From c70ca25282e652e02d32916d6fdec87c7fe98540 Mon Sep 17 00:00:00 2001 From: Kareem Date: Fri, 27 Jan 2023 16:09:04 -0700 Subject: [PATCH] Fix building NO_ASN_TIME with cert gen and OpenSSL Extra enabled. --- tests/api.c | 19 ++++++++++++++----- wolfcrypt/test/test.c | 28 +++++++++++++++------------- wolfssl/openssl/ssl.h | 8 +++++--- 3 files changed, 34 insertions(+), 21 deletions(-) diff --git a/tests/api.c b/tests/api.c index db0f26f2d..0313c9f7d 100644 --- a/tests/api.c +++ b/tests/api.c @@ -10502,7 +10502,8 @@ static int test_wolfSSL_X509_verify(void) #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \ !defined(NO_WOLFSSL_CLIENT) && !defined(NO_DH) && !defined(NO_AES) && \ defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(SINGLE_THREADED) && \ - defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && !defined(NO_BIO) + defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && !defined(NO_BIO) \ + && !defined(NO_ASN_TIME) /* create certificate with version 2 */ static void test_set_x509_badversion(WOLFSSL_CTX* ctx) { @@ -10591,7 +10592,8 @@ static int test_wolfSSL_X509_TLS_version(void) #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \ !defined(NO_WOLFSSL_CLIENT) && !defined(NO_DH) && !defined(NO_AES) && \ defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(SINGLE_THREADED) && \ - defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && !defined(NO_BIO) + defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && !defined(NO_BIO) \ + && !defined(NO_ASN_TIME) tcp_ready ready; func_args server_args; func_args client_args; @@ -37917,8 +37919,8 @@ static int test_wolfSSL_ASN1_TIME_adj(void) static int test_wolfSSL_ASN1_TIME_to_tm(void) { int res = TEST_SKIPPED; -#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || \ - defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) \ +#if (defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || \ + defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) \ && !defined(NO_ASN_TIME) ASN1_TIME asnTime; struct tm tm; @@ -38118,14 +38120,16 @@ static int test_wolfSSL_X509_sign2(void) const unsigned char *pt; WOLFSSL_EVP_PKEY *priv; WOLFSSL_X509_NAME *name; - WOLFSSL_ASN1_TIME *notBefore, *notAfter; int derSz; +#ifndef NO_ASN_TIME + WOLFSSL_ASN1_TIME *notBefore, *notAfter; const int year = 365*24*60*60; const int day = 24*60*60; const int hour = 60*60; const int mini = 60; time_t t; +#endif const unsigned char expected[] = { 0x30, 0x82, 0x05, 0x13, 0x30, 0x82, 0x03, 0xFB, 0xA0, 0x03, 0x02, 0x01, @@ -38252,6 +38256,7 @@ static int test_wolfSSL_X509_sign2(void) AssertNotNull(name = wolfSSL_X509_get_subject_name(ca)); AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); +#ifndef NO_ASN_TIME t = (time_t)30 * year + 45 * day + 20 * hour + 30 * mini + 7 * day; AssertNotNull(notBefore = wolfSSL_ASN1_TIME_adj(NULL, t, 0, 0)); AssertNotNull(notAfter = wolfSSL_ASN1_TIME_adj(NULL, t, 365, 0)); @@ -38259,6 +38264,7 @@ static int test_wolfSSL_X509_sign2(void) AssertTrue(wolfSSL_X509_set_notBefore(x509, notBefore)); AssertTrue(wolfSSL_X509_set_notAfter(x509, notAfter)); +#endif wolfSSL_X509_sign(x509, priv, EVP_sha256()); AssertNotNull((der = wolfSSL_X509_get_der(x509, &derSz))); @@ -53699,6 +53705,9 @@ static int test_wolfSSL_X509_print(void) /* Will print IP address subject alt name. */ AssertIntEQ(BIO_get_mem_data(bio, NULL), 3350); #endif +#elif defined(NO_ASN_TIME) + /* With NO_ASN_TIME defined, X509_print skips printing Validity. */ + AssertIntEQ(BIO_get_mem_data(bio, NULL), 3213); #else AssertIntEQ(BIO_get_mem_data(bio, NULL), 3328); #endif diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 69b3ebd56..2ea874278 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -13166,13 +13166,15 @@ WOLFSSL_TEST_SUBROUTINE int memory_test(void) #ifndef NO_RSA static const char* eccKeyPubFileDer = CERT_ROOT "ecc-keyPub.der"; #endif - static const char* eccCaKeyFile = CERT_ROOT "ca-ecc-key.der"; - static const char* eccCaCertFile = CERT_ROOT "ca-ecc-cert.pem"; - #ifdef ENABLE_ECC384_CERT_GEN_TEST - static const char* eccCaKey384File = - CERT_ROOT "ca-ecc384-key.der"; - static const char* eccCaCert384File = - CERT_ROOT "ca-ecc384-cert.pem"; + #ifndef NO_ASN_TIME + static const char* eccCaKeyFile = CERT_ROOT "ca-ecc-key.der"; + static const char* eccCaCertFile = CERT_ROOT "ca-ecc-cert.pem"; + #ifdef ENABLE_ECC384_CERT_GEN_TEST + static const char* eccCaKey384File = + CERT_ROOT "ca-ecc384-key.der"; + static const char* eccCaCert384File = + CERT_ROOT "ca-ecc384-cert.pem"; + #endif #endif #endif #if defined(HAVE_PKCS7) && defined(HAVE_ECC) @@ -13209,7 +13211,7 @@ WOLFSSL_TEST_SUBROUTINE int memory_test(void) #ifndef NO_WRITE_TEMP_FILES #ifdef HAVE_ECC - #ifdef WOLFSSL_CERT_GEN + #if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME) static const char* certEccPemFile = CERT_WRITE_TEMP_DIR "certecc.pem"; static const char* certEccDerFile = CERT_WRITE_TEMP_DIR "certecc.der"; #endif @@ -13230,7 +13232,7 @@ WOLFSSL_TEST_SUBROUTINE int memory_test(void) #endif /* HAVE_ECC */ #ifndef NO_RSA - #ifdef WOLFSSL_CERT_GEN + #if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME) static const char* otherCertDerFile = CERT_WRITE_TEMP_DIR "othercert.der"; static const char* certDerFile = CERT_WRITE_TEMP_DIR "cert.der"; static const char* otherCertPemFile = CERT_WRITE_TEMP_DIR "othercert.pem"; @@ -15320,7 +15322,7 @@ exit_rsa_even_mod: } #endif /* WOLFSSL_HAVE_SP_RSA */ -#ifdef WOLFSSL_CERT_GEN +#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME) static int rsa_certgen_test(RsaKey* key, RsaKey* keypub, WC_RNG* rng, byte* tmp) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) @@ -16805,7 +16807,7 @@ WOLFSSL_TEST_SUBROUTINE int rsa_test(void) goto exit_rsa; #endif -#ifdef WOLFSSL_CERT_GEN +#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME) /* Make Cert / Sign example for RSA cert and RSA CA */ ret = rsa_certgen_test(key, keypub, &rng, tmp); if (ret != 0) @@ -25624,7 +25626,7 @@ static int ecc_test_custom_curves(WC_RNG* rng) } #endif /* WOLFSSL_CUSTOM_CURVES */ -#ifdef WOLFSSL_CERT_GEN +#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME) /* Make Cert / Sign example for ECC cert and ECC CA */ static int ecc_test_cert_gen(WC_RNG* rng) @@ -26515,7 +26517,7 @@ WOLFSSL_TEST_SUBROUTINE int ecc_test(void) #elif defined(HAVE_ECC_KEY_IMPORT) (void)ecc_test_make_pub; /* for compiler warning */ #endif -#ifdef WOLFSSL_CERT_GEN +#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME) ret = ecc_test_cert_gen(&rng); if (ret != 0) { printf("ecc_test_cert_gen failed!: %d\n", ret); diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 92745973b..cc31f21d0 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -823,17 +823,19 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define sk_ASN1_OBJECT_free wolfSSL_sk_ASN1_OBJECT_free +#ifndef NO_ASN_TIME #define ASN1_TIME_new wolfSSL_ASN1_TIME_new #define ASN1_UTCTIME_new wolfSSL_ASN1_TIME_new #define ASN1_TIME_free wolfSSL_ASN1_TIME_free #define ASN1_UTCTIME_free wolfSSL_ASN1_TIME_free #define ASN1_TIME_adj wolfSSL_ASN1_TIME_adj #define ASN1_TIME_print wolfSSL_ASN1_TIME_print -#define ASN1_TIME_to_generalizedtime wolfSSL_ASN1_TIME_to_generalizedtime -#define ASN1_TIME_set wolfSSL_ASN1_TIME_set -#define ASN1_TIME_set_string wolfSSL_ASN1_TIME_set_string #define ASN1_TIME_to_string wolfSSL_ASN1_TIME_to_string #define ASN1_TIME_to_tm wolfSSL_ASN1_TIME_to_tm +#define ASN1_TIME_to_generalizedtime wolfSSL_ASN1_TIME_to_generalizedtime +#endif +#define ASN1_TIME_set wolfSSL_ASN1_TIME_set +#define ASN1_TIME_set_string wolfSSL_ASN1_TIME_set_string #define ASN1_GENERALIZEDTIME_print wolfSSL_ASN1_GENERALIZEDTIME_print #define ASN1_GENERALIZEDTIME_free wolfSSL_ASN1_GENERALIZEDTIME_free