diff --git a/src/ssl.c b/src/ssl.c index f03d9bb2b..f9f2a9ebb 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -11379,14 +11379,14 @@ int wolfSSL_sk_X509_push(STACK_OF(WOLFSSL_X509_NAME)* sk, WOLFSSL_X509* x509) WOLFSSL_STACK* node; if (sk == NULL || x509 == NULL) { - return 0; + return SSL_FAILURE; } /* no previous values in stack */ if (sk->data.x509 == NULL) { sk->data.x509 = x509; sk->num += 1; - return 1; + return SSL_SUCCESS; } /* stack already has value(s) create a new node and add more */ @@ -11394,7 +11394,7 @@ int wolfSSL_sk_X509_push(STACK_OF(WOLFSSL_X509_NAME)* sk, WOLFSSL_X509* x509) DYNAMIC_TYPE_X509); if (node == NULL) { WOLFSSL_MSG("Memory error"); - return 0; + return SSL_FAILURE; } XMEMSET(node, 0, sizeof(WOLFSSL_STACK)); @@ -11405,7 +11405,7 @@ int wolfSSL_sk_X509_push(STACK_OF(WOLFSSL_X509_NAME)* sk, WOLFSSL_X509* x509) sk->data.x509 = x509; sk->num += 1; - return 1; + return SSL_SUCCESS; } @@ -12560,12 +12560,13 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, WOLFSSL_EVP_PKEY** pkey, WOLFSSL_X509** cert, STACK_OF(WOLFSSL_X509)** ca) { DecodedCert DeCert; + void* heap = NULL; int ret; byte* certData = NULL; word32 certDataSz; byte* pk = NULL; word32 pkSz; - DerCertList* certList = NULL; + WC_DerCertList* certList = NULL; WOLFSSL_ENTER("wolfSSL_PKCS12_parse"); @@ -12574,6 +12575,7 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, return 0; } + heap = wc_PKCS12_GetHeap(pkcs12); *pkey = NULL; *cert = NULL; @@ -12593,23 +12595,23 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, /* Decode cert and place in X509 stack struct */ if (certList != NULL) { - DerCertList* current = certList; + WC_DerCertList* current = certList; *ca = (STACK_OF(WOLFSSL_X509)*)XMALLOC(sizeof(STACK_OF(WOLFSSL_X509)), - pkcs12->heap, DYNAMIC_TYPE_PKCS); + heap, DYNAMIC_TYPE_PKCS); if (*ca == NULL) { if (pk != NULL) { - XFREE(pk, pkcs12->heap, DYNAMIC_TYPE_PKCS); + XFREE(pk, heap, DYNAMIC_TYPE_PKCS); } if (certData != NULL) { - XFREE(*cert, pkcs12->heap, DYNAMIC_TYPE_PKCS); *cert = NULL; + XFREE(*cert, heap, DYNAMIC_TYPE_PKCS); *cert = NULL; } - /* Free up DerCertList and move on */ + /* Free up WC_DerCertList and move on */ while (current != NULL) { - DerCertList* next = current->next; + WC_DerCertList* next = current->next; - XFREE(current->buffer, pkcs12->heap, DYNAMIC_TYPE_PKCS); - XFREE(current, pkcs12->heap, DYNAMIC_TYPE_PKCS); + XFREE(current->buffer, heap, DYNAMIC_TYPE_PKCS); + XFREE(current, heap, DYNAMIC_TYPE_PKCS); current = next; } return 0; @@ -12618,14 +12620,13 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, /* add list of DER certs as X509's to stack */ while (current != NULL) { - DerCertList* toFree = current; + WC_DerCertList* toFree = current; WOLFSSL_X509* x509; - x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), pkcs12->heap, + x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), heap, DYNAMIC_TYPE_PKCS); - InitX509(x509, 1, pkcs12->heap); - InitDecodedCert(&DeCert, current->buffer, current->bufferSz, - pkcs12->heap); + InitX509(x509, 1, heap); + InitDecodedCert(&DeCert, current->buffer, current->bufferSz, heap); if (ParseCertRelative(&DeCert, CERT_TYPE, NO_VERIFY, NULL) != 0) { WOLFSSL_MSG("Issue with parsing certificate"); FreeDecodedCert(&DeCert); @@ -12638,17 +12639,17 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, wolfSSL_X509_free(x509); wolfSSL_sk_X509_free(*ca); *ca = NULL; if (pk != NULL) { - XFREE(pk, pkcs12->heap, DYNAMIC_TYPE_PKCS); + XFREE(pk, heap, DYNAMIC_TYPE_PKCS); } if (certData != NULL) { - XFREE(certData, pkcs12->heap, DYNAMIC_TYPE_PKCS); + XFREE(certData, heap, DYNAMIC_TYPE_PKCS); } - /* Free up DerCertList */ + /* Free up WC_DerCertList */ while (current != NULL) { - DerCertList* next = current->next; + WC_DerCertList* next = current->next; - XFREE(current->buffer, pkcs12->heap, DYNAMIC_TYPE_PKCS); - XFREE(current, pkcs12->heap, DYNAMIC_TYPE_PKCS); + XFREE(current->buffer, heap, DYNAMIC_TYPE_PKCS); + XFREE(current, heap, DYNAMIC_TYPE_PKCS); current = next; } return 0; @@ -12660,46 +12661,46 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, wolfSSL_X509_free(x509); wolfSSL_sk_X509_free(*ca); *ca = NULL; if (pk != NULL) { - XFREE(pk, pkcs12->heap, DYNAMIC_TYPE_PKCS); + XFREE(pk, heap, DYNAMIC_TYPE_PKCS); } if (certData != NULL) { - XFREE(certData, pkcs12->heap, DYNAMIC_TYPE_PKCS); + XFREE(certData, heap, DYNAMIC_TYPE_PKCS); } - /* Free up DerCertList */ + /* Free up WC_DerCertList */ while (current != NULL) { - DerCertList* next = current->next; + WC_DerCertList* next = current->next; - XFREE(current->buffer, pkcs12->heap, DYNAMIC_TYPE_PKCS); - XFREE(current, pkcs12->heap, DYNAMIC_TYPE_PKCS); + XFREE(current->buffer, heap, DYNAMIC_TYPE_PKCS); + XFREE(current, heap, DYNAMIC_TYPE_PKCS); current = next; } return 0; } } current = current->next; - XFREE(toFree->buffer, pkcs12->heap, DYNAMIC_TYPE_PKCS); - XFREE(toFree, pkcs12->heap, DYNAMIC_TYPE_PKCS); + XFREE(toFree->buffer, heap, DYNAMIC_TYPE_PKCS); + XFREE(toFree, heap, DYNAMIC_TYPE_PKCS); } } /* Decode cert and place in X509 struct */ if (certData != NULL) { - *cert = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), pkcs12->heap, + *cert = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), heap, DYNAMIC_TYPE_PKCS); if (*cert == NULL) { if (pk != NULL) { - XFREE(pk, pkcs12->heap, DYNAMIC_TYPE_PKCS); + XFREE(pk, heap, DYNAMIC_TYPE_PKCS); } if (ca != NULL) { wolfSSL_sk_X509_free(*ca); *ca = NULL; } - XFREE(certData, pkcs12->heap, DYNAMIC_TYPE_PKCS); + XFREE(certData, heap, DYNAMIC_TYPE_PKCS); return 0; } - InitX509(*cert, 1, pkcs12->heap); - InitDecodedCert(&DeCert, certData, certDataSz, pkcs12->heap); + InitX509(*cert, 1, heap); + InitDecodedCert(&DeCert, certData, certDataSz, heap); if (ParseCertRelative(&DeCert, CERT_TYPE, NO_VERIFY, NULL) != 0) { WOLFSSL_MSG("Issue with parsing certificate"); } @@ -12707,7 +12708,7 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, WOLFSSL_MSG("Failed to copy decoded cert"); FreeDecodedCert(&DeCert); if (pk != NULL) { - XFREE(pk, pkcs12->heap, DYNAMIC_TYPE_PKCS); + XFREE(pk, heap, DYNAMIC_TYPE_PKCS); } if (ca != NULL) { wolfSSL_sk_X509_free(*ca); *ca = NULL; @@ -12716,7 +12717,7 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, return 0; } FreeDecodedCert(&DeCert); - XFREE(certData, pkcs12->heap, DYNAMIC_TYPE_PKCS); + XFREE(certData, heap, DYNAMIC_TYPE_PKCS); } @@ -12724,13 +12725,13 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, ret = BAD_STATE_E; if (pk != NULL) { /* decode key if present */ *pkey = (WOLFSSL_EVP_PKEY*)XMALLOC(sizeof(WOLFSSL_EVP_PKEY), - pkcs12->heap, DYNAMIC_TYPE_PKCS); + heap, DYNAMIC_TYPE_PKCS); if (*pkey == NULL) { wolfSSL_X509_free(*cert); *cert = NULL; if (ca != NULL) { wolfSSL_sk_X509_free(*ca); *ca = NULL; } - XFREE(pk, pkcs12->heap, DYNAMIC_TYPE_PKCS); + XFREE(pk, heap, DYNAMIC_TYPE_PKCS); return 0; } #ifndef NO_RSA @@ -12738,7 +12739,7 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, word32 keyIdx = 0; RsaKey key; - if (wc_InitRsaKey(&key, pkcs12->heap) != 0) { + if (wc_InitRsaKey(&key, heap) != 0) { ret = BAD_STATE_E; } else { @@ -12763,8 +12764,8 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, if (ca != NULL) { wolfSSL_sk_X509_free(*ca); *ca = NULL; } - XFREE(*pkey, pkcs12->heap, DYNAMIC_TYPE_PKCS); *pkey = NULL; - XFREE(pk, pkcs12->heap, DYNAMIC_TYPE_PKCS); + XFREE(*pkey, heap, DYNAMIC_TYPE_PKCS); *pkey = NULL; + XFREE(pk, heap, DYNAMIC_TYPE_PKCS); return 0; } @@ -12774,8 +12775,8 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, if (ca != NULL) { wolfSSL_sk_X509_free(*ca); *ca = NULL; } - XFREE(*pkey, pkcs12->heap, DYNAMIC_TYPE_PKCS); *pkey = NULL; - XFREE(pk, pkcs12->heap, DYNAMIC_TYPE_PKCS); + XFREE(*pkey, heap, DYNAMIC_TYPE_PKCS); *pkey = NULL; + XFREE(pk, heap, DYNAMIC_TYPE_PKCS); WOLFSSL_MSG("Bad PKCS12 key format"); return 0; } @@ -12791,8 +12792,8 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, if (ca != NULL) { wolfSSL_sk_X509_free(*ca); *ca = NULL; } - XFREE(*pkey, pkcs12->heap, DYNAMIC_TYPE_PKCS); *pkey = NULL; - XFREE(pk, pkcs12->heap, DYNAMIC_TYPE_PKCS); + XFREE(*pkey, heap, DYNAMIC_TYPE_PKCS); *pkey = NULL; + XFREE(pk, heap, DYNAMIC_TYPE_PKCS); WOLFSSL_MSG("Bad PKCS12 key format"); return 0; } diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index a37420f40..8a9b26cd0 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -1449,9 +1449,9 @@ int wc_CheckPrivateKey(byte* key, word32 keySz, DecodedCert* der) int ret = 0; /* test if RSA key */ - if (wc_InitRsaKey(&a, NULL) == 0) { - if (wc_RsaPrivateKeyDecode(key, &keyIdx, &a, keySz) == 0 && - der->keyOID == RSAk) { + if (der->keyOID == RSAk) { + if (wc_InitRsaKey(&a, NULL) == 0 && + wc_RsaPrivateKeyDecode(key, &keyIdx, &a, keySz) == 0) { WOLFSSL_MSG("Checking RSA key pair"); keyIdx = 0; /* reset to 0 for parsing public key */ @@ -1499,9 +1499,9 @@ int wc_CheckPrivateKey(byte* key, word32 keySz, DecodedCert* der) word32 keyIdx = 0; ecc_key key_pair; - if ((ret = wc_ecc_init(&key_pair)) == 0) { - if (wc_EccPrivateKeyDecode(key, &keyIdx, &key_pair, keySz) == 0 && - der->keyOID == ECDSAk) { + if (der->keyOID == ECDSAk) { + if ((ret = wc_ecc_init(&key_pair)) == 0 && + wc_EccPrivateKeyDecode(key, &keyIdx, &key_pair, keySz) == 0) { WOLFSSL_MSG("Checking ECC key pair"); keyIdx = 0; if ((ret = wc_ecc_import_x963(der->publicKey, der->pubKeySize, diff --git a/wolfcrypt/src/pkcs12.c b/wolfcrypt/src/pkcs12.c index c2f675bf3..f274ba3d6 100644 --- a/wolfcrypt/src/pkcs12.c +++ b/wolfcrypt/src/pkcs12.c @@ -42,10 +42,73 @@ #include #include + +enum { + WC_PKCS12_KeyBag = 667, + WC_PKCS12_ShroudedKeyBag = 668, + WC_PKCS12_CertBag = 669, + WC_PKCS12_CertBag_Type1 = 675, + WC_PKCS12_CrlBag = 670, + WC_PKCS12_SecretBag = 671, + WC_PKCS12_SafeContentsBag = 672, + WC_PKCS12_DATA = 651, + WC_PKCS12_ENCRYPTED_DATA = 656, +}; + +typedef struct ContentInfo ContentInfo; +typedef struct ContentInfo { + byte* data; + ContentInfo* next; + word32 encC; /* encryptedContent */ + word32 dataSz; + int type; /* DATA / encrypted / envelpoed */ +} ContentInfo; + + +typedef struct AuthenticatedSafe { + ContentInfo* CI; + byte* data; /* T contents.... */ + word32 oid; /* encrypted or not */ + word32 numCI; /* number of Content Info structs */ + word32 dataSz; +} AuthenticatedSafe; + + +typedef struct MacData { + byte* digest; + byte* salt; + word32 oid; + word32 digestSz; + word32 saltSz; + int itt; /* number of itterations when creating HMAC key */ +} MacData; + + +typedef struct WC_PKCS12 { + void* heap; + AuthenticatedSafe* safe; + MacData* signData; + word32 oid; /* DATA / Enveloped DATA ... */ +} WC_PKCS12; + + +/* for friendlyName, localKeyId .... */ +typedef struct WC_PKCS12_ATTRIBUTE { + byte* data; + word32 oid; + word32 dataSz; +} WC_PKCS12_ATTRIBUTE; + + WC_PKCS12* wc_PKCS12_new(void) { WC_PKCS12* pkcs12 = (WC_PKCS12*)XMALLOC(sizeof(WC_PKCS12), NULL, DYNAMIC_TYPE_PKCS); + if (pkcs12 == NULL) { + WOLFSSL_MSG("Memory issue when creating WC_PKCS12 struct"); + return NULL; + } + XMEMSET(pkcs12, 0, sizeof(WC_PKCS12)); return pkcs12; @@ -567,9 +630,9 @@ int wc_d2i_PKCS12(const byte* der, word32 derSz, WC_PKCS12* pkcs12) } -/* helper function to free DerCertList */ -static void freeCertList(DerCertList* list, void* heap) { - DerCertList* current; +/* helper function to free WC_DerCertList */ +static void freeCertList(WC_DerCertList* list, void* heap) { + WC_DerCertList* current; if (list == NULL) { return; @@ -577,7 +640,7 @@ static void freeCertList(DerCertList* list, void* heap) { current = list; while(current != NULL) { - DerCertList* next = current->next; + WC_DerCertList* next = current->next; if (current->buffer != NULL) { XFREE(current->buffer, heap, DYNAMIC_TYPE_PKCS); } @@ -616,10 +679,10 @@ static void freeBuffers(byte* a, byte* b, void* heap) */ int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, byte** pkey, word32* pkeySz, byte** cert, word32* certSz, - DerCertList** ca) + WC_DerCertList** ca) { ContentInfo* ci = NULL; - DerCertList* certList = NULL; + WC_DerCertList* certList = NULL; byte* buf = NULL; word32 i, oid; int ret, pswSz; @@ -885,7 +948,7 @@ int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, case WC_PKCS12_CertBag: /* 669 */ { - DerCertList* node; + WC_DerCertList* node; WOLFSSL_MSG("PKCS12 Cert Bag found"); if (data[idx++] != (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC)) { @@ -952,14 +1015,14 @@ int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, } /* list to hold all certs found */ - node = (DerCertList*)XMALLOC(sizeof(DerCertList), + node = (WC_DerCertList*)XMALLOC(sizeof(WC_DerCertList), pkcs12->heap, DYNAMIC_TYPE_PKCS); if (node == NULL) { freeBuffers(*pkey, buf, pkcs12->heap); freeCertList(certList, pkcs12->heap); return MEMORY_E; } - XMEMSET(node, 0, sizeof(DerCertList)); + XMEMSET(node, 0, sizeof(WC_DerCertList)); node->buffer = (byte*)XMALLOC(size, pkcs12->heap, DYNAMIC_TYPE_PKCS); @@ -1020,8 +1083,8 @@ int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, /* check if key pair, remove from list */ { - DerCertList* current = certList; - DerCertList* previous = NULL; + WC_DerCertList* current = certList; + WC_DerCertList* previous = NULL; if (*pkey != NULL) { @@ -1078,5 +1141,16 @@ int wc_PKCS12_SetHeap(WC_PKCS12* pkcs12, void* heap) return 0; } + +/* getter for heap */ +void* wc_PKCS12_GetHeap(WC_PKCS12* pkcs12) +{ + if (pkcs12 == NULL) { + return NULL; + } + + return pkcs12->heap; +} + #endif /* !defined(NO_ASN) && !defined(NO_PWDBASED) */ diff --git a/wolfssl/wolfcrypt/pkcs12.h b/wolfssl/wolfcrypt/pkcs12.h index fed79c4b9..0cfb87b6a 100644 --- a/wolfssl/wolfcrypt/pkcs12.h +++ b/wolfssl/wolfcrypt/pkcs12.h @@ -29,81 +29,25 @@ extern "C" { #endif - -enum { - WC_PKCS12_KeyBag = 667, - WC_PKCS12_ShroudedKeyBag = 668, - WC_PKCS12_CertBag = 669, - WC_PKCS12_CertBag_Type1 = 675, - WC_PKCS12_CrlBag = 670, - WC_PKCS12_SecretBag = 671, - WC_PKCS12_SafeContentsBag = 672, - WC_PKCS12_DATA = 651, - WC_PKCS12_ENCRYPTED_DATA = 656, -}; - - -typedef struct DerCertList DerCertList; -typedef struct DerCertList { +typedef struct WC_PKCS12 WC_PKCS12; +typedef struct WC_DerCertList WC_DerCertList; +typedef struct WC_DerCertList { /* dereferenced in ssl.c */ byte* buffer; word32 bufferSz; - DerCertList* next; -} DerCertList; + WC_DerCertList* next; +} WC_DerCertList; -typedef struct ContentInfo ContentInfo; -typedef struct ContentInfo { - byte* data; - ContentInfo* next; - word32 encC; /* encryptedContent */ - word32 dataSz; - int type; /* DATA / encrypted / envelpoed */ -} ContentInfo; - - -typedef struct AuthenticatedSafe { - ContentInfo* CI; - byte* data; /* T contents.... */ - word32 oid; /* encrypted or not */ - word32 numCI; /* number of Content Info structs */ - word32 dataSz; -} AuthenticatedSafe; - - -typedef struct MacData { - byte* digest; - byte* salt; - word32 oid; - word32 digestSz; - word32 saltSz; - int itt; /* number of itterations when creating HMAC key */ -} MacData; - - -/* for friendlyName, localKeyId .... */ -typedef struct WC_PKCS12_ATTRIBUTE { - byte* data; - word32 oid; - word32 dataSz; -} WC_PKCS12_ATTRIBUTE; - - -typedef struct WC_PKCS12 { - void* heap; - AuthenticatedSafe* safe; - MacData* signData; - word32 oid; /* DATA / Enveloped DATA ... */ -} WC_PKCS12; - WOLFSSL_API WC_PKCS12* wc_PKCS12_new(void); WOLFSSL_API void wc_PKCS12_free(WC_PKCS12* pkcs12); WOLFSSL_API int wc_d2i_PKCS12(const byte* der, word32 derSz, WC_PKCS12* pkcs12); WOLFSSL_API int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, byte** pkey, word32* pkeySz, byte** cert, word32* certSz, - DerCertList** ca); + WC_DerCertList** ca); WOLFSSL_LOCAL int wc_PKCS12_SetHeap(WC_PKCS12* pkcs12, void* heap); +WOLFSSL_LOCAL void* wc_PKCS12_GetHeap(WC_PKCS12* pkcs12); #ifdef __cplusplus