diff --git a/src/internal.c b/src/internal.c index e48085de1..2d8ad5687 100644 --- a/src/internal.c +++ b/src/internal.c @@ -3393,15 +3393,9 @@ void InitX509Name(WOLFSSL_X509_NAME* name, int dynamicFlag, void* heap) (void)heap; if (name != NULL) { + XMEMSET(name, 0, sizeof(WOLFSSL_X509_NAME)); name->name = name->staticName; - name->dynamicName = 0; - name->sz = 0; name->heap = heap; -#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) - XMEMSET(name->entry, 0, sizeof(name->entry)); - name->x509 = NULL; - name->entrySz = 0; -#endif /* OPENSSL_EXTRA */ } } diff --git a/src/ssl.c b/src/ssl.c index 14a160dc2..ef1f645da 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -10402,6 +10402,29 @@ int wolfSSL_X509_digest(const WOLFSSL_X509* x509, const WOLFSSL_EVP_MD* digest, } #endif +int wolfSSL_X509_pubkey_digest(const WOLFSSL_X509 *x509, + const WOLFSSL_EVP_MD *digest, unsigned char* buf, unsigned int* len) +{ + int ret; + + WOLFSSL_ENTER("wolfSSL_X509_pubkey_digest"); + + if (x509 == NULL || digest == NULL) { + WOLFSSL_MSG("Null argument found"); + return WOLFSSL_FAILURE; + } + + if (x509->pubKey.buffer == NULL || x509->pubKey.length == 0) { + WOLFSSL_MSG("No DER public key stored in X509"); + return WOLFSSL_FAILURE; + } + + ret = wolfSSL_EVP_Digest(x509->pubKey.buffer, x509->pubKey.length, buf, + len, digest, NULL); + WOLFSSL_LEAVE("wolfSSL_X509_pubkey_digest", ret); + return ret; +} + int wolfSSL_use_PrivateKey(WOLFSSL* ssl, WOLFSSL_EVP_PKEY* pkey) { WOLFSSL_ENTER("wolfSSL_use_PrivateKey"); @@ -52896,6 +52919,17 @@ int wolfSSL_X509_NAME_copy(WOLFSSL_X509_NAME* from, WOLFSSL_X509_NAME* to) return BAD_FUNC_ARG; } +#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY) + if (from->rawLen > 0) { + if (from->rawLen > ASN_NAME_MAX) { + WOLFSSL_MSG("Bad raw size"); + return BAD_FUNC_ARG; + } + XMEMCPY(to->raw, from->raw, from->rawLen); + to->rawLen = from->rawLen; + } +#endif + if (from->dynamicName) { to->name = (char*)XMALLOC(from->sz, to->heap, DYNAMIC_TYPE_SUBJECT_CN); if (to->name == NULL) diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 52718b7a9..05296b582 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -409,6 +409,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define X509_free wolfSSL_X509_free #define X509_load_certificate_file wolfSSL_X509_load_certificate_file #define X509_digest wolfSSL_X509_digest +#define X509_pubkey_digest wolfSSL_X509_pubkey_digest #define X509_get_ext_count wolfSSL_X509_get_ext_count #define X509_get_ext_d2i wolfSSL_X509_get_ext_d2i #define X509V3_EXT_i2d wolfSSL_X509V3_EXT_i2d @@ -1126,6 +1127,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define SSL3_AD_BAD_CERTIFICATE bad_certificate #define SSL_AD_BAD_CERTIFICATE SSL3_AD_BAD_CERTIFICATE +#define SSL_AD_UNRECOGNIZED_NAME unrecognized_name #define ASN1_STRFLGS_ESC_MSB 4 diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index f315b0436..5c412cab5 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -3477,6 +3477,8 @@ WOLFSSL_API void wolfSSL_X509V3_set_ctx(WOLFSSL_X509V3_CTX* ctx, WOLFSSL_API void wolfSSL_X509V3_set_ctx_nodb(WOLFSSL_X509V3_CTX* ctx); WOLFSSL_API int wolfSSL_X509_digest(const WOLFSSL_X509* x509, const WOLFSSL_EVP_MD* digest, unsigned char* buf, unsigned int* len); +WOLFSSL_API int wolfSSL_X509_pubkey_digest(const WOLFSSL_X509 *x509, + const WOLFSSL_EVP_MD *digest, unsigned char* buf, unsigned int* len); WOLFSSL_API int wolfSSL_use_certificate(WOLFSSL* ssl, WOLFSSL_X509* x509); WOLFSSL_API int wolfSSL_use_PrivateKey(WOLFSSL* ssl, WOLFSSL_EVP_PKEY* pkey); WOLFSSL_API int wolfSSL_use_PrivateKey_ASN1(int pri, WOLFSSL* ssl,