wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-01 19:54:40 +02:00
Code Issues Packages Projects Releases Wiki Activity

Rebase and test fixes

Browse Source
This commit is contained in:
Juliusz Sosinowicz
2020-10-26 15:05:59 +01:00
parent b528a1a344
commit 25f5427bdd
9 changed files with 287 additions and 204 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/internal.c
View File

@@ -3457,7 +3457,7 @@ void FreeX509(WOLFSSL_X509* x509)
x509->key.pkey = NULL; x509->key.pkey = NULL;
} }
#endif /* OPENSSL_ALL */ #endif /* OPENSSL_ALL */
#ifdef WOLFSSL_CERT_REQ #if defined(WOLFSSL_CERT_REQ) && defined(OPENSSL_ALL)
if (x509->challengePwAttr) { if (x509->challengePwAttr) {
wolfSSL_X509_ATTRIBUTE_free(x509->challengePwAttr); wolfSSL_X509_ATTRIBUTE_free(x509->challengePwAttr);
} }
@@ -9609,6 +9609,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
if (dCert->cPwdLen < CTC_NAME_SIZE) { if (dCert->cPwdLen < CTC_NAME_SIZE) {
XMEMCPY(x509->challengePw, dCert->cPwd, dCert->cPwdLen); XMEMCPY(x509->challengePw, dCert->cPwd, dCert->cPwdLen);
x509->challengePw[dCert->cPwdLen] = '\0'; x509->challengePw[dCert->cPwdLen] = '\0';
#ifdef OPENSSL_ALL
if (x509->challengePwAttr) { if (x509->challengePwAttr) {
wolfSSL_X509_ATTRIBUTE_free(x509->challengePwAttr); wolfSSL_X509_ATTRIBUTE_free(x509->challengePwAttr);
} }
@@ -9626,6 +9627,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
else { else {
ret = MEMORY_E; ret = MEMORY_E;
} }
#endif
} }
else { else {
WOLFSSL_MSG("Challenge password too long"); WOLFSSL_MSG("Challenge password too long");

281
src/ssl.c
View File

@@ -1686,7 +1686,7 @@ int wolfSSL_SetMinEccKey_Sz(WOLFSSL* ssl, short keySz)
return WOLFSSL_SUCCESS; return WOLFSSL_SUCCESS;
} }
#endif /* !NO_RSA */ #endif /* HAVE_ECC */
#ifndef NO_RSA #ifndef NO_RSA
int wolfSSL_CTX_SetMinRsaKey_Sz(WOLFSSL_CTX* ctx, short keySz) int wolfSSL_CTX_SetMinRsaKey_Sz(WOLFSSL_CTX* ctx, short keySz)
@@ -8803,6 +8803,102 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
return ext; return ext;
} }
/**
* @param str String to copy
* @param buf Output buffer. If this contains a pointer then it is free'd
* with the DYNAMIC_TYPE_X509_EXT hint.
* @param len Output length
* @return WOLFSSL_SUCCESS on sucess and WOLFSSL_FAILURE on error
*/
static int asn1_string_copy_to_buffer(WOLFSSL_ASN1_STRING* str, byte** buf,
word32* len, void* heap) {
if (!str || !buf || !len) {
return WOLFSSL_FAILURE;
}
if (str->data && str->length > 0) {
if (*buf)
XFREE(*buf, heap, DYNAMIC_TYPE_X509_EXT);
*len = 0;
*buf = (byte*)XMALLOC(str->length, heap,
DYNAMIC_TYPE_X509_EXT);
if (!*buf) {
WOLFSSL_MSG("malloc error");
return WOLFSSL_FAILURE;
}
*len = str->length;
XMEMCPY(*buf, str->data, str->length);
}
return WOLFSSL_SUCCESS;
}
int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext, int loc)
{
WOLFSSL_ENTER("wolfSSL_X509_add_ext");
if (!x509 || !ext || !ext->obj || loc >= 0) {
WOLFSSL_MSG("Bad parameter");
return WOLFSSL_FAILURE;
}
switch (ext->obj->type) {
case NID_authority_key_identifier:
if (asn1_string_copy_to_buffer(&ext->value, &x509->authKeyId,
&x509->authKeyIdSz, x509->heap) != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("asn1_string_copy_to_buffer error");
return WOLFSSL_FAILURE;
}
x509->authKeyIdCrit = ext->crit;
break;
case NID_subject_key_identifier:
if (asn1_string_copy_to_buffer(&ext->value, &x509->subjKeyId,
&x509->subjKeyIdSz, x509->heap) != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("asn1_string_copy_to_buffer error");
return WOLFSSL_FAILURE;
}
x509->subjKeyIdCrit = ext->crit;
break;
case NID_subject_alt_name:
{
WOLFSSL_GENERAL_NAMES* gns = ext->ext_sk;
while (gns) {
WOLFSSL_GENERAL_NAME* gn = gns->data.gn;
if (!gn || !gn->d.ia5 ||
wolfSSL_X509_add_altname_ex(x509, gn->d.ia5->data,
gn->d.ia5->length, gn->type) != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("Subject alternative name missing extension");
return WOLFSSL_FAILURE;
}
gns = gns->next;
}
x509->subjAltNameSet = 1;
x509->subjAltNameCrit = ext->crit;
break;
}
case NID_key_usage:
if (ext && ext->value.data &&
ext->value.length == sizeof(word16)) {
x509->keyUsage = *(word16*)ext->value.data;
x509->keyUsageCrit = ext->crit;
x509->keyUsageSet = 1;
}
break;
case NID_basic_constraints:
if (ext->obj) {
x509->isCa = ext->obj->ca;
x509->basicConstCrit = ext->crit;
if (ext->obj->pathlen)
x509->pathLength = ext->obj->pathlen->length;
x509->basicConstSet = 1;
}
break;
default:
WOLFSSL_MSG("Unsupported extension to add");
return WOLFSSL_FAILURE;
}
return WOLFSSL_SUCCESS;
}
#ifndef NO_BIO #ifndef NO_BIO
/* Return 0 on success and 1 on failure. Copies ext data to bio, using indent /* Return 0 on success and 1 on failure. Copies ext data to bio, using indent
* to pad the output. flag is ignored. */ * to pad the output. flag is ignored. */
@@ -9911,102 +10007,6 @@ int wolfSSL_X509_add_altname(WOLFSSL_X509* x509, const char* name, int type)
return wolfSSL_X509_add_altname_ex(x509, name, nameSz, type); return wolfSSL_X509_add_altname_ex(x509, name, nameSz, type);
} }
/**
* @param str String to copy
* @param buf Output buffer. If this contains a pointer then it is free'd
* with the DYNAMIC_TYPE_X509_EXT hint.
* @param len Output length
* @return WOLFSSL_SUCCESS on sucess and WOLFSSL_FAILURE on error
*/
static int asn1_string_copy_to_buffer(WOLFSSL_ASN1_STRING* str, byte** buf,
word32* len, void* heap) {
if (!str || !buf || !len) {
return WOLFSSL_FAILURE;
}
if (str->data && str->length > 0) {
if (*buf)
XFREE(*buf, heap, DYNAMIC_TYPE_X509_EXT);
*len = 0;
*buf = (byte*)XMALLOC(str->length, heap,
DYNAMIC_TYPE_X509_EXT);
if (!*buf) {
WOLFSSL_MSG("malloc error");
return WOLFSSL_FAILURE;
}
*len = str->length;
XMEMCPY(*buf, str->data, str->length);
}
return WOLFSSL_SUCCESS;
}
int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext, int loc)
{
WOLFSSL_ENTER("wolfSSL_X509_add_ext");
if (!x509 || !ext || !ext->obj || loc >= 0) {
WOLFSSL_MSG("Bad parameter");
return WOLFSSL_FAILURE;
}
switch (ext->obj->type) {
case NID_authority_key_identifier:
if (asn1_string_copy_to_buffer(&ext->value, &x509->authKeyId,
&x509->authKeyIdSz, x509->heap) != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("asn1_string_copy_to_buffer error");
return WOLFSSL_FAILURE;
}
x509->authKeyIdCrit = ext->crit;
break;
case NID_subject_key_identifier:
if (asn1_string_copy_to_buffer(&ext->value, &x509->subjKeyId,
&x509->subjKeyIdSz, x509->heap) != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("asn1_string_copy_to_buffer error");
return WOLFSSL_FAILURE;
}
x509->subjKeyIdCrit = ext->crit;
break;
case NID_subject_alt_name:
{
WOLFSSL_GENERAL_NAMES* gns = ext->ext_sk;
while (gns) {
WOLFSSL_GENERAL_NAME* gn = gns->data.gn;
if (!gn || !gn->d.ia5 ||
wolfSSL_X509_add_altname_ex(x509, gn->d.ia5->data,
gn->d.ia5->length, gn->type) != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("Subject alternative name missing extension");
return WOLFSSL_FAILURE;
}
gns = gns->next;
}
x509->subjAltNameSet = 1;
x509->subjAltNameCrit = ext->crit;
break;
}
case NID_key_usage:
if (ext && ext->value.data &&
ext->value.length == sizeof(word16)) {
x509->keyUsage = *(word16*)ext->value.data;
x509->keyUsageCrit = ext->crit;
x509->keyUsageSet = 1;
}
break;
case NID_basic_constraints:
if (ext->obj) {
x509->isCa = ext->obj->ca;
x509->basicConstCrit = ext->crit;
if (ext->obj->pathlen)
x509->pathLength = ext->obj->pathlen->length;
x509->basicConstSet = 1;
}
break;
default:
WOLFSSL_MSG("Unsupported extension to add");
return WOLFSSL_FAILURE;
}
return WOLFSSL_SUCCESS;
}
#ifndef NO_WOLFSSL_STUB #ifndef NO_WOLFSSL_STUB
WOLFSSL_X509_EXTENSION *wolfSSL_X509_delete_ext(WOLFSSL_X509 *x509, int loc) WOLFSSL_X509_EXTENSION *wolfSSL_X509_delete_ext(WOLFSSL_X509 *x509, int loc)
{ {
@@ -15772,6 +15772,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
bio->type = (byte)method->type; bio->type = (byte)method->type;
bio->method = method; bio->method = method;
bio->shutdown = BIO_CLOSE; /* default to close things */ bio->shutdown = BIO_CLOSE; /* default to close things */
bio->num = -1; /* Default to invalid socket */
bio->init = 1; bio->init = 1;
if (method->type != WOLFSSL_BIO_FILE && if (method->type != WOLFSSL_BIO_FILE &&
method->type != WOLFSSL_BIO_SOCKET && method->type != WOLFSSL_BIO_SOCKET &&
@@ -15880,7 +15881,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
if (bio->ptr) { if (bio->ptr) {
XFCLOSE((XFILE)bio->ptr); XFCLOSE((XFILE)bio->ptr);
} }
else { else if (bio->num != -1) {
XCLOSE(bio->num); XCLOSE(bio->num);
} }
} }
@@ -18958,7 +18959,9 @@ int wolfSSL_sk_push_node(WOLFSSL_STACK** stack, WOLFSSL_STACK* in)
int wolfSSL_sk_push(WOLFSSL_STACK* sk, const void *data) int wolfSSL_sk_push(WOLFSSL_STACK* sk, const void *data)
{ {
WOLFSSL_STACK* node; WOLFSSL_STACK* node;
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
WOLFSSL_CIPHER ciph; WOLFSSL_CIPHER ciph;
#endif
WOLFSSL_ENTER("wolfSSL_sk_push"); WOLFSSL_ENTER("wolfSSL_sk_push");
if (!sk) { if (!sk) {
@@ -18967,7 +18970,7 @@ int wolfSSL_sk_push(WOLFSSL_STACK* sk, const void *data)
/* Check if empty data */ /* Check if empty data */
switch (sk->type) { switch (sk->type) {
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
case STACK_TYPE_CIPHER: case STACK_TYPE_CIPHER:
/* check if entire struct is zero */ /* check if entire struct is zero */
XMEMSET(&ciph, 0, sizeof(WOLFSSL_CIPHER)); XMEMSET(&ciph, 0, sizeof(WOLFSSL_CIPHER));
@@ -18981,15 +18984,17 @@ int wolfSSL_sk_push(WOLFSSL_STACK* sk, const void *data)
return WOLFSSL_SUCCESS; return WOLFSSL_SUCCESS;
} }
break; break;
#endif #endif
default: default:
/* All other types are pointers */ /* All other types are pointers */
if (!sk->data.generic) { if (!sk->data.generic) {
sk->data.generic = (void*)data; sk->data.generic = (void*)data;
sk->num = 1; sk->num = 1;
#ifdef OPENSSL_ALL
if (sk->hash_fn) { if (sk->hash_fn) {
sk->hash = sk->hash_fn(sk->data.generic); sk->hash = sk->hash_fn(sk->data.generic);
} }
#endif
return WOLFSSL_SUCCESS; return WOLFSSL_SUCCESS;
} }
break; break;
@@ -19015,7 +19020,7 @@ int wolfSSL_sk_push(WOLFSSL_STACK* sk, const void *data)
sk->hash = 0; sk->hash = 0;
#endif #endif
switch (sk->type) { switch (sk->type) {
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
case STACK_TYPE_CIPHER: case STACK_TYPE_CIPHER:
node->data.cipher = sk->data.cipher; node->data.cipher = sk->data.cipher;
sk->data.cipher = *(WOLFSSL_CIPHER*)data; sk->data.cipher = *(WOLFSSL_CIPHER*)data;
@@ -19023,14 +19028,16 @@ int wolfSSL_sk_push(WOLFSSL_STACK* sk, const void *data)
sk->hash = sk->hash_fn(&sk->data.cipher); sk->hash = sk->hash_fn(&sk->data.cipher);
} }
break; break;
#endif #endif
default: default:
/* All other types are pointers */ /* All other types are pointers */
node->data.generic = sk->data.generic; node->data.generic = sk->data.generic;
sk->data.generic = (void*)data; sk->data.generic = (void*)data;
#ifdef OPENSSL_ALL
if (sk->hash_fn) { if (sk->hash_fn) {
sk->hash = sk->hash_fn(sk->data.generic); sk->hash = sk->hash_fn(sk->data.generic);
} }
#endif
break; break;
} }
@@ -20583,8 +20590,6 @@ WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format)
} }
#endif /* !NO_FILESYSTEM */ #endif /* !NO_FILESYSTEM */
#endif /* NO_FILESYSTEM */
static WOLFSSL_X509* wolfSSL_X509_X509_REQ_load_certificate_buffer( static WOLFSSL_X509* wolfSSL_X509_X509_REQ_load_certificate_buffer(
const unsigned char* buf, int sz, int format, int type) const unsigned char* buf, int sz, int format, int type)
{ {
@@ -31195,7 +31200,6 @@ WOLFSSL_DH* wolfSSL_DH_new(void)
return external; return external;
} }
void wolfSSL_DH_free(WOLFSSL_DH* dh) void wolfSSL_DH_free(WOLFSSL_DH* dh)
{ {
WOLFSSL_ENTER("wolfSSL_DH_free"); WOLFSSL_ENTER("wolfSSL_DH_free");
@@ -31359,6 +31363,43 @@ int SetDhInternal(WOLFSSL_DH* dh)
} }
#if !defined(NO_DH) && (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH)) #if !defined(NO_DH) && (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH))
WOLFSSL_DH* wolfSSL_DH_dup(WOLFSSL_DH* dh)
{
WOLFSSL_DH* ret = NULL;
WOLFSSL_ENTER("wolfSSL_DH_dup");
if (!dh) {
WOLFSSL_MSG("Bad parameter");
return NULL;
}
if (dh->inSet == 0 && SetDhInternal(dh) != WOLFSSL_SUCCESS){
WOLFSSL_MSG("Bad DH set internal");
return NULL;
}
if (!(ret = wolfSSL_DH_new())) {
WOLFSSL_MSG("wolfSSL_DH_new error");
return NULL;
}
if (wc_DhKeyCopy((DhKey*)dh->internal, (DhKey*)ret->internal) != MP_OKAY) {
WOLFSSL_MSG("wc_DhKeyCopy error");
wolfSSL_DH_free(ret);
return NULL;
}
ret->inSet = 1;
if (SetDhExternal(ret) != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("SetDhExternal error");
wolfSSL_DH_free(ret);
return NULL;
}
return ret;
}
/* Set the members of DhKey into WOLFSSL_DH /* Set the members of DhKey into WOLFSSL_DH
* DhKey was populated from wc_DhKeyDecode * DhKey was populated from wc_DhKeyDecode
*/ */
@@ -39454,7 +39495,7 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
!defined(WOLFCRYPT_ONLY) !defined(WOLFCRYPT_ONLY)
#ifndef NO_CERTS #ifndef NO_CERTS
void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME *name) void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME *name)
{ {
WOLFSSL_ENTER("wolfSSL_X509_NAME_free"); WOLFSSL_ENTER("wolfSSL_X509_NAME_free");
@@ -40137,7 +40178,6 @@ cleanup:
return ret; return ret;
} }
#endif /* WOLFSSL_CERT_GEN */
int wolfSSL_X509_sign_ctx(WOLFSSL_X509 *x509, WOLFSSL_EVP_MD_CTX *ctx) int wolfSSL_X509_sign_ctx(WOLFSSL_X509 *x509, WOLFSSL_EVP_MD_CTX *ctx)
{ {
@@ -40987,7 +41027,7 @@ err:
#if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM) #if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM)
char* pem = NULL; char* pem = NULL;
long i = 0, l; long i = pem_struct_min_sz, l;
const char* header = NULL; const char* header = NULL;
const char* headerEnd = NULL; const char* headerEnd = NULL;
const char* footer = NULL; const char* footer = NULL;
@@ -41014,21 +41054,21 @@ err:
if (pem == NULL) if (pem == NULL)
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
if (wolfSSL_BIO_read(bio, &pem[i], pem_struct_min_sz) != if (wolfSSL_BIO_read(bio, &pem[0], pem_struct_min_sz) !=
pem_struct_min_sz) { pem_struct_min_sz) {
goto err; goto err;
} }
i += pem_struct_min_sz;
/* Read the header and footer */ /* Read the header and footer */
while ((l = wolfSSL_BIO_read(bio, &pem[i], 1)) == 1) { while ((l = wolfSSL_BIO_read(bio, &pem[i], 1)) == 1) {
i++; i++;
if (!header) if (!header)
header = XSTRNSTR(pem, "-----", i); header = XSTRNSTR(pem, "-----BEGIN ", i);
else if (header) { else if (header) {
if (!headerEnd) { if (!headerEnd) {
headerEnd = XSTRNSTR(header + XSTR_SIZEOF("-----"), headerEnd = XSTRNSTR(header + XSTR_SIZEOF("-----BEGIN "),
"-----", i - (header + XSTR_SIZEOF("-----") - pem)); "-----",
i - (header + XSTR_SIZEOF("-----BEGIN ") - pem));
if (headerEnd) { if (headerEnd) {
headerEnd += XSTR_SIZEOF("-----"); headerEnd += XSTR_SIZEOF("-----");
/* Read in the newline */ /* Read in the newline */
@@ -41293,6 +41333,11 @@ err:
WOLFSSL_ENTER("wolfSSL_X509_NAME_ENTRY_create_by_NID()"); WOLFSSL_ENTER("wolfSSL_X509_NAME_ENTRY_create_by_NID()");
if (!data) {
WOLFSSL_MSG("Bad parameter");
return NULL;
}
if (out == NULL || *out == NULL) { if (out == NULL || *out == NULL) {
ne = wolfSSL_X509_NAME_ENTRY_new(); ne = wolfSSL_X509_NAME_ENTRY_new();
if (ne == NULL) { if (ne == NULL) {
@@ -41537,6 +41582,8 @@ err:
return ret; return ret;
} }
#endif /* !NO_CERTS */
/* NID variables are dependent on compatibility header files currently /* NID variables are dependent on compatibility header files currently
* *
* returns a pointer to a new WOLFSSL_ASN1_OBJECT struct on success and NULL * returns a pointer to a new WOLFSSL_ASN1_OBJECT struct on success and NULL
@@ -41782,6 +41829,8 @@ err:
} }
#endif #endif
#endif /* !WOLFCRYPT_ONLY */
#if defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) || \ #if defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) || \
defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(HAVE_STUNNEL) || \ defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(HAVE_STUNNEL) || \
defined(WOLFSSL_NGINX) || defined(HAVE_POCO_LIB) || \ defined(WOLFSSL_NGINX) || defined(HAVE_POCO_LIB) || \
@@ -51720,7 +51769,7 @@ int wolfSSL_X509_set_version(WOLFSSL_X509* x509, long v)
#endif /* (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) && WOLFSSL_CERT_GEN */ #endif /* (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) && WOLFSSL_CERT_GEN */
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ #if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ)
void wolfSSL_X509V3_set_ctx(WOLFSSL_X509V3_CTX* ctx, WOLFSSL_X509* issuer, void wolfSSL_X509V3_set_ctx(WOLFSSL_X509V3_CTX* ctx, WOLFSSL_X509* issuer,
@@ -52113,7 +52162,7 @@ int wolfSSL_X509_REQ_set_pubkey(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey)
{ {
return wolfSSL_X509_set_pubkey(req, pkey); return wolfSSL_X509_set_pubkey(req, pkey);
} }
#endif /* OPENSSL_EXTRA && !NO_CERTS && WOLFSSL_CERT_GEN && WOLFSSL_CERT_REQ */ #endif /* OPENSSL_ALL && !NO_CERTS && WOLFSSL_CERT_GEN && WOLFSSL_CERT_REQ */
#ifdef WOLFSSL_STATIC_EPHEMERAL #ifdef WOLFSSL_STATIC_EPHEMERAL
static int SetStaticEphemeralKey(StaticKeyExchangeInfo_t* staticKE, int keyAlgo, static int SetStaticEphemeralKey(StaticKeyExchangeInfo_t* staticKE, int keyAlgo,
@@ -52244,4 +52293,4 @@ int wolfSSL_set_ephemeral_key(WOLFSSL* ssl, int keyAlgo,
#endif /* WOLFSSL_STATIC_EPHEMERAL */ #endif /* WOLFSSL_STATIC_EPHEMERAL */
#endif /* WOLFCRYPT_ONLY */ #endif /* !WOLFCRYPT_ONLY */

28
tests/api.c
View File

@@ -27747,7 +27747,9 @@ static void test_wolfSSL_X509_STORE_CTX(void)
X509_STORE_CTX_set_error(NULL, -5); X509_STORE_CTX_set_error(NULL, -5);
X509_STORE_CTX_free(ctx); X509_STORE_CTX_free(ctx);
#ifdef OPENSSL_ALL
sk_X509_free(sk); sk_X509_free(sk);
#endif
X509_STORE_free(str); X509_STORE_free(str);
X509_free(x509); X509_free(x509);
@@ -38156,6 +38158,10 @@ static void test_wolfSSL_X509_CRL(void)
static void test_wolfSSL_d2i_X509_REQ(void) static void test_wolfSSL_d2i_X509_REQ(void)
{ {
#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)
/* ./certs/csr.signed.der and ./certs/csr.attr.der were
* generated by libest
* ./certs/csr.attr.der contains sample attributes */
const char* csrFile = "./certs/csr.signed.der"; const char* csrFile = "./certs/csr.signed.der";
const char* csrPopFile = "./certs/csr.attr.der"; const char* csrPopFile = "./certs/csr.attr.der";
/* ./certs/csr.dsa.pem is generated using /* ./certs/csr.dsa.pem is generated using
@@ -38164,7 +38170,9 @@ static void test_wolfSSL_d2i_X509_REQ(void)
* -outform PEM * -outform PEM
* with the passphrase "wolfSSL" * with the passphrase "wolfSSL"
*/ */
#ifndef NO_DSA
const char* csrDsaFile = "./certs/csr.dsa.pem"; const char* csrDsaFile = "./certs/csr.dsa.pem";
#endif
BIO* bio = NULL; BIO* bio = NULL;
X509* req = NULL; X509* req = NULL;
EVP_PKEY *pub_key = NULL; EVP_PKEY *pub_key = NULL;
@@ -38188,6 +38196,10 @@ static void test_wolfSSL_d2i_X509_REQ(void)
EVP_PKEY_free(pub_key); EVP_PKEY_free(pub_key);
} }
{ {
#ifdef OPENSSL_ALL
X509_ATTRIBUTE* attr;
ASN1_TYPE *at;
#endif
AssertNotNull(bio = BIO_new_file(csrPopFile, "rb")); AssertNotNull(bio = BIO_new_file(csrPopFile, "rb"));
AssertNotNull(d2i_X509_REQ_bio(bio, &req)); AssertNotNull(d2i_X509_REQ_bio(bio, &req));
@@ -38201,15 +38213,23 @@ static void test_wolfSSL_d2i_X509_REQ(void)
*/ */
AssertIntEQ(X509_REQ_verify(req, pub_key), 1); AssertIntEQ(X509_REQ_verify(req, pub_key), 1);
#ifdef OPENSSL_ALL
/* /*
* Obtain the challenge password from the CSR * Obtain the challenge password from the CSR
*/ */
AssertIntGE(X509_REQ_get_attr_by_NID(req, NID_pkcs9_challengePassword, -1), 0); AssertIntEQ(X509_REQ_get_attr_by_NID(req, NID_pkcs9_challengePassword, -1),
NID_pkcs9_challengePassword);
AssertNotNull(attr = X509_REQ_get_attr(req, NID_pkcs9_challengePassword));
AssertNotNull(at = X509_ATTRIBUTE_get0_type(attr, 0));
AssertNotNull(at->value.asn1_string);
AssertStrEQ((char*)ASN1_STRING_data(at->value.asn1_string), "2xIE+qqp/rhyTXP+");
#endif
X509_free(req); X509_free(req);
BIO_free(bio); BIO_free(bio);
EVP_PKEY_free(pub_key); EVP_PKEY_free(pub_key);
} }
#ifndef NO_DSA
{ {
AssertNotNull(bio = BIO_new_file(csrDsaFile, "rb")); AssertNotNull(bio = BIO_new_file(csrDsaFile, "rb"));
AssertNotNull(PEM_read_bio_X509_REQ(bio, &req, NULL, NULL)); AssertNotNull(PEM_read_bio_X509_REQ(bio, &req, NULL, NULL));
@@ -38228,6 +38248,8 @@ static void test_wolfSSL_d2i_X509_REQ(void)
BIO_free(bio); BIO_free(bio);
EVP_PKEY_free(pub_key); EVP_PKEY_free(pub_key);
} }
#endif
#endif /* defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) */
} }
static void test_wolfSSL_PEM_read_X509(void) static void test_wolfSSL_PEM_read_X509(void)
@@ -38987,7 +39009,9 @@ static void test_wolfSSL_X509_print()
!defined(NO_RSA) && !defined(HAVE_FAST_RSA) && defined(XSNPRINTF) !defined(NO_RSA) && !defined(HAVE_FAST_RSA) && defined(XSNPRINTF)
X509 *x509; X509 *x509;
BIO *bio; BIO *bio;
#ifdef OPENSSL_ALL
const X509_ALGOR *cert_sig_alg; const X509_ALGOR *cert_sig_alg;
#endif
int stdout_fd = fileno(stdout); int stdout_fd = fileno(stdout);
printf(testingFmt, "wolfSSL_X509_print"); printf(testingFmt, "wolfSSL_X509_print");
@@ -39007,9 +39031,11 @@ static void test_wolfSSL_X509_print()
AssertNotNull(bio = BIO_new_fd(stdout_fd, BIO_NOCLOSE)); AssertNotNull(bio = BIO_new_fd(stdout_fd, BIO_NOCLOSE));
#ifdef OPENSSL_ALL
/* Print signature */ /* Print signature */
AssertNotNull(cert_sig_alg = X509_get0_tbs_sigalg(x509)); AssertNotNull(cert_sig_alg = X509_get0_tbs_sigalg(x509));
AssertIntEQ(X509_signature_print(bio, cert_sig_alg, NULL), SSL_SUCCESS); AssertIntEQ(X509_signature_print(bio, cert_sig_alg, NULL), SSL_SUCCESS);
#endif
/* print to stdout */ /* print to stdout */
AssertIntEQ(X509_print(bio, x509), SSL_SUCCESS); AssertIntEQ(X509_print(bio, x509), SSL_SUCCESS);

158
wolfcrypt/src/asn.c
View File

@@ -121,6 +121,12 @@ extern int wc_InitRsaHw(RsaKey* key);
#endif #endif
#endif #endif
#ifndef NO_DSA
#include <wolfssl/wolfcrypt/dsa.h>
#else
typedef void* DsaKey;
#endif
#ifdef WOLF_CRYPTO_CB #ifdef WOLF_CRYPTO_CB
#include <wolfssl/wolfcrypt/cryptocb.h> #include <wolfssl/wolfcrypt/cryptocb.h>
#endif #endif
@@ -12365,83 +12371,6 @@ static int CopyValidity(byte* output, Cert* cert)
#endif #endif
/* Set Date validity from now until now + daysValid
* return size in bytes written to output, 0 on error */
static int SetValidity(byte* output, int daysValid)
{
byte before[MAX_DATE_SIZE];
byte after[MAX_DATE_SIZE];
int beforeSz;
int afterSz;
int seqSz;
time_t now;
time_t then;
struct tm* tmpTime;
struct tm* expandedTime;
struct tm localTime;
#if defined(NEED_TMP_TIME)
/* for use with gmtime_r */
struct tm tmpTimeStorage;
tmpTime = &tmpTimeStorage;
#else
tmpTime = NULL;
#endif
(void)tmpTime;
now = XTIME(0);
/* before now */
before[0] = ASN_GENERALIZED_TIME;
beforeSz = SetLength(ASN_GEN_TIME_SZ, before + 1) + 1; /* gen tag */
/* subtract 1 day of seconds for more compliance */
then = now - 86400;
expandedTime = XGMTIME(&then, tmpTime);
if (expandedTime == NULL) {
WOLFSSL_MSG("XGMTIME failed");
return 0; /* error */
}
localTime = *expandedTime;
/* adjust */
localTime.tm_year += 1900;
localTime.tm_mon += 1;
SetTime(&localTime, before + beforeSz);
beforeSz += ASN_GEN_TIME_SZ;
after[0] = ASN_GENERALIZED_TIME;
afterSz = SetLength(ASN_GEN_TIME_SZ, after + 1) + 1; /* gen tag */
/* add daysValid of seconds */
then = now + (daysValid * (time_t)86400);
expandedTime = XGMTIME(&then, tmpTime);
if (expandedTime == NULL) {
WOLFSSL_MSG("XGMTIME failed");
return 0; /* error */
}
localTime = *expandedTime;
/* adjust */
localTime.tm_year += 1900;
localTime.tm_mon += 1;
SetTime(&localTime, after + afterSz);
afterSz += ASN_GEN_TIME_SZ;
/* headers and output */
seqSz = SetSequence(beforeSz + afterSz, output);
XMEMCPY(output + seqSz, before, beforeSz);
XMEMCPY(output + seqSz + beforeSz, after, afterSz);
return seqSz + beforeSz + afterSz;
}
/* ASN Encoded Name field */ /* ASN Encoded Name field */
typedef struct EncodedName { typedef struct EncodedName {
int nameLen; /* actual string value length */ int nameLen; /* actual string value length */
@@ -13433,6 +13362,81 @@ int SetName(byte* output, word32 outputSz, CertName* name)
return totalBytes; return totalBytes;
} }
/* Set Date validity from now until now + daysValid
* return size in bytes written to output, 0 on error */
static int SetValidity(byte* output, int daysValid)
{
byte before[MAX_DATE_SIZE];
byte after[MAX_DATE_SIZE];
int beforeSz;
int afterSz;
int seqSz;
time_t now;
time_t then;
struct tm* tmpTime;
struct tm* expandedTime;
struct tm localTime;
#if defined(NEED_TMP_TIME)
/* for use with gmtime_r */
struct tm tmpTimeStorage;
tmpTime = &tmpTimeStorage;
#else
tmpTime = NULL;
#endif
(void)tmpTime;
now = XTIME(0);
/* before now */
before[0] = ASN_GENERALIZED_TIME;
beforeSz = SetLength(ASN_GEN_TIME_SZ, before + 1) + 1; /* gen tag */
/* subtract 1 day of seconds for more compliance */
then = now - 86400;
expandedTime = XGMTIME(&then, tmpTime);
if (expandedTime == NULL) {
WOLFSSL_MSG("XGMTIME failed");
return 0; /* error */
}
localTime = *expandedTime;
/* adjust */
localTime.tm_year += 1900;
localTime.tm_mon += 1;
SetTime(&localTime, before + beforeSz);
beforeSz += ASN_GEN_TIME_SZ;
after[0] = ASN_GENERALIZED_TIME;
afterSz = SetLength(ASN_GEN_TIME_SZ, after + 1) + 1; /* gen tag */
/* add daysValid of seconds */
then = now + (daysValid * (time_t)86400);
expandedTime = XGMTIME(&then, tmpTime);
if (expandedTime == NULL) {
WOLFSSL_MSG("XGMTIME failed");
return 0; /* error */
}
localTime = *expandedTime;
/* adjust */
localTime.tm_year += 1900;
localTime.tm_mon += 1;
SetTime(&localTime, after + afterSz);
afterSz += ASN_GEN_TIME_SZ;
/* headers and output */
seqSz = SetSequence(beforeSz + afterSz, output);
XMEMCPY(output + seqSz, before, beforeSz);
XMEMCPY(output + seqSz + beforeSz, after, afterSz);
return seqSz + beforeSz + afterSz;
}
/* encode info from cert into DER encoded format */ /* encode info from cert into DER encoded format */
static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey, static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
WC_RNG* rng, const byte* ntruKey, word16 ntruSz, DsaKey* dsaKey, WC_RNG* rng, const byte* ntruKey, word16 ntruSz, DsaKey* dsaKey,

2
wolfcrypt/src/dh.c
View File

@@ -2103,7 +2103,6 @@ WOLFSSL_LOCAL int wc_DhKeyCopy(DhKey* src, DhKey* dst)
return ret; return ret;
} }
#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH)
if ((ret = mp_copy(&src->pub, &dst->pub)) != MP_OKAY) { if ((ret = mp_copy(&src->pub, &dst->pub)) != MP_OKAY) {
WOLFSSL_MSG("mp_copy error"); WOLFSSL_MSG("mp_copy error");
return ret; return ret;
@@ -2113,7 +2112,6 @@ WOLFSSL_LOCAL int wc_DhKeyCopy(DhKey* src, DhKey* dst)
WOLFSSL_MSG("mp_copy error"); WOLFSSL_MSG("mp_copy error");
return ret; return ret;
} }
#endif
dst->heap = src->heap; dst->heap = src->heap;

2
wolfssl/internal.h
View File

@@ -3767,7 +3767,9 @@ struct WOLFSSL_X509 {
byte serial[EXTERNAL_SERIAL_SIZE]; byte serial[EXTERNAL_SERIAL_SIZE];
char subjectCN[ASN_NAME_MAX]; /* common name short cut */ char subjectCN[ASN_NAME_MAX]; /* common name short cut */
#ifdef WOLFSSL_CERT_REQ #ifdef WOLFSSL_CERT_REQ
#ifdef OPENSSL_ALL
WOLFSSL_X509_ATTRIBUTE* challengePwAttr; WOLFSSL_X509_ATTRIBUTE* challengePwAttr;
#endif
char challengePw[CTC_NAME_SIZE]; /* for REQ certs */ char challengePw[CTC_NAME_SIZE]; /* for REQ certs */
#endif #endif
WOLFSSL_X509_NAME issuer; WOLFSSL_X509_NAME issuer;

7
wolfssl/openssl/bio.h
View File

@@ -40,7 +40,14 @@
#define BIO_FLAGS_SHOULD_RETRY WOLFSSL_BIO_FLAG_RETRY #define BIO_FLAGS_SHOULD_RETRY WOLFSSL_BIO_FLAG_RETRY
#define BIO_new_fp wolfSSL_BIO_new_fp #define BIO_new_fp wolfSSL_BIO_new_fp
#if defined(OPENSSL_ALL) \
|| defined(HAVE_STUNNEL) \
|| defined(HAVE_LIGHTY) \
|| defined(WOLFSSL_MYSQL_COMPATIBLE) \
|| defined(WOLFSSL_HAPROXY) \
|| defined(OPENSSL_EXTRA)
#define BIO_new_file wolfSSL_BIO_new_file #define BIO_new_file wolfSSL_BIO_new_file
#endif
#define BIO_new_fp wolfSSL_BIO_new_fp #define BIO_new_fp wolfSSL_BIO_new_fp
#define BIO_ctrl wolfSSL_BIO_ctrl #define BIO_ctrl wolfSSL_BIO_ctrl
#define BIO_ctrl_pending wolfSSL_BIO_ctrl_pending #define BIO_ctrl_pending wolfSSL_BIO_ctrl_pending

4
wolfssl/wolfcrypt/asn.h
View File

@@ -306,7 +306,7 @@ enum Misc_ASN {
#endif #endif
RSA_INTS = 8, /* RSA ints in private key */ RSA_INTS = 8, /* RSA ints in private key */
DSA_INTS = 5, /* DSA ints in private key */ DSA_INTS = 5, /* DSA ints in private key */
MIN_DATE_SIZE = 13, MIN_DATE_SIZE = 12,
MAX_DATE_SIZE = 32, MAX_DATE_SIZE = 32,
ASN_GEN_TIME_SZ = 15, /* 7 numbers * 2 + Zulu tag */ ASN_GEN_TIME_SZ = 15, /* 7 numbers * 2 + Zulu tag */
#ifndef NO_RSA #ifndef NO_RSA
@@ -679,7 +679,7 @@ struct SignatureCtx {
#ifndef NO_RSA #ifndef NO_RSA
byte* out; byte* out;
#endif #endif
#if !defined(NO_RSA) && !defined(NO_DSA) #if !(defined(NO_RSA) && defined(NO_DSA))
byte* sigCpy; byte* sigCpy;
#endif #endif
#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)

5
wolfssl/wolfcrypt/dh.h
View File

@@ -121,12 +121,7 @@ WOLFSSL_API int wc_DhImportKeyPair(DhKey* key, const byte* priv, word32 privSz,
const byte* pub, word32 pubSz); const byte* pub, word32 pubSz);
WOLFSSL_API int wc_DhExportKeyPair(DhKey* key, byte* priv, word32* pPrivSz, WOLFSSL_API int wc_DhExportKeyPair(DhKey* key, byte* priv, word32* pPrivSz,
byte* pub, word32* pPubSz); byte* pub, word32* pPubSz);
#endif /* WOLFSSL_DH_EXTRA */
#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
WOLFSSL_LOCAL int wc_DhKeyCopy(DhKey* src, DhKey* dst); WOLFSSL_LOCAL int wc_DhKeyCopy(DhKey* src, DhKey* dst);
WOLFSSL_LOCAL int wc_DhSetFullKeys(DhKey* key,const byte* priv_key,word32 privSz,
const byte* pub_key, word32 pubSz);
#endif #endif
WOLFSSL_API int wc_DhSetCheckKey(DhKey* key, const byte* p, word32 pSz, WOLFSSL_API int wc_DhSetCheckKey(DhKey* key, const byte* p, word32 pSz,
const byte* g, word32 gSz, const byte* q, word32 qSz, const byte* g, word32 gSz, const byte* q, word32 qSz,