wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 02:37:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #6583 from SparkiDev/certman_split

Browse Source 
Moved CertManager APIs into own file
This commit is contained in:
JacobBarthelmeh
2023-07-10 09:20:09 -06:00
committed by GitHub
parent 9f6ef65e8f 52a3d591b5
commit 2426cf14ca
11 changed files with 3311 additions and 1998 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -85,6 +85,7 @@ testsuite/testsuite.test
tests/unit.test
tests/bio_write_test.txt
tests/test-log-dump-to-file.txt
tests/cert_cache.tmp
test-write-dhparams.pem
testsuite/*.der
testsuite/*.pem

1
IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt
View File

@ -192,6 +192,7 @@ set(COMPONENT_SRCEXCLUDE
"${WOLFSSL_ROOT}/src/pk.c"
"${WOLFSSL_ROOT}/src/ssl_asn1.c" # included by ssl.c
"${WOLFSSL_ROOT}/src/ssl_bn.c" # included by ssl.c
"${WOLFSSL_ROOT}/src/ssl_certman.c" # included by ssl.c
"${WOLFSSL_ROOT}/src/ssl_misc.c" # included by ssl.c
"${WOLFSSL_ROOT}/src/x509.c"
"${WOLFSSL_ROOT}/src/x509_str.c"

1
src/include.am
View File

@ -21,6 +21,7 @@ EXTRA_DIST += src/conf.c
EXTRA_DIST += src/pk.c
EXTRA_DIST += src/ssl_asn1.c
EXTRA_DIST += src/ssl_bn.c
EXTRA_DIST += src/ssl_certman.c
EXTRA_DIST += src/ssl_misc.c
EXTRA_DIST += src/x509.c
EXTRA_DIST += src/x509_str.c

1529
src/ssl.c
View File

File diff suppressed because it is too large Load Diff

2363
src/ssl_certman.c Normal file
View File

File diff suppressed because it is too large Load Diff

13
src/ssl_misc.c
View File

@ -203,8 +203,12 @@ static int wolfssl_read_bio(WOLFSSL_BIO* bio, char** data, int* dataSz,
return ret;
}
#endif /* !NO_BIO */
#endif /* OPENSSL_EXTRA && !WOLFCRYPT_ONLY */
#if !defined(NO_FILESYSTEM)
#if (defined(OPENSSL_EXTRA) || defined(PERSIST_CERT_CACHE) || \
(!defined(NO_CERTS) && (!defined(NO_WOLFSSL_CLIENT) || \
!defined(WOLFSSL_NO_CLIENT_AUTH)))) && !defined(WOLFCRYPT_ONLY) && \
!defined(NO_FILESYSTEM)
/* Read all the data from a file.
*
* @param [in] fp File pointer to read with.
@ -253,7 +257,10 @@ static int wolfssl_file_len(XFILE fp, long* fileSz)
return ret;
}
#endif
#if (defined(OPENSSL_EXTRA) || defined(PERSIST_CERT_CACHE)) && \
!defined(WOLFCRYPT_ONLY) && !defined(NO_FILESYSTEM)
/* Read all the data from a file.
*
* @param [in] fp File pointer to read with.
@ -290,7 +297,7 @@ static int wolfssl_read_file(XFILE fp, char** data, int* dataSz)
XFREE(mem, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return ret;
}
#endif /* !NO_FILESYSTEM */
#endif /* OPENSSL_EXTRA && !WOLFCRYPT_ONLY */
#endif /* (OPENSSL_EXTRA || PERSIST_CERT_CACHE) && !WOLFCRYPT_ONLY &&
* !NO_FILESYSTEM */
#endif /* !WOLFSSL_SSL_MISC_INCLUDED */

4
src/x509.c
View File

@ -9477,7 +9477,9 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref(
{
WOLFSSL_ENTER("wolfSSL_X509_NAME_free");
FreeX509Name(name);
XFREE(name, name->heap, DYNAMIC_TYPE_X509);
if (name != NULL) {
XFREE(name, name->heap, DYNAMIC_TYPE_X509);
}
}

1322
tests/api.c
View File

File diff suppressed because it is too large Load Diff

8
wolfcrypt/src/asn.c
View File

@ -20818,7 +20818,8 @@ static int DecodeCertInternal(DecodedCert* cert, int verify, int* criticalExt,
i = (dataASN[X509CERTASN_IDX_TBS_VALIDITY_NOTB_UTC].tag != 0)
? X509CERTASN_IDX_TBS_VALIDITY_NOTB_UTC
: X509CERTASN_IDX_TBS_VALIDITY_NOTB_GT;
if ((CheckDate(&dataASN[i], BEFORE) < 0) && verify) {
if ((CheckDate(&dataASN[i], BEFORE) < 0) && (verify != NO_VERIFY) &&
(verify != VERIFY_SKIP_DATE)) {
badDate = ASN_BEFORE_DATE_E;
}
/* Store reference to BEFOREdate. */
@ -20829,7 +20830,8 @@ static int DecodeCertInternal(DecodedCert* cert, int verify, int* criticalExt,
i = (dataASN[X509CERTASN_IDX_TBS_VALIDITY_NOTA_UTC].tag != 0)
? X509CERTASN_IDX_TBS_VALIDITY_NOTA_UTC
: X509CERTASN_IDX_TBS_VALIDITY_NOTA_GT;
if ((CheckDate(&dataASN[i], AFTER) < 0) && verify) {
if ((CheckDate(&dataASN[i], AFTER) < 0) && (verify != NO_VERIFY) &&
(verify != VERIFY_SKIP_DATE)) {
badDate = ASN_AFTER_DATE_E;
}
/* Store reference to AFTER date. */
@ -21584,7 +21586,7 @@ static int GetAKIHash(const byte* input, word32 maxIdx, int sigOID,
ret = GetHashId(
dataASN[AUTHKEYIDASN_IDX_KEYID].data.ref.data,
dataASN[AUTHKEYIDASN_IDX_KEYID].data.ref.length,
hash, sigOID);
hash, HashIdAlg(sigOID));
}
break;
}

2
wolfssl/internal.h
View File

@ -2603,7 +2603,7 @@ WOLFSSL_LOCAL int CM_MemRestoreCertCache(WOLFSSL_CERT_MANAGER* cm,
const void* mem, int sz);
WOLFSSL_LOCAL int CM_GetCertCacheMemSize(WOLFSSL_CERT_MANAGER* cm);
WOLFSSL_LOCAL int CM_VerifyBuffer_ex(WOLFSSL_CERT_MANAGER* cm, const byte* buff,
long sz, int format, int err_val);
long sz, int format, int prev_err);
#ifndef NO_CERTS

65
wolfssl/ssl.h
View File

@ -3548,70 +3548,73 @@ WOLFSSL_API void wolfSSL_CTX_SetPerformTlsRecordProcessingCb(WOLFSSL_CTX* ctx,
WOLFSSL_API void wolfSSL_CertManagerFree(WOLFSSL_CERT_MANAGER* cm);
WOLFSSL_API int wolfSSL_CertManager_up_ref(WOLFSSL_CERT_MANAGER* cm);
WOLFSSL_API int wolfSSL_CertManagerLoadCA(WOLFSSL_CERT_MANAGER* cm, const char* f,
const char* d);
WOLFSSL_API int wolfSSL_CertManagerLoadCA(WOLFSSL_CERT_MANAGER* cm,
const char* f, const char* d);
WOLFSSL_API int wolfSSL_CertManagerLoadCABuffer_ex(WOLFSSL_CERT_MANAGER* cm,
const unsigned char* in, long sz, int format, int userChain,
word32 flags);
const unsigned char* buff, long sz, int format, int userChain,
word32 flags);
WOLFSSL_API int wolfSSL_CertManagerLoadCABuffer(WOLFSSL_CERT_MANAGER* cm,
const unsigned char* in, long sz, int format);
const unsigned char* buff, long sz, int format);
WOLFSSL_API int wolfSSL_CertManagerUnloadCAs(WOLFSSL_CERT_MANAGER* cm);
#ifdef WOLFSSL_TRUST_PEER_CERT
WOLFSSL_API int wolfSSL_CertManagerUnload_trust_peers(WOLFSSL_CERT_MANAGER* cm);
WOLFSSL_API int wolfSSL_CertManagerUnload_trust_peers(
WOLFSSL_CERT_MANAGER* cm);
#endif
WOLFSSL_API int wolfSSL_CertManagerVerify(WOLFSSL_CERT_MANAGER* cm, const char* f,
int format);
WOLFSSL_API int wolfSSL_CertManagerVerify(WOLFSSL_CERT_MANAGER* cm,
const char* f, int format);
WOLFSSL_API int wolfSSL_CertManagerVerifyBuffer(WOLFSSL_CERT_MANAGER* cm,
const unsigned char* buff, long sz, int format);
const unsigned char* buff, long sz, int format);
WOLFSSL_API int wolfSSL_CertManagerCheckCRL(WOLFSSL_CERT_MANAGER* cm,
unsigned char* der, int sz);
const unsigned char* der, int sz);
WOLFSSL_API int wolfSSL_CertManagerEnableCRL(WOLFSSL_CERT_MANAGER* cm,
int options);
int options);
WOLFSSL_API int wolfSSL_CertManagerDisableCRL(WOLFSSL_CERT_MANAGER* cm);
WOLFSSL_API void wolfSSL_CertManagerSetVerify(WOLFSSL_CERT_MANAGER* cm,
VerifyCallback vc);
VerifyCallback vc);
WOLFSSL_API int wolfSSL_CertManagerLoadCRL(WOLFSSL_CERT_MANAGER* cm,
const char* path, int type, int monitor);
const char* path, int type, int monitor);
WOLFSSL_API int wolfSSL_CertManagerLoadCRLFile(WOLFSSL_CERT_MANAGER* cm,
const char* file, int type);
const char* file, int type);
WOLFSSL_API int wolfSSL_CertManagerLoadCRLBuffer(WOLFSSL_CERT_MANAGER* cm,
const unsigned char* buff, long sz, int type);
const unsigned char* buff, long sz, int type);
WOLFSSL_API int wolfSSL_CertManagerSetCRL_Cb(WOLFSSL_CERT_MANAGER* cm,
CbMissingCRL cb);
CbMissingCRL cb);
WOLFSSL_API int wolfSSL_CertManagerFreeCRL(WOLFSSL_CERT_MANAGER* cm);
#ifdef HAVE_CRL_IO
WOLFSSL_API int wolfSSL_CertManagerSetCRL_IOCb(WOLFSSL_CERT_MANAGER* cm,
CbCrlIO cb);
CbCrlIO cb);
#endif
#if defined(HAVE_OCSP)
WOLFSSL_API int wolfSSL_CertManagerCheckOCSPResponse(WOLFSSL_CERT_MANAGER* cm,
byte *response, int responseSz, WOLFSSL_BUFFER_INFO *responseBuffer,
CertStatus *status, OcspEntry *entry, OcspRequest *ocspRequest);
WOLFSSL_API int wolfSSL_CertManagerCheckOCSPResponse(
WOLFSSL_CERT_MANAGER* cm, unsigned char *response, int responseSz,
WOLFSSL_BUFFER_INFO *responseBuffer, CertStatus *status,
OcspEntry *entry, OcspRequest *ocspRequest);
#endif
WOLFSSL_API int wolfSSL_CertManagerCheckOCSP(WOLFSSL_CERT_MANAGER* cm,
unsigned char* der, int sz);
const unsigned char* der, int sz);
WOLFSSL_API int wolfSSL_CertManagerEnableOCSP(WOLFSSL_CERT_MANAGER* cm,
int options);
int options);
WOLFSSL_API int wolfSSL_CertManagerDisableOCSP(WOLFSSL_CERT_MANAGER* cm);
WOLFSSL_API int wolfSSL_CertManagerSetOCSPOverrideURL(WOLFSSL_CERT_MANAGER* cm,
const char* url);
WOLFSSL_API int wolfSSL_CertManagerSetOCSPOverrideURL(
WOLFSSL_CERT_MANAGER* cm, const char* url);
WOLFSSL_API int wolfSSL_CertManagerSetOCSP_Cb(WOLFSSL_CERT_MANAGER* cm,
CbOCSPIO ioCb, CbOCSPRespFree respFreeCb, void* ioCbCtx);
CbOCSPIO ioCb, CbOCSPRespFree respFreeCb, void* ioCbCtx);
WOLFSSL_API int wolfSSL_CertManagerEnableOCSPStapling(
WOLFSSL_CERT_MANAGER* cm);
WOLFSSL_CERT_MANAGER* cm);
WOLFSSL_API int wolfSSL_CertManagerDisableOCSPStapling(
WOLFSSL_CERT_MANAGER* cm);
WOLFSSL_CERT_MANAGER* cm);
WOLFSSL_API int wolfSSL_CertManagerEnableOCSPMustStaple(
WOLFSSL_CERT_MANAGER* cm);
WOLFSSL_CERT_MANAGER* cm);
WOLFSSL_API int wolfSSL_CertManagerDisableOCSPMustStaple(
WOLFSSL_CERT_MANAGER* cm);
WOLFSSL_CERT_MANAGER* cm);
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SIGNER_DER_CERT) && \
!defined(NO_FILESYSTEM)
WOLFSSL_API WOLFSSL_STACK* wolfSSL_CertManagerGetCerts(WOLFSSL_CERT_MANAGER* cm);
WOLFSSL_API WOLFSSL_STACK* wolfSSL_CertManagerGetCerts(
WOLFSSL_CERT_MANAGER* cm);
WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_STORE_get1_certs(
WOLFSSL_X509_STORE_CTX* ctx, WOLFSSL_X509_NAME* name);
WOLFSSL_X509_STORE_CTX* ctx, WOLFSSL_X509_NAME* name);
#endif /* OPENSSL_EXTRA && WOLFSSL_SIGNER_DER_CERT && !NO_FILESYSTEM */
WOLFSSL_API int wolfSSL_EnableCRL(WOLFSSL* ssl, int options);
WOLFSSL_API int wolfSSL_DisableCRL(WOLFSSL* ssl);