wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-02 20:24:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #8136 from anhu/csr_version

Browse Source 
Fix for setting wrong version in CSRs.
This commit is contained in:
David Garske
2024-11-14 17:52:58 -08:00
committed by GitHub
parent 54bdb39454 b1ccbbc7fa
commit 21bfcaf666
3 changed files with 27 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
src/x509.c
View File

@@ -7149,8 +7149,10 @@ int wolfSSL_X509_REQ_print(WOLFSSL_BIO* bio, WOLFSSL_X509* x509)
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
} }
/* print version of cert */ /* print version of cert. Note that we increment by 1 because for REQs,
if (X509PrintVersion(bio, wolfSSL_X509_version(x509), 8) * the value stored in x509->version is the actual value of the field; not
* the version. */
if (X509PrintVersion(bio, (int)wolfSSL_X509_REQ_get_version(x509) + 1, 8)
!= WOLFSSL_SUCCESS) { != WOLFSSL_SUCCESS) {
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
} }
@@ -14901,6 +14903,25 @@ void wolfSSL_X509_REQ_free(WOLFSSL_X509* req)
wolfSSL_X509_free(req); wolfSSL_X509_free(req);
} }
int wolfSSL_X509_REQ_set_version(WOLFSSL_X509 *x, long version)
{
WOLFSSL_ENTER("wolfSSL_X509_REQ_set_version");
if ((x == NULL) || (version < 0) || (version >= INT_MAX)) {
return WOLFSSL_FAILURE;
}
x->version = (int)version;
return WOLFSSL_SUCCESS;
}
long wolfSSL_X509_REQ_get_version(const WOLFSSL_X509 *req)
{
WOLFSSL_ENTER("wolfSSL_X509_REQ_get_version");
if (req == NULL) {
return 0; /* invalid arg */
}
return (long)req->version;
}
int wolfSSL_X509_REQ_sign(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey, int wolfSSL_X509_REQ_sign(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey,
const WOLFSSL_EVP_MD *md) const WOLFSSL_EVP_MD *md)
{ {

3
wolfssl/openssl/ssl.h
View File

@@ -563,7 +563,8 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define X509_set1_notBefore wolfSSL_X509_set1_notBefore #define X509_set1_notBefore wolfSSL_X509_set1_notBefore
#define X509_set_serialNumber wolfSSL_X509_set_serialNumber #define X509_set_serialNumber wolfSSL_X509_set_serialNumber
#define X509_set_version wolfSSL_X509_set_version #define X509_set_version wolfSSL_X509_set_version
#define X509_REQ_set_version wolfSSL_X509_set_version #define X509_REQ_set_version wolfSSL_X509_REQ_set_version
#define X509_REQ_get_version wolfSSL_X509_REQ_get_version
#define X509_sign wolfSSL_X509_sign #define X509_sign wolfSSL_X509_sign
#define X509_sign_ctx wolfSSL_X509_sign_ctx #define X509_sign_ctx wolfSSL_X509_sign_ctx
#define X509_print wolfSSL_X509_print #define X509_print wolfSSL_X509_print

2
wolfssl/ssl.h
View File

@@ -4955,6 +4955,8 @@ WOLFSSL_API int wolfSSL_PEM_write_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 *x);
WOLFSSL_API int wolfSSL_i2d_X509_REQ(WOLFSSL_X509* req, unsigned char** out); WOLFSSL_API int wolfSSL_i2d_X509_REQ(WOLFSSL_X509* req, unsigned char** out);
WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_REQ_new(void); WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_REQ_new(void);
WOLFSSL_API void wolfSSL_X509_REQ_free(WOLFSSL_X509* req); WOLFSSL_API void wolfSSL_X509_REQ_free(WOLFSSL_X509* req);
WOLFSSL_API long wolfSSL_X509_REQ_get_version(const WOLFSSL_X509 *req);
WOLFSSL_API int wolfSSL_X509_REQ_set_version(WOLFSSL_X509 *x, long version);
WOLFSSL_API int wolfSSL_X509_REQ_sign(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey, WOLFSSL_API int wolfSSL_X509_REQ_sign(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey,
const WOLFSSL_EVP_MD *md); const WOLFSSL_EVP_MD *md);
WOLFSSL_API int wolfSSL_X509_REQ_sign_ctx(WOLFSSL_X509 *req, WOLFSSL_API int wolfSSL_X509_REQ_sign_ctx(WOLFSSL_X509 *req,