feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

add opensslextra=x509small build option

Browse Source
This commit is contained in:
Jacob Barthelmeh
2018-02-13 13:46:44 -07:00
parent ae2306ebcf
commit c9525d9c1d
9 changed files with 1611 additions and 1525 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
configure.ac
View File

@@ -514,6 +514,11 @@ then
AC_MSG_ERROR([cannot enable small and opensslextra, only one or the other.]) AC_MSG_ERROR([cannot enable small and opensslextra, only one or the other.])
fi fi
if test "$ENABLED_OPENSSLEXTRA" = "x509small"
then
AC_MSG_NOTICE([Enabling only a subset of X509 opensslextra])
AM_CFLAGS="-DOPENSSL_EXTRA_X509_SMALL"
fi
# High Strength Build # High Strength Build
AC_ARG_ENABLE([maxstrength], AC_ARG_ENABLE([maxstrength],

65
src/internal.c
View File

@@ -2750,7 +2750,7 @@ void InitX509Name(WOLFSSL_X509_NAME* name, int dynamicFlag)
if (name != NULL) { if (name != NULL) {
name->name = name->staticName; name->name = name->staticName;
name->dynamicName = 0; name->dynamicName = 0;
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
XMEMSET(&name->fullName, 0, sizeof(DecodedName)); XMEMSET(&name->fullName, 0, sizeof(DecodedName));
XMEMSET(&name->cnEntry, 0, sizeof(WOLFSSL_X509_NAME_ENTRY)); XMEMSET(&name->cnEntry, 0, sizeof(WOLFSSL_X509_NAME_ENTRY));
XMEMSET(&name->extra, 0, sizeof(name->extra)); XMEMSET(&name->extra, 0, sizeof(name->extra));
@@ -2767,7 +2767,7 @@ void FreeX509Name(WOLFSSL_X509_NAME* name, void* heap)
if (name != NULL) { if (name != NULL) {
if (name->dynamicName) if (name->dynamicName)
XFREE(name->name, heap, DYNAMIC_TYPE_SUBJECT_CN); XFREE(name->name, heap, DYNAMIC_TYPE_SUBJECT_CN);
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
{ {
int i; int i;
if (name->fullName.fullName != NULL) { if (name->fullName.fullName != NULL) {
@@ -2781,7 +2781,7 @@ void FreeX509Name(WOLFSSL_X509_NAME* name, void* heap)
} }
} }
} }
#endif /* OPENSSL_EXTRA */ #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
} }
(void)heap; (void)heap;
} }
@@ -2800,40 +2800,7 @@ void InitX509(WOLFSSL_X509* x509, int dynamicFlag, void* heap)
x509->heap = heap; x509->heap = heap;
InitX509Name(&x509->issuer, 0); InitX509Name(&x509->issuer, 0);
InitX509Name(&x509->subject, 0); InitX509Name(&x509->subject, 0);
x509->version = 0;
x509->pubKey.buffer = NULL;
x509->sig.buffer = NULL;
x509->derCert = NULL;
x509->altNames = NULL;
x509->altNamesNext = NULL;
x509->dynamicMemory = (byte)dynamicFlag; x509->dynamicMemory = (byte)dynamicFlag;
x509->isCa = 0;
#ifdef HAVE_ECC
x509->pkCurveOID = 0;
#endif /* HAVE_ECC */
#ifdef OPENSSL_EXTRA
x509->pathLength = 0;
x509->basicConstSet = 0;
x509->basicConstCrit = 0;
x509->basicConstPlSet = 0;
x509->subjAltNameSet = 0;
x509->subjAltNameCrit = 0;
x509->authKeyIdSet = 0;
x509->authKeyIdCrit = 0;
x509->authKeyId = NULL;
x509->authKeyIdSz = 0;
x509->subjKeyIdSet = 0;
x509->subjKeyIdCrit = 0;
x509->subjKeyId = NULL;
x509->subjKeyIdSz = 0;
x509->keyUsageSet = 0;
x509->keyUsageCrit = 0;
x509->keyUsage = 0;
#ifdef WOLFSSL_SEP
x509->certPolicySet = 0;
x509->certPolicyCrit = 0;
#endif /* WOLFSSL_SEP */
#endif /* OPENSSL_EXTRA */
} }
@@ -2849,7 +2816,7 @@ void FreeX509(WOLFSSL_X509* x509)
XFREE(x509->pubKey.buffer, x509->heap, DYNAMIC_TYPE_PUBLIC_KEY); XFREE(x509->pubKey.buffer, x509->heap, DYNAMIC_TYPE_PUBLIC_KEY);
FreeDer(&x509->derCert); FreeDer(&x509->derCert);
XFREE(x509->sig.buffer, x509->heap, DYNAMIC_TYPE_SIGNATURE); XFREE(x509->sig.buffer, x509->heap, DYNAMIC_TYPE_SIGNATURE);
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
XFREE(x509->authKeyId, x509->heap, DYNAMIC_TYPE_X509_EXT); XFREE(x509->authKeyId, x509->heap, DYNAMIC_TYPE_X509_EXT);
XFREE(x509->subjKeyId, x509->heap, DYNAMIC_TYPE_X509_EXT); XFREE(x509->subjKeyId, x509->heap, DYNAMIC_TYPE_X509_EXT);
if (x509->authInfo != NULL) { if (x509->authInfo != NULL) {
@@ -2858,7 +2825,7 @@ void FreeX509(WOLFSSL_X509* x509)
if (x509->extKeyUsageSrc != NULL) { if (x509->extKeyUsageSrc != NULL) {
XFREE(x509->extKeyUsageSrc, x509->heap, DYNAMIC_TYPE_X509_EXT); XFREE(x509->extKeyUsageSrc, x509->heap, DYNAMIC_TYPE_X509_EXT);
} }
#endif /* OPENSSL_EXTRA */ #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
if (x509->altNames) if (x509->altNames)
FreeAltNames(x509->altNames, x509->heap); FreeAltNames(x509->altNames, x509->heap);
} }
@@ -7509,7 +7476,8 @@ static void AddSessionCertToChain(WOLFSSL_X509_CHAIN* chain,
} }
#endif #endif
#if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) #if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) || \
defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
/* Copy parts X509 needs from Decoded cert, 0 on success */ /* Copy parts X509 needs from Decoded cert, 0 on success */
int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
{ {
@@ -7524,7 +7492,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
XSTRNCPY(x509->issuer.name, dCert->issuer, ASN_NAME_MAX); XSTRNCPY(x509->issuer.name, dCert->issuer, ASN_NAME_MAX);
x509->issuer.name[ASN_NAME_MAX - 1] = '\0'; x509->issuer.name[ASN_NAME_MAX - 1] = '\0';
x509->issuer.sz = (int)XSTRLEN(x509->issuer.name) + 1; x509->issuer.sz = (int)XSTRLEN(x509->issuer.name) + 1;
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
if (dCert->issuerName.fullName != NULL) { if (dCert->issuerName.fullName != NULL) {
XMEMCPY(&x509->issuer.fullName, XMEMCPY(&x509->issuer.fullName,
&dCert->issuerName, sizeof(DecodedName)); &dCert->issuerName, sizeof(DecodedName));
@@ -7536,12 +7504,12 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
dCert->issuerName.fullName, dCert->issuerName.fullNameLen); dCert->issuerName.fullName, dCert->issuerName.fullNameLen);
} }
x509->issuer.x509 = x509; x509->issuer.x509 = x509;
#endif /* OPENSSL_EXTRA */ #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
XSTRNCPY(x509->subject.name, dCert->subject, ASN_NAME_MAX); XSTRNCPY(x509->subject.name, dCert->subject, ASN_NAME_MAX);
x509->subject.name[ASN_NAME_MAX - 1] = '\0'; x509->subject.name[ASN_NAME_MAX - 1] = '\0';
x509->subject.sz = (int)XSTRLEN(x509->subject.name) + 1; x509->subject.sz = (int)XSTRLEN(x509->subject.name) + 1;
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
if (dCert->subjectName.fullName != NULL) { if (dCert->subjectName.fullName != NULL) {
XMEMCPY(&x509->subject.fullName, XMEMCPY(&x509->subject.fullName,
&dCert->subjectName, sizeof(DecodedName)); &dCert->subjectName, sizeof(DecodedName));
@@ -7552,7 +7520,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
dCert->subjectName.fullName, dCert->subjectName.fullNameLen); dCert->subjectName.fullName, dCert->subjectName.fullNameLen);
} }
x509->subject.x509 = x509; x509->subject.x509 = x509;
#endif /* OPENSSL_EXTRA */ #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
#ifdef WOLFSSL_NGINX #ifdef WOLFSSL_NGINX
XMEMCPY(x509->subject.raw, dCert->subjectRaw, dCert->subjectRawLen); XMEMCPY(x509->subject.raw, dCert->subjectRaw, dCert->subjectRawLen);
x509->subject.rawLen = dCert->subjectRawLen; x509->subject.rawLen = dCert->subjectRawLen;
@@ -7647,7 +7615,8 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
dCert->weOwnAltNames = 0; dCert->weOwnAltNames = 0;
x509->altNamesNext = x509->altNames; /* index hint */ x509->altNamesNext = x509->altNames; /* index hint */
#if defined(OPENSSL_EXTRA) && !defined(IGNORE_NAME_CONSTRAINTS) #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
!defined(IGNORE_NAME_CONSTRAINTS)
/* add copies of alternate emails from dCert to X509 */ /* add copies of alternate emails from dCert to X509 */
if (dCert->altEmailNames != NULL) { if (dCert->altEmailNames != NULL) {
DNS_entry* cur = dCert->altEmailNames; DNS_entry* cur = dCert->altEmailNames;
@@ -7682,10 +7651,10 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
cur = cur->next; cur = cur->next;
} }
} }
#endif #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
x509->isCa = dCert->isCA; x509->isCa = dCert->isCA;
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
x509->pathLength = dCert->pathLength; x509->pathLength = dCert->pathLength;
x509->keyUsage = dCert->extKeyUsage; x509->keyUsage = dCert->extKeyUsage;
@@ -7766,7 +7735,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
x509->certPoliciesNb = dCert->extCertPoliciesNb; x509->certPoliciesNb = dCert->extCertPoliciesNb;
} }
#endif /* WOLFSSL_CERT_EXT */ #endif /* WOLFSSL_CERT_EXT */
#endif /* OPENSSL_EXTRA */ #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
#ifdef HAVE_ECC #ifdef HAVE_ECC
x509->pkCurveOID = dCert->pkCurveOID; x509->pkCurveOID = dCert->pkCurveOID;
#endif /* HAVE_ECC */ #endif /* HAVE_ECC */
@@ -7800,7 +7769,7 @@ typedef struct ProcPeerCertArgs {
#ifdef WOLFSSL_TRUST_PEER_CERT #ifdef WOLFSSL_TRUST_PEER_CERT
byte haveTrustPeer; /* was cert verified by loaded trusted peer cert */ byte haveTrustPeer; /* was cert verified by loaded trusted peer cert */
#endif #endif
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
char untrustedDepth; char untrustedDepth;
#endif #endif
} ProcPeerCertArgs; } ProcPeerCertArgs;

2924
src/ssl.c
View File

File diff suppressed because it is too large Load Diff

16
tests/api.c
View File

@@ -247,9 +247,15 @@
#include <wolfssl/wolfcrypt/ed25519.h> #include <wolfssl/wolfcrypt/ed25519.h>
#endif #endif
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
#include <wolfssl/openssl/ssl.h>
#ifndef NO_ASN
/* for ASN_COMMON_NAME DN_tags enum */
#include <wolfssl/wolfcrypt/asn.h>
#endif
#endif
#ifdef OPENSSL_EXTRA #ifdef OPENSSL_EXTRA
#include <wolfssl/openssl/asn1.h> #include <wolfssl/openssl/asn1.h>
#include <wolfssl/openssl/ssl.h>
#include <wolfssl/openssl/crypto.h> #include <wolfssl/openssl/crypto.h>
#include <wolfssl/openssl/pkcs12.h> #include <wolfssl/openssl/pkcs12.h>
#include <wolfssl/openssl/evp.h> #include <wolfssl/openssl/evp.h>
@@ -265,10 +271,6 @@
#ifndef NO_DES3 #ifndef NO_DES3
#include <wolfssl/openssl/des.h> #include <wolfssl/openssl/des.h>
#endif #endif
#ifndef NO_ASN
/* for ASN_COMMON_NAME DN_tags enum */
#include <wolfssl/wolfcrypt/asn.h>
#endif
#endif /* OPENSSL_EXTRA */ #endif /* OPENSSL_EXTRA */
#if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) \ #if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) \
@@ -14659,8 +14661,8 @@ static void test_wolfSSL_CTX_add_client_CA(void)
static void test_wolfSSL_X509_NID(void) static void test_wolfSSL_X509_NID(void)
{ {
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)\ #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
&& defined(USE_CERT_BUFFERS_2048) && !defined(NO_ASN) !defined(NO_RSA) && defined(USE_CERT_BUFFERS_2048) && !defined(NO_ASN)
int sigType; int sigType;
int nameSz; int nameSz;

59
wolfcrypt/src/asn.c
View File

@@ -3591,7 +3591,7 @@ void FreeDecodedCert(DecodedCert* cert)
XFREE(cert->hwType, cert->heap, DYNAMIC_TYPE_X509_EXT); XFREE(cert->hwType, cert->heap, DYNAMIC_TYPE_X509_EXT);
XFREE(cert->hwSerialNum, cert->heap, DYNAMIC_TYPE_X509_EXT); XFREE(cert->hwSerialNum, cert->heap, DYNAMIC_TYPE_X509_EXT);
#endif /* WOLFSSL_SEP */ #endif /* WOLFSSL_SEP */
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
if (cert->issuerName.fullName != NULL) if (cert->issuerName.fullName != NULL)
XFREE(cert->issuerName.fullName, cert->heap, DYNAMIC_TYPE_X509); XFREE(cert->issuerName.fullName, cert->heap, DYNAMIC_TYPE_X509);
if (cert->subjectName.fullName != NULL) if (cert->subjectName.fullName != NULL)
@@ -3829,7 +3829,7 @@ static int GetName(DecodedCert* cert, int nameType)
char* full; char* full;
byte* hash; byte* hash;
word32 idx; word32 idx;
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
DecodedName* dName = DecodedName* dName =
(nameType == ISSUER) ? &cert->issuerName : &cert->subjectName; (nameType == ISSUER) ? &cert->issuerName : &cert->subjectName;
int dcnum = 0; int dcnum = 0;
@@ -3941,7 +3941,7 @@ static int GetName(DecodedCert* cert, int nameType)
idx += 4; idx += 4;
copy = TRUE; copy = TRUE;
} }
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
dName->cnIdx = cert->srcIdx; dName->cnIdx = cert->srcIdx;
dName->cnLen = strLen; dName->cnLen = strLen;
#endif /* OPENSSL_EXTRA */ #endif /* OPENSSL_EXTRA */
@@ -3959,7 +3959,7 @@ static int GetName(DecodedCert* cert, int nameType)
cert->subjectSNEnc = b; cert->subjectSNEnc = b;
} }
#endif /* WOLFSSL_CERT_GEN */ #endif /* WOLFSSL_CERT_GEN */
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
dName->snIdx = cert->srcIdx; dName->snIdx = cert->srcIdx;
dName->snLen = strLen; dName->snLen = strLen;
#endif /* OPENSSL_EXTRA */ #endif /* OPENSSL_EXTRA */
@@ -3977,7 +3977,7 @@ static int GetName(DecodedCert* cert, int nameType)
cert->subjectCEnc = b; cert->subjectCEnc = b;
} }
#endif /* WOLFSSL_CERT_GEN */ #endif /* WOLFSSL_CERT_GEN */
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
dName->cIdx = cert->srcIdx; dName->cIdx = cert->srcIdx;
dName->cLen = strLen; dName->cLen = strLen;
#endif /* OPENSSL_EXTRA */ #endif /* OPENSSL_EXTRA */
@@ -3995,7 +3995,7 @@ static int GetName(DecodedCert* cert, int nameType)
cert->subjectLEnc = b; cert->subjectLEnc = b;
} }
#endif /* WOLFSSL_CERT_GEN */ #endif /* WOLFSSL_CERT_GEN */
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
dName->lIdx = cert->srcIdx; dName->lIdx = cert->srcIdx;
dName->lLen = strLen; dName->lLen = strLen;
#endif /* OPENSSL_EXTRA */ #endif /* OPENSSL_EXTRA */
@@ -4013,7 +4013,7 @@ static int GetName(DecodedCert* cert, int nameType)
cert->subjectSTEnc = b; cert->subjectSTEnc = b;
} }
#endif /* WOLFSSL_CERT_GEN */ #endif /* WOLFSSL_CERT_GEN */
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
dName->stIdx = cert->srcIdx; dName->stIdx = cert->srcIdx;
dName->stLen = strLen; dName->stLen = strLen;
#endif /* OPENSSL_EXTRA */ #endif /* OPENSSL_EXTRA */
@@ -4031,7 +4031,7 @@ static int GetName(DecodedCert* cert, int nameType)
cert->subjectOEnc = b; cert->subjectOEnc = b;
} }
#endif /* WOLFSSL_CERT_GEN */ #endif /* WOLFSSL_CERT_GEN */
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
dName->oIdx = cert->srcIdx; dName->oIdx = cert->srcIdx;
dName->oLen = strLen; dName->oLen = strLen;
#endif /* OPENSSL_EXTRA */ #endif /* OPENSSL_EXTRA */
@@ -4049,7 +4049,7 @@ static int GetName(DecodedCert* cert, int nameType)
cert->subjectOUEnc = b; cert->subjectOUEnc = b;
} }
#endif /* WOLFSSL_CERT_GEN */ #endif /* WOLFSSL_CERT_GEN */
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
dName->ouIdx = cert->srcIdx; dName->ouIdx = cert->srcIdx;
dName->ouLen = strLen; dName->ouLen = strLen;
#endif /* OPENSSL_EXTRA */ #endif /* OPENSSL_EXTRA */
@@ -4060,7 +4060,7 @@ static int GetName(DecodedCert* cert, int nameType)
idx += 14; idx += 14;
copy = TRUE; copy = TRUE;
} }
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
dName->snIdx = cert->srcIdx; dName->snIdx = cert->srcIdx;
dName->snLen = strLen; dName->snLen = strLen;
#endif /* OPENSSL_EXTRA */ #endif /* OPENSSL_EXTRA */
@@ -4114,7 +4114,7 @@ static int GetName(DecodedCert* cert, int nameType)
cert->subjectEmailLen = adv; cert->subjectEmailLen = adv;
} }
#endif /* WOLFSSL_CERT_GEN */ #endif /* WOLFSSL_CERT_GEN */
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
dName->emailIdx = cert->srcIdx; dName->emailIdx = cert->srcIdx;
dName->emailLen = adv; dName->emailLen = adv;
#endif /* OPENSSL_EXTRA */ #endif /* OPENSSL_EXTRA */
@@ -4160,7 +4160,8 @@ static int GetName(DecodedCert* cert, int nameType)
case ASN_USER_ID: case ASN_USER_ID:
XMEMCPY(&full[idx], "/UID=", 5); XMEMCPY(&full[idx], "/UID=", 5);
idx += 5; idx += 5;
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA) || \
defined(OPENSSL_EXTRA_X509_SMALL)
dName->uidIdx = cert->srcIdx; dName->uidIdx = cert->srcIdx;
dName->uidLen = adv; dName->uidLen = adv;
#endif /* OPENSSL_EXTRA */ #endif /* OPENSSL_EXTRA */
@@ -4169,7 +4170,8 @@ static int GetName(DecodedCert* cert, int nameType)
case ASN_DOMAIN_COMPONENT: case ASN_DOMAIN_COMPONENT:
XMEMCPY(&full[idx], "/DC=", 4); XMEMCPY(&full[idx], "/DC=", 4);
idx += 4; idx += 4;
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA) || \
defined(OPENSSL_EXTRA_X509_SMALL)
dName->dcIdx[dcnum] = cert->srcIdx; dName->dcIdx[dcnum] = cert->srcIdx;
dName->dcLen[dcnum] = adv; dName->dcLen[dcnum] = adv;
dName->dcNum = dcnum + 1; dName->dcNum = dcnum + 1;
@@ -4191,7 +4193,7 @@ static int GetName(DecodedCert* cert, int nameType)
} }
full[idx++] = 0; full[idx++] = 0;
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
{ {
int totalLen = 0; int totalLen = 0;
int i = 0; int i = 0;
@@ -5925,7 +5927,7 @@ static int DecodeAuthKeyId(byte* input, int sz, DecodedCert* cert)
return ASN_PARSE_E; return ASN_PARSE_E;
} }
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
cert->extAuthKeyIdSrc = &input[idx]; cert->extAuthKeyIdSrc = &input[idx];
cert->extAuthKeyIdSz = length; cert->extAuthKeyIdSz = length;
#endif /* OPENSSL_EXTRA */ #endif /* OPENSSL_EXTRA */
@@ -5959,7 +5961,7 @@ static int DecodeSubjKeyId(byte* input, int sz, DecodedCert* cert)
if (ret < 0) if (ret < 0)
return ret; return ret;
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
cert->extSubjKeyIdSrc = &input[idx]; cert->extSubjKeyIdSrc = &input[idx];
cert->extSubjKeyIdSz = length; cert->extSubjKeyIdSz = length;
#endif /* OPENSSL_EXTRA */ #endif /* OPENSSL_EXTRA */
@@ -6010,7 +6012,7 @@ static int DecodeExtKeyUsage(byte* input, int sz, DecodedCert* cert)
return ASN_PARSE_E; return ASN_PARSE_E;
} }
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
cert->extExtKeyUsageSrc = input + idx; cert->extExtKeyUsageSrc = input + idx;
cert->extExtKeyUsageSz = length; cert->extExtKeyUsageSz = length;
#endif #endif
@@ -6043,7 +6045,7 @@ static int DecodeExtKeyUsage(byte* input, int sz, DecodedCert* cert)
break; break;
} }
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
cert->extExtKeyUsageCount++; cert->extExtKeyUsageCount++;
#endif #endif
} }
@@ -6427,7 +6429,7 @@ static int DecodeCertExtensions(DecodedCert* cert)
switch (oid) { switch (oid) {
case BASIC_CA_OID: case BASIC_CA_OID:
VERIFY_AND_SET_OID(cert->extBasicConstSet); VERIFY_AND_SET_OID(cert->extBasicConstSet);
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
cert->extBasicConstCrit = critical; cert->extBasicConstCrit = critical;
#endif #endif
if (DecodeBasicCaConstraint(&input[idx], length, cert) < 0) if (DecodeBasicCaConstraint(&input[idx], length, cert) < 0)
@@ -6436,7 +6438,7 @@ static int DecodeCertExtensions(DecodedCert* cert)
case CRL_DIST_OID: case CRL_DIST_OID:
VERIFY_AND_SET_OID(cert->extCRLdistSet); VERIFY_AND_SET_OID(cert->extCRLdistSet);
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
cert->extCRLdistCrit = critical; cert->extCRLdistCrit = critical;
#endif #endif
if (DecodeCrlDist(&input[idx], length, cert) < 0) if (DecodeCrlDist(&input[idx], length, cert) < 0)
@@ -6445,7 +6447,7 @@ static int DecodeCertExtensions(DecodedCert* cert)
case AUTH_INFO_OID: case AUTH_INFO_OID:
VERIFY_AND_SET_OID(cert->extAuthInfoSet); VERIFY_AND_SET_OID(cert->extAuthInfoSet);
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
cert->extAuthInfoCrit = critical; cert->extAuthInfoCrit = critical;
#endif #endif
if (DecodeAuthInfo(&input[idx], length, cert) < 0) if (DecodeAuthInfo(&input[idx], length, cert) < 0)
@@ -6454,7 +6456,7 @@ static int DecodeCertExtensions(DecodedCert* cert)
case ALT_NAMES_OID: case ALT_NAMES_OID:
VERIFY_AND_SET_OID(cert->extSubjAltNameSet); VERIFY_AND_SET_OID(cert->extSubjAltNameSet);
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
cert->extSubjAltNameCrit = critical; cert->extSubjAltNameCrit = critical;
#endif #endif
ret = DecodeAltNames(&input[idx], length, cert); ret = DecodeAltNames(&input[idx], length, cert);
@@ -6464,7 +6466,7 @@ static int DecodeCertExtensions(DecodedCert* cert)
case AUTH_KEY_OID: case AUTH_KEY_OID:
VERIFY_AND_SET_OID(cert->extAuthKeyIdSet); VERIFY_AND_SET_OID(cert->extAuthKeyIdSet);
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
cert->extAuthKeyIdCrit = critical; cert->extAuthKeyIdCrit = critical;
#endif #endif
if (DecodeAuthKeyId(&input[idx], length, cert) < 0) if (DecodeAuthKeyId(&input[idx], length, cert) < 0)
@@ -6473,7 +6475,7 @@ static int DecodeCertExtensions(DecodedCert* cert)
case SUBJ_KEY_OID: case SUBJ_KEY_OID:
VERIFY_AND_SET_OID(cert->extSubjKeyIdSet); VERIFY_AND_SET_OID(cert->extSubjKeyIdSet);
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
cert->extSubjKeyIdCrit = critical; cert->extSubjKeyIdCrit = critical;
#endif #endif
#ifndef WOLFSSL_ALLOW_CRIT_SKID #ifndef WOLFSSL_ALLOW_CRIT_SKID
@@ -6495,7 +6497,8 @@ static int DecodeCertExtensions(DecodedCert* cert)
case CERT_POLICY_OID: case CERT_POLICY_OID:
#ifdef WOLFSSL_SEP #ifdef WOLFSSL_SEP
VERIFY_AND_SET_OID(cert->extCertPolicySet); VERIFY_AND_SET_OID(cert->extCertPolicySet);
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA) || \
defined(OPENSSL_EXTRA_X509_SMALL)
cert->extCertPolicyCrit = critical; cert->extCertPolicyCrit = critical;
#endif #endif
#endif #endif
@@ -6510,7 +6513,7 @@ static int DecodeCertExtensions(DecodedCert* cert)
case KEY_USAGE_OID: case KEY_USAGE_OID:
VERIFY_AND_SET_OID(cert->extKeyUsageSet); VERIFY_AND_SET_OID(cert->extKeyUsageSet);
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
cert->extKeyUsageCrit = critical; cert->extKeyUsageCrit = critical;
#endif #endif
if (DecodeKeyUsage(&input[idx], length, cert) < 0) if (DecodeKeyUsage(&input[idx], length, cert) < 0)
@@ -6519,7 +6522,7 @@ static int DecodeCertExtensions(DecodedCert* cert)
case EXT_KEY_USAGE_OID: case EXT_KEY_USAGE_OID:
VERIFY_AND_SET_OID(cert->extExtKeyUsageSet); VERIFY_AND_SET_OID(cert->extExtKeyUsageSet);
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
cert->extExtKeyUsageCrit = critical; cert->extExtKeyUsageCrit = critical;
#endif #endif
if (DecodeExtKeyUsage(&input[idx], length, cert) < 0) if (DecodeExtKeyUsage(&input[idx], length, cert) < 0)
@@ -6538,7 +6541,7 @@ static int DecodeCertExtensions(DecodedCert* cert)
} }
#endif #endif
VERIFY_AND_SET_OID(cert->extNameConstraintSet); VERIFY_AND_SET_OID(cert->extNameConstraintSet);
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
cert->extNameConstraintCrit = critical; cert->extNameConstraintCrit = critical;
#endif #endif
if (DecodeNameConstraints(&input[idx], length, cert) < 0) if (DecodeNameConstraints(&input[idx], length, cert) < 0)

9
wolfssl/internal.h
View File

@@ -3047,7 +3047,8 @@ struct WOLFSSL_X509_NAME {
int dynamicName; int dynamicName;
int sz; int sz;
char staticName[ASN_NAME_MAX]; char staticName[ASN_NAME_MAX];
#if defined(OPENSSL_EXTRA) && !defined(NO_ASN) #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
!defined(NO_ASN)
DecodedName fullName; DecodedName fullName;
WOLFSSL_X509_NAME_ENTRY cnEntry; WOLFSSL_X509_NAME_ENTRY cnEntry;
WOLFSSL_X509_NAME_ENTRY extra[MAX_NAME_ENTRIES]; /* extra entries added */ WOLFSSL_X509_NAME_ENTRY extra[MAX_NAME_ENTRIES]; /* extra entries added */
@@ -3077,7 +3078,7 @@ struct WOLFSSL_X509 {
byte hwType[EXTERNAL_SERIAL_SIZE]; byte hwType[EXTERNAL_SERIAL_SIZE];
int hwSerialNumSz; int hwSerialNumSz;
byte hwSerialNum[EXTERNAL_SERIAL_SIZE]; byte hwSerialNum[EXTERNAL_SERIAL_SIZE];
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
byte certPolicySet; byte certPolicySet;
byte certPolicyCrit; byte certPolicyCrit;
#endif /* OPENSSL_EXTRA */ #endif /* OPENSSL_EXTRA */
@@ -3105,7 +3106,7 @@ struct WOLFSSL_X509 {
char certPolicies[MAX_CERTPOL_NB][MAX_CERTPOL_SZ]; char certPolicies[MAX_CERTPOL_NB][MAX_CERTPOL_SZ];
int certPoliciesNb; int certPoliciesNb;
#endif /* WOLFSSL_CERT_EXT */ #endif /* WOLFSSL_CERT_EXT */
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
#ifdef HAVE_EX_DATA #ifdef HAVE_EX_DATA
void* ex_data[MAX_EX_DATA]; void* ex_data[MAX_EX_DATA];
#endif #endif
@@ -3140,7 +3141,7 @@ struct WOLFSSL_X509 {
byte subjAltNameCrit:1; byte subjAltNameCrit:1;
byte authKeyIdSet:1; byte authKeyIdSet:1;
byte authKeyIdCrit:1; byte authKeyIdCrit:1;
#endif /* OPENSSL_EXTRA */ #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
byte serial[EXTERNAL_SERIAL_SIZE]; byte serial[EXTERNAL_SERIAL_SIZE];
char subjectCN[ASN_NAME_MAX]; /* common name short cut */ char subjectCN[ASN_NAME_MAX]; /* common name short cut */
#ifdef WOLFSSL_CERT_REQ #ifdef WOLFSSL_CERT_REQ

31
wolfssl/ssl.h
View File

@@ -84,7 +84,7 @@
#define NO_OLD_WC_NAMES #define NO_OLD_WC_NAMES
#endif #endif
#elif defined(OPENSSL_EXTRA) #elif (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
#include <wolfssl/openssl/bn.h> #include <wolfssl/openssl/bn.h>
#include <wolfssl/openssl/hmac.h> #include <wolfssl/openssl/hmac.h>
@@ -223,7 +223,7 @@ struct WOLFSSL_EVP_PKEY {
union { union {
char* ptr; /* der format of key / or raw for NTRU */ char* ptr; /* der format of key / or raw for NTRU */
} pkey; } pkey;
#ifdef OPENSSL_EXTRA #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
#ifndef NO_RSA #ifndef NO_RSA
WOLFSSL_RSA* rsa; WOLFSSL_RSA* rsa;
byte ownRsa; /* if struct owns RSA and should free it */ byte ownRsa; /* if struct owns RSA and should free it */
@@ -233,7 +233,7 @@ struct WOLFSSL_EVP_PKEY {
byte ownEcc; /* if struct owns ECC and should free it */ byte ownEcc; /* if struct owns ECC and should free it */
#endif #endif
WC_RNG rng; WC_RNG rng;
#endif #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
#ifdef HAVE_ECC #ifdef HAVE_ECC
int pkey_curve; int pkey_curve;
#endif #endif
@@ -2416,6 +2416,21 @@ WOLFSSL_API int wolfSSL_accept_ex(WOLFSSL*, HandShakeCallBack, TimeoutCallBack,
WOLFSSL_API void wolfSSL_cert_service(void); WOLFSSL_API void wolfSSL_cert_service(void);
#endif #endif
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
/* Smaller subset of X509 compatibility functions. Avoid increasing the size of
* this subset and its memory usage */
#include <wolfssl/openssl/asn1.h>
struct WOLFSSL_X509_NAME_ENTRY {
WOLFSSL_ASN1_OBJECT* object; /* not defined yet */
WOLFSSL_ASN1_STRING data;
WOLFSSL_ASN1_STRING* value; /* points to data, for lighttpd port */
int nid; /* i.e. ASN_COMMON_NAME */
int set;
int size;
};
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
#ifdef OPENSSL_EXTRA #ifdef OPENSSL_EXTRA
enum { enum {
@@ -2522,16 +2537,6 @@ struct WOLFSSL_ASN1_BIT_STRING {
}; };
#include <wolfssl/openssl/asn1.h>
struct WOLFSSL_X509_NAME_ENTRY {
WOLFSSL_ASN1_OBJECT* object; /* not defined yet */
WOLFSSL_ASN1_STRING data;
WOLFSSL_ASN1_STRING* value; /* points to data, for lighttpd port */
int nid; /* i.e. ASN_COMMON_NAME */
int set;
int size;
};
#if defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE) \ #if defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE) \
|| defined(HAVE_STUNNEL) \ || defined(HAVE_STUNNEL) \
|| defined(WOLFSSL_NGINX) \ || defined(WOLFSSL_NGINX) \

9
wolfssl/wolfcrypt/asn.h
View File

@@ -571,7 +571,7 @@ struct DecodedCert {
word16 extKeyUsage; /* Key usage bitfield */ word16 extKeyUsage; /* Key usage bitfield */
byte extExtKeyUsage; /* Extended Key usage bitfield */ byte extExtKeyUsage; /* Extended Key usage bitfield */
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
byte* extExtKeyUsageSrc; byte* extExtKeyUsageSrc;
word32 extExtKeyUsageSz; word32 extExtKeyUsageSz;
word32 extExtKeyUsageCount; word32 extExtKeyUsageCount;
@@ -619,7 +619,7 @@ struct DecodedCert {
char* subjectEmail; char* subjectEmail;
int subjectEmailLen; int subjectEmailLen;
#endif /* WOLFSSL_CERT_GEN */ #endif /* WOLFSSL_CERT_GEN */
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
DecodedName issuerName; DecodedName issuerName;
DecodedName subjectName; DecodedName subjectName;
#endif /* OPENSSL_EXTRA */ #endif /* OPENSSL_EXTRA */
@@ -659,7 +659,7 @@ struct DecodedCert {
#ifdef WOLFSSL_SEP #ifdef WOLFSSL_SEP
byte extCertPolicySet : 1; byte extCertPolicySet : 1;
#endif #endif
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
byte extCRLdistCrit : 1; byte extCRLdistCrit : 1;
byte extAuthInfoCrit : 1; byte extAuthInfoCrit : 1;
byte extBasicConstCrit : 1; byte extBasicConstCrit : 1;
@@ -758,7 +758,8 @@ struct TrustedPeerCert {
/* for testing or custom openssl wrappers */ /* for testing or custom openssl wrappers */
#if defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) #if defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \
defined(OPENSSL_EXTRA_X509_SMALL)
#define WOLFSSL_ASN_API WOLFSSL_API #define WOLFSSL_ASN_API WOLFSSL_API
#else #else
#define WOLFSSL_ASN_API WOLFSSL_LOCAL #define WOLFSSL_ASN_API WOLFSSL_LOCAL

10
wolfssl/wolfcrypt/settings.h
View File

@@ -1630,6 +1630,16 @@ extern void uITRON4_free(void *p) ;
#endif #endif
#endif #endif
/* switch for compatibility layer functionality. Has subparts i.e. BIO/X509
* When opensslextra is enabled all subparts should be turned on. */
#ifdef OPENSSL_EXTRA
#undef OPENSSL_EXTRA_X509_SMALL
#define OPENSSL_EXTRA_X509_SMALL
#undef OPENSSL_EXTRA_PKEY
#define OPENSSL_EXTRA_PKEY
#endif /* OPENSSL_EXTRA */
#ifdef __cplusplus #ifdef __cplusplus
} /* extern "C" */ } /* extern "C" */
#endif #endif