diff --git a/src/ssl.c b/src/ssl.c index 7929b46c7..ff68da5ed 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -29428,31 +29428,37 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) break; /* oidCmsKeyAgreeType */ + #ifndef NO_SHA case dhSinglePass_stdDH_sha1kdf_scheme: sName = "DH-SHA kdf"; type = oidCmsKeyAgreeType; break; - + #endif + #ifdef WOLFSSL_SHA224 case dhSinglePass_stdDH_sha224kdf_scheme: sName = "DH-SHA224 kdf"; type = oidCmsKeyAgreeType; break; - + #endif + #ifndef NO_SHA256 case dhSinglePass_stdDH_sha256kdf_scheme: sName = "DH-SHA256 kdf"; type = oidCmsKeyAgreeType; break; + #endif + #ifdef WOLFSSL_SHA384 case dhSinglePass_stdDH_sha384kdf_scheme: sName = "DH-SHA384 kdf"; type = oidCmsKeyAgreeType; break; - + #endif + #ifdef WOLFSSL_SHA512 case dhSinglePass_stdDH_sha512kdf_scheme: sName = "DH-SHA512 kdf"; type = oidCmsKeyAgreeType; break; - + #endif default: WOLFSSL_MSG("NID not in table"); return NULL; @@ -29960,16 +29966,26 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) /* oidCmsKeyAgreeType */ case oidCmsKeyAgreeType: switch (oid) { + #ifndef NO_SHA case dhSinglePass_stdDH_sha1kdf_scheme: return dhSinglePass_stdDH_sha1kdf_scheme; + #endif + #ifdef WOLFSSL_SHA224 case dhSinglePass_stdDH_sha224kdf_scheme: return dhSinglePass_stdDH_sha224kdf_scheme; + #endif + #ifndef NO_SHA256 case dhSinglePass_stdDH_sha256kdf_scheme: return dhSinglePass_stdDH_sha256kdf_scheme; + #endif + #ifdef WOLFSSL_SHA384 case dhSinglePass_stdDH_sha384kdf_scheme: return dhSinglePass_stdDH_sha384kdf_scheme; + #endif + #ifdef WOLFSSL_SHA512 case dhSinglePass_stdDH_sha512kdf_scheme: return dhSinglePass_stdDH_sha512kdf_scheme; + #endif } break; diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 5354a9bb2..bcda75a52 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -3044,9 +3044,9 @@ struct WOLFSSL_STACK { struct WOLFSSL_X509_NAME { char *name; - char staticName[ASN_NAME_MAX]; int dynamicName; int sz; + char staticName[ASN_NAME_MAX]; #if defined(OPENSSL_EXTRA) && !defined(NO_ASN) DecodedName fullName; WOLFSSL_X509_NAME_ENTRY cnEntry; @@ -3069,18 +3069,11 @@ struct WOLFSSL_X509_NAME { struct WOLFSSL_X509 { int version; - WOLFSSL_X509_NAME issuer; - WOLFSSL_X509_NAME subject; int serialSz; - byte serial[EXTERNAL_SERIAL_SIZE]; - char subjectCN[ASN_NAME_MAX]; /* common name short cut */ -#ifdef WOLFSSL_CERT_REQ - char challengePw[CTC_NAME_SIZE]; /* for REQ certs */ -#endif #ifdef WOLFSSL_SEP int deviceTypeSz; - byte deviceType[EXTERNAL_SERIAL_SIZE]; int hwTypeSz; + byte deviceType[EXTERNAL_SERIAL_SIZE]; byte hwType[EXTERNAL_SERIAL_SIZE]; int hwSerialNumSz; byte hwSerialNum[EXTERNAL_SERIAL_SIZE]; @@ -3090,24 +3083,24 @@ struct WOLFSSL_X509 { #endif /* OPENSSL_EXTRA */ #endif int notBeforeSz; - byte notBefore[MAX_DATE_SZ]; int notAfterSz; + byte notBefore[MAX_DATE_SZ]; byte notAfter[MAX_DATE_SZ]; - int sigOID; buffer sig; - int pubKeyOID; + int sigOID; + DNS_entry* altNames; /* alt names list */ buffer pubKey; + int pubKeyOID; + DNS_entry* altNamesNext; /* hint for retrieval */ #ifdef HAVE_ECC word32 pkCurveOID; #endif /* HAVE_ECC */ #ifndef NO_CERTS DerBuffer* derCert; /* may need */ #endif - DNS_entry* altNames; /* alt names list */ - DNS_entry* altNamesNext; /* hint for retrieval */ void* heap; /* heap hint */ byte dynamicMemory; /* dynamic memory flag */ - byte isCa; + byte isCa:1; #ifdef WOLFSSL_CERT_EXT char certPolicies[MAX_CERTPOL_NB][MAX_CERTPOL_SZ]; int certPoliciesNb; @@ -3116,36 +3109,45 @@ struct WOLFSSL_X509 { #ifdef HAVE_EX_DATA void* ex_data[MAX_EX_DATA]; #endif + byte* authKeyId; + byte* subjKeyId; + byte* extKeyUsageSrc; + byte* CRLInfo; + byte* authInfo; word32 pathLength; word16 keyUsage; - byte CRLdistSet; - byte CRLdistCrit; - byte* CRLInfo; int CRLInfoSz; - byte authInfoSet; - byte authInfoCrit; - byte* authInfo; int authInfoSz; - byte basicConstSet; - byte basicConstCrit; - byte basicConstPlSet; - byte subjAltNameSet; - byte subjAltNameCrit; - byte authKeyIdSet; - byte authKeyIdCrit; - byte* authKeyId; word32 authKeyIdSz; - byte subjKeyIdSet; - byte subjKeyIdCrit; - byte* subjKeyId; word32 subjKeyIdSz; - byte keyUsageSet; - byte keyUsageCrit; - byte extKeyUsageCrit; - byte* extKeyUsageSrc; word32 extKeyUsageSz; word32 extKeyUsageCount; + + byte CRLdistSet:1; + byte CRLdistCrit:1; + byte authInfoSet:1; + byte authInfoCrit:1; + byte keyUsageSet:1; + byte keyUsageCrit:1; + byte extKeyUsageCrit:1; + byte subjKeyIdSet:1; + + byte subjKeyIdCrit:1; + byte basicConstSet:1; + byte basicConstCrit:1; + byte basicConstPlSet:1; + byte subjAltNameSet:1; + byte subjAltNameCrit:1; + byte authKeyIdSet:1; + byte authKeyIdCrit:1; #endif /* OPENSSL_EXTRA */ + byte serial[EXTERNAL_SERIAL_SIZE]; + char subjectCN[ASN_NAME_MAX]; /* common name short cut */ +#ifdef WOLFSSL_CERT_REQ + char challengePw[CTC_NAME_SIZE]; /* for REQ certs */ +#endif + WOLFSSL_X509_NAME issuer; + WOLFSSL_X509_NAME subject; }; diff --git a/wolfssl/wolfcrypt/pkcs7.h b/wolfssl/wolfcrypt/pkcs7.h index fa90ae928..253cb9f67 100644 --- a/wolfssl/wolfcrypt/pkcs7.h +++ b/wolfssl/wolfcrypt/pkcs7.h @@ -93,10 +93,6 @@ typedef struct PKCS7DecodedAttrib { typedef struct PKCS7 { - byte issuerHash[KEYID_SIZE]; /* hash of all alt Names */ - byte issuerSn[MAX_SN_SZ]; /* singleCert's serial number */ - byte publicKey[MAX_RSA_INT_SZ + MAX_RSA_E_SZ ];/*MAX RSA key size (m + e)*/ - word32 certSz[MAX_PKCS7_CERTS]; WC_RNG* rng; PKCS7Attrib* signedAttribs; byte* content; /* inner content, not owner */ @@ -131,6 +127,10 @@ typedef struct PKCS7 { int encryptOID; /* key encryption algorithm OID */ int keyWrapOID; /* key wrap algorithm OID */ int keyAgreeOID; /* key agreement algorithm OID */ + byte issuerHash[KEYID_SIZE]; /* hash of all alt Names */ + byte issuerSn[MAX_SN_SZ]; /* singleCert's serial number */ + byte publicKey[MAX_RSA_INT_SZ + MAX_RSA_E_SZ ];/*MAX RSA key size (m + e)*/ + word32 certSz[MAX_PKCS7_CERTS]; } PKCS7;