSSL_X509_NAME_ENTRY_get_data
#define sk_X509_NAME_pop_free wolfSSL_sk_X509_NAME_pop_free
#define SHA1 wolfSSL_SHA1
#define X509_check_private_key wolfSSL_X509_check_private_key
#define SSL_dup_CA_list wolfSSL_dup_CA_list
#define NID_commonName 0x03 /* matchs ASN_COMMON_NAME in asn.h */
#endif
#if defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY)
#if defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY) \
|| defined(WOLFSSL_MYSQL_COMPATIBLE)
#define OBJ_nid2ln wolf_OBJ_nid2ln
#define OBJ_txt2nid wolf_OBJ_txt2nid
@@ -445,7 +453,7 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY;
#define BIO_new_file wolfSSL_BIO_new_file
#endif /* HAVE_STUNNEL || HAVE_LIGHTY */
#endif /* HAVE_STUNNEL || HAVE_LIGHTY || WOLFSSL_MYSQL_COMPATIBLE */
#ifdef HAVE_STUNNEL
#include <wolfssl/openssl/asn1.h>

34
wolfssl/ssl.h
View File

@@ -70,6 +70,7 @@ typedef struct WOLFSSL_CTX WOLFSSL_CTX;
typedef struct WOLFSSL_X509 WOLFSSL_X509;
typedef struct WOLFSSL_X509_NAME WOLFSSL_X509_NAME;
typedef struct WOLFSSL_X509_NAME_ENTRY WOLFSSL_X509_NAME_ENTRY;
typedef struct WOLFSSL_X509_CHAIN WOLFSSL_X509_CHAIN;
typedef struct WOLFSSL_CERT_MANAGER WOLFSSL_CERT_MANAGER;
@@ -266,6 +267,7 @@ WOLFSSL_API WOLFSSL* wolfSSL_new(WOLFSSL_CTX*);
WOLFSSL_API int wolfSSL_set_fd (WOLFSSL*, int);
WOLFSSL_API char* wolfSSL_get_cipher_list(int priority);
WOLFSSL_API int wolfSSL_get_ciphers(char*, int);
WOLFSSL_API const char* wolfSSL_get_cipher_name(WOLFSSL* ssl);
WOLFSSL_API int wolfSSL_get_fd(const WOLFSSL*);
WOLFSSL_API void wolfSSL_set_using_nonblock(WOLFSSL*, int);
WOLFSSL_API int wolfSSL_get_using_nonblock(WOLFSSL*);
@@ -474,6 +476,11 @@ WOLFSSL_API unsigned char* wolfSSL_X509_get_subjectKeyID(
WOLFSSL_API int wolfSSL_X509_NAME_entry_count(WOLFSSL_X509_NAME*);
WOLFSSL_API int wolfSSL_X509_NAME_get_text_by_NID(
WOLFSSL_X509_NAME*, int, char*, int);
WOLFSSL_API int wolfSSL_X509_NAME_get_index_by_NID(
WOLFSSL_X509_NAME*, int, int);
WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_X509_NAME_ENTRY_get_data(WOLFSSL_X509_NAME_ENTRY*);
WOLFSSL_API char* wolfSSL_ASN1_STRING_data(WOLFSSL_ASN1_STRING*);
WOLFSSL_API int wolfSSL_ASN1_STRING_length(WOLFSSL_ASN1_STRING*);
WOLFSSL_API int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX*);
WOLFSSL_API const char* wolfSSL_X509_verify_cert_error_string(long);
WOLFSSL_API int wolfSSL_X509_get_signature_type(WOLFSSL_X509*);
@@ -1004,6 +1011,10 @@ WOLFSSL_API int wolfSSL_make_eap_keys(WOLFSSL*, void* key, unsigned int len,
WOLFSSL_API int wolfSSL_use_certificate_chain_buffer(WOLFSSL*,
const unsigned char*, long);
WOLFSSL_API int wolfSSL_UnloadCertsKeys(WOLFSSL*);
#if defined(OPENSSL_EXTRA) && defined(KEEP_OUR_CERT)
WOLFSSL_API WOLFSSL_X509* wolfSSL_get_certificate(WOLFSSL* ssl);
#endif
#endif
WOLFSSL_API int wolfSSL_CTX_set_group_messages(WOLFSSL_CTX*);
@@ -1633,21 +1644,23 @@ WOLFSSL_API int wolfSSL_accept_ex(WOLFSSL*, HandShakeCallBack, TimeoutCallBack,
WOLFSSL_API void wolfSSL_cert_service(void);
#endif
#if defined(WOLFSSL_MYSQL_COMPATIBLE)
WOLFSSL_API char* wolfSSL_ASN1_TIME_to_string(WOLFSSL_ASN1_TIME* time,
char* buf, int len);
#endif /* WOLFSSL_MYSQL_COMPATIBLE */
#ifdef OPENSSL_EXTRA /*lighttp compatibility */
#ifdef HAVE_LIGHTY
typedef struct WOLFSSL_X509_NAME_ENTRY {
WOLFSSL_ASN1_OBJECT* object;
WOLFSSL_ASN1_STRING* value;
#include <wolfssl/openssl/asn1.h>
struct WOLFSSL_X509_NAME_ENTRY {
WOLFSSL_ASN1_OBJECT* object; /* not defined yet */
WOLFSSL_ASN1_STRING data;
WOLFSSL_ASN1_STRING* value; /* points to data, for lighttpd port */
int set;
int size;
} WOLFSSL_X509_NAME_ENTRY;
#include <wolfssl/openssl/dh.h>
#include <wolfssl/openssl/asn1.h>
};
#if defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE)
WOLFSSL_API void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME *name);
WOLFSSL_API char wolfSSL_CTX_use_certificate(WOLFSSL_CTX *ctx, WOLFSSL_X509 *x);
WOLFSSL_API int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey);
@@ -1672,7 +1685,8 @@ WOLFSSL_API STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_dup_CA_list( STACK_OF(WOLFSSL_X
#endif
#endif
#if defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY)
#if defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY) \
|| defined(WOLFSSL_MYSQL_COMPATIBLE)
WOLFSSL_API char * wolf_OBJ_nid2ln(int n);
WOLFSSL_API int wolf_OBJ_txt2nid(const char *sn);

19
wolfssl/test.h
View File

@@ -441,14 +441,22 @@ static INLINE int PasswordCallBack(char* passwd, int sz, int rw, void* userdata)
static INLINE void ShowX509(WOLFSSL_X509* x509, const char* hdr)
{
char* altName;
char* issuer = wolfSSL_X509_NAME_oneline(
wolfSSL_X509_get_issuer_name(x509), 0, 0);
char* subject = wolfSSL_X509_NAME_oneline(
wolfSSL_X509_get_subject_name(x509), 0, 0);
char* issuer;
char* subject;
byte serial[32];
int ret;
int sz = sizeof(serial);
if (x509 == NULL) {
printf("%s No Cert\n", hdr);
return;
}
issuer = wolfSSL_X509_NAME_oneline(
wolfSSL_X509_get_issuer_name(x509), 0, 0);
subject = wolfSSL_X509_NAME_oneline(
wolfSSL_X509_get_subject_name(x509), 0, 0);
printf("%s\n issuer : %s\n subject: %s\n", hdr, issuer, subject);
while ( (altName = wolfSSL_X509_get_next_altname(x509)) != NULL)
@@ -487,6 +495,9 @@ static INLINE void showPeer(WOLFSSL* ssl)
printf("peer has no cert!\n");
wolfSSL_FreeX509(peer);
#endif
#if defined(SHOW_CERTS) && defined(OPENSSL_EXTRA) && defined(KEEP_OUR_CERT)
ShowX509(wolfSSL_get_certificate(ssl), "our cert info:");
#endif /* SHOW_CERTS */
printf("SSL version is %s\n", wolfSSL_get_version(ssl));
cipher = wolfSSL_get_current_cipher(ssl);

5
wolfssl/wolfcrypt/asn.h
View File

@@ -59,7 +59,6 @@
extern "C" {
#endif
enum {
ISSUER = 0,
SUBJECT = 1,
@@ -610,6 +609,10 @@ WOLFSSL_LOCAL void FreeTrustedPeerTable(TrustedPeerCert**, int, void*);
WOLFSSL_LOCAL int ToTraditional(byte* buffer, word32 length);
WOLFSSL_LOCAL int ToTraditionalEnc(byte* buffer, word32 length,const char*,int);
typedef struct tm wolfssl_tm;
WOLFSSL_LOCAL int ExtractDate(const unsigned char* date, unsigned char format,
wolfssl_tm* certTime, int* idx);
WOLFSSL_LOCAL int ValidateDate(const byte* date, byte format, int dateType);
/* ASN.1 helper functions */

8
wolfssl/wolfcrypt/types.h
View File

@@ -217,6 +217,14 @@
#define XSTRNCASECMP(s1,s2,n) _strnicmp((s1),(s2),(n))
#endif
#if defined(WOLFSSL_MYSQL_COMPATIBLE)
#ifndef USE_WINDOWS_API
#define XSNPRINTF snprintf
#else
#define XSNPRINTF _snprintf
#endif
#endif /* WOLFSSL_MYSQL_COMPATIBLE */
#if defined(WOLFSSL_CERT_EXT) || defined(HAVE_ALPN)
/* use only Thread Safe version of strtok */
#ifndef USE_WINDOWS_API