diff --git a/src/ssl.c b/src/ssl.c index 155f247ee..38ccae7ef 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -9268,6 +9268,12 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c, case AUTH_KEY_OID: if (x509->authKeyIdSet) { + WOLFSSL_AUTHORITY_KEYID* akey = wolfSSL_AUTHORITY_KEYID_new(); + if (!akey) { + WOLFSSL_MSG("Issue creating WOLFSSL_AUTHORITY_KEYID struct"); + return NULL; + } + if (c != NULL) { *c = x509->authKeyIdCrit; } @@ -9282,6 +9288,8 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c, obj->objSz = x509->authKeyIdSz; obj->dynamic |= WOLFSSL_ASN1_DYNAMIC; obj->dynamic &= ~WOLFSSL_ASN1_DYNAMIC_DATA; + akey->issuer = obj; + return akey; } else { WOLFSSL_MSG("No Auth Key set"); @@ -9391,33 +9399,32 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c, } case KEY_USAGE_OID: { - WOLFSSL_ASN1_BIT_STRING* bit_str = NULL; + WOLFSSL_ASN1_STRING* asn1str = NULL; if (x509->keyUsageSet) { if (c != NULL) { *c = x509->keyUsageCrit; } - bit_str = wolfSSL_ASN1_BIT_STRING_new(); - if (bit_str == NULL) { - WOLFSSL_MSG("Issue creating WOLFSSL_ASN1_BIT_STRING struct"); + asn1str = wolfSSL_ASN1_STRING_new(); + if (asn1str == NULL) { + WOLFSSL_MSG("Failed to malloc ASN1_STRING"); return NULL; } - bit_str->type = KEY_USAGE_OID; - bit_str->flags = 0; - bit_str->length = sizeof(word16); - bit_str->data = (byte*)XMALLOC(bit_str->length, NULL, DYNAMIC_TYPE_OPENSSL); - if (bit_str->data == NULL) { - wolfSSL_ASN1_BIT_STRING_free(bit_str); + if (wolfSSL_ASN1_STRING_set(asn1str, &x509->keyUsage, + sizeof(word16)) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("wolfSSL_ASN1_STRING_set error"); + wolfSSL_ASN1_STRING_free(asn1str); return NULL; } - XMEMCPY(bit_str->data, &x509->keyUsage, bit_str->length); + + asn1str->type = KEY_USAGE_OID; } else { WOLFSSL_MSG("No Key Usage set"); } /* don't add stack of and return bit string directly */ - return bit_str; + return asn1str; } case INHIBIT_ANY_OID: WOLFSSL_MSG("INHIBIT ANY extension not supported"); @@ -9703,14 +9710,53 @@ WOLFSSL_X509_EXTENSION *wolfSSL_X509V3_EXT_i2d(int nid, int crit, break; } case NID_basic_constraints: - // WOLFSSL_BASIC_CONSTRAINTS - break; - case NID_inhibit_any_policy: - // ASN1_INTEGER + { + /* WOLFSSL_BASIC_CONSTRAINTS */ + WOLFSSL_BASIC_CONSTRAINTS* bc = data; + + if (!(ext->obj = wolfSSL_ASN1_OBJECT_new())) { + WOLFSSL_MSG("wolfSSL_ASN1_OBJECT_new failed"); + goto err_cleanup; + } + + ext->obj->ca = bc->ca; + if (bc->pathlen) { + ext->obj->pathlen = wolfSSL_ASN1_INTEGER_dup(bc->pathlen); + if (!ext->obj->pathlen) { + WOLFSSL_MSG("wolfSSL_ASN1_INTEGER_dup failed"); + goto err_cleanup; + } + } break; + } case NID_authority_key_identifier: - // AUTHORITY_KEYID + { + /* AUTHORITY_KEYID */ + WOLFSSL_AUTHORITY_KEYID* akey = data; + + if (akey->keyid) { + if (wolfSSL_ASN1_STRING_set(&ext->value, akey->keyid->data, + akey->keyid->length) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("wolfSSL_ASN1_STRING_set failed"); + goto err_cleanup; + } + ext->value.type = akey->keyid->type; + } + else if (akey->issuer) { + ext->obj = wolfSSL_ASN1_OBJECT_dup(akey->issuer); + if (!ext->obj) { + WOLFSSL_MSG("wolfSSL_ASN1_OBJECT_dup failed"); + goto err_cleanup; + } + } + else { + WOLFSSL_MSG("NID_authority_key_identifier empty data"); + goto err_cleanup; + } break; + } + case NID_inhibit_any_policy: + /* ASN1_INTEGER */ case NID_certificate_policies: /* STACK_OF(POLICYINFO) */ case NID_policy_mappings: @@ -19256,7 +19302,7 @@ WOLFSSL_ASN1_OBJECT* wolfSSL_ASN1_OBJECT_dup(WOLFSSL_ASN1_OBJECT* obj) wolfSSL_ASN1_OBJECT_free(dup); return NULL; } - XMEMCPY(dup->obj, obj->obj, obj->objSz); + XMEMCPY((byte*)dup->obj, obj->obj, obj->objSz); dup->dynamic = 1; } return dup; @@ -27372,6 +27418,18 @@ void wolfSSL_BASIC_CONSTRAINTS_free(WOLFSSL_BASIC_CONSTRAINTS *bc) XFREE(bc, NULL, DYNAMIC_TYPE_OPENSSL); } +WOLFSSL_AUTHORITY_KEYID* wolfSSL_AUTHORITY_KEYID_new(void) +{ + WOLFSSL_AUTHORITY_KEYID* akey = (WOLFSSL_AUTHORITY_KEYID*)XMALLOC( + sizeof(WOLFSSL_AUTHORITY_KEYID), NULL, DYNAMIC_TYPE_OPENSSL); + if (!akey) { + WOLFSSL_MSG("Issue creating WOLFSSL_AUTHORITY_KEYID struct"); + return NULL; + } + XMEMSET(akey, 0, sizeof(WOLFSSL_AUTHORITY_KEYID)); + return akey; +} + /* frees the wolfSSL_AUTHORITY_KEYID object */ void wolfSSL_AUTHORITY_KEYID_free(WOLFSSL_AUTHORITY_KEYID *id) { diff --git a/tests/api.c b/tests/api.c index 000fe1e9b..235a85059 100644 --- a/tests/api.c +++ b/tests/api.c @@ -23305,7 +23305,8 @@ static void test_wolfSSL_certs(void) WOLFSSL* ssl; WOLFSSL_CTX* ctx; STACK_OF(ASN1_OBJECT)* sk; - ASN1_BIT_STRING* bit_str; + ASN1_STRING* asn1_str; + AUTHORITY_KEYID* akey; int crit; printf(testingFmt, "wolfSSL_certs()"); @@ -23373,14 +23374,24 @@ static void test_wolfSSL_certs(void) sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_basic_constraints, &crit, NULL); AssertNotNull(sk); +#ifdef OPENSSL_ALL + ext = X509V3_EXT_i2d(NID_basic_constraints, crit, sk); + AssertNotNull(ext); + X509_EXTENSION_free(ext); +#endif AssertIntEQ(crit, 0); sk_ASN1_OBJECT_free(sk); - bit_str = (ASN1_BIT_STRING*)X509_get_ext_d2i(x509ext, NID_key_usage, &crit, NULL); - AssertNotNull(bit_str); + asn1_str = (ASN1_STRING*)X509_get_ext_d2i(x509ext, NID_key_usage, &crit, NULL); + AssertNotNull(asn1_str); AssertIntEQ(crit, 1); - AssertIntEQ(bit_str->type, NID_key_usage); - ASN1_BIT_STRING_free(bit_str); + AssertIntEQ(asn1_str->type, NID_key_usage); +#ifdef OPENSSL_ALL + ext = X509V3_EXT_i2d(NID_key_usage, crit, asn1_str); + AssertNotNull(ext); + X509_EXTENSION_free(ext); +#endif + ASN1_STRING_free(asn1_str); #ifdef OPENSSL_ALL sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_ext_key_usage, @@ -23388,6 +23399,7 @@ static void test_wolfSSL_certs(void) AssertNotNull(sk); ext = X509V3_EXT_i2d(NID_ext_key_usage, crit, sk); AssertNotNull(ext); + X509_EXTENSION_free(ext); sk_ASN1_OBJECT_free(sk); #else sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_ext_key_usage, @@ -23395,9 +23407,15 @@ static void test_wolfSSL_certs(void) AssertNull(sk); #endif - sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, + akey = (AUTHORITY_KEYID*)X509_get_ext_d2i(x509ext, NID_authority_key_identifier, &crit, NULL); - AssertNotNull(sk); + AssertNotNull(akey); +#ifdef OPENSSL_ALL + ext = X509V3_EXT_i2d(NID_authority_key_identifier, crit, akey); + AssertNotNull(ext); + wolfSSL_AUTHORITY_KEYID_free(akey); + X509_EXTENSION_free(ext); +#endif sk_ASN1_OBJECT_free(sk); sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, @@ -23478,7 +23496,6 @@ static void test_wolfSSL_certs(void) AssertIntEQ(SSL_get_hit(ssl), 0); #ifdef OPENSSL_ALL - X509_EXTENSION_free(ext); X509_free(x509); #endif X509_free(x509ext); @@ -31375,7 +31392,7 @@ static void test_wolfSSL_X509V3_EXT(void) { #endif AssertIntEQ(actual, expected); wolfSSL_ASN1_STRING_free(asn1str); -#if 0 +#if 1 i++; /* Authority Info Access */ diff --git a/wolfssl/openssl/x509v3.h b/wolfssl/openssl/x509v3.h index f7b6c061e..b2125164c 100644 --- a/wolfssl/openssl/x509v3.h +++ b/wolfssl/openssl/x509v3.h @@ -89,6 +89,7 @@ typedef struct WOLFSSL_ACCESS_DESCRIPTION ACCESS_DESCRIPTION; typedef WOLF_STACK_OF(WOLFSSL_ACCESS_DESCRIPTION) WOLFSSL_AUTHORITY_INFO_ACCESS; WOLFSSL_API void wolfSSL_BASIC_CONSTRAINTS_free(WOLFSSL_BASIC_CONSTRAINTS *bc); +WOLFSSL_API WOLFSSL_AUTHORITY_KEYID* wolfSSL_AUTHORITY_KEYID_new(void); WOLFSSL_API void wolfSSL_AUTHORITY_KEYID_free(WOLFSSL_AUTHORITY_KEYID *id); WOLFSSL_API const WOLFSSL_v3_ext_method* wolfSSL_X509V3_EXT_get( WOLFSSL_X509_EXTENSION* ex);