wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-02 12:14:38 +02:00
Code Issues Packages Projects Releases Wiki Activity

Implement new OpenSSL API

Browse Source 
- i2d_PKCS8PrivateKey_bio
- X509V3_EXT_i2d
- SSL_renegotiate_pending
This commit is contained in:
Juliusz Sosinowicz
2020-06-03 22:43:05 +02:00
parent 4a167c0f2c
commit 3621af9996
5 changed files with 186 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

177
src/ssl.c
View File

@@ -8629,11 +8629,8 @@ const WOLFSSL_v3_ext_method* wolfSSL_X509V3_EXT_get(WOLFSSL_X509_EXTENSION* ex)
WOLFSSL_MSG("Passed an invalid X509_EXTENSION*"); WOLFSSL_MSG("Passed an invalid X509_EXTENSION*");
return NULL; return NULL;
} }
/* Initialize all methods to NULL */ /* Initialize method to 0 */
method.d2i = NULL; XMEMSET(&method, 0, sizeof(struct WOLFSSL_v3_ext_method));
method.i2v = NULL;
method.i2s = NULL;
method.i2r = NULL;
nid = ex->obj->nid; nid = ex->obj->nid;
if (nid <= 0) { if (nid <= 0) {
@@ -9601,6 +9598,161 @@ void wolfSSL_X509V3_set_ctx_nodb(WOLFSSL_X509V3_CTX* ctx)
} }
#endif /* !NO_WOLFSSL_STUB */ #endif /* !NO_WOLFSSL_STUB */
#if defined(OPENSSL_ALL)
static WOLFSSL_ASN1_STRING* wolfSSL_d2i_ASN1_STRING(WOLFSSL_ASN1_STRING **out,
const unsigned char **in,
long inSz)
{
WOLFSSL_ASN1_STRING* ret = NULL;
WOLFSSL_ASN1_STRING* tmp = NULL;
WOLFSSL_ENTER("wolfSSL_d2i_ASN1_STRING";)
if (!in || !*in || inSz <= 0) {
WOLFSSL_MSG("Bad parameters")
return NULL;
}
if (!out || !*out) {
if (!(ret = tmp = wolfSSL_ASN1_STRING_new())) {
WOLFSSL_MSG("wolfSSL_ASN1_STRING_new error");
return NULL;
}
}
else {
ret = *out;
}
if (wolfSSL_ASN1_STRING_set(ret, *in, inSz) != WOLFSSL_SUCCESS) {
if (tmp) {
wolfSSL_ASN1_STRING_free(tmp);
}
return NULL;
}
*in += inSz;
*out = ret;
return ret;
}
static int wolfSSL_i2d_ASN1_STRING(WOLFSSL_ASN1_STRING *s, unsigned char **out)
{
if (!s)
return WOLFSSL_FAILURE;
if (!out)
return s->length;
if (s->length) {
XMEMCPY(*out, s->data, s->length);
*out += s->length;
}
return s->length;
}
static void wolfSSL_X509V3_EXT_METHOD_populate(WOLFSSL_v3_ext_method *method,
int nid)
{
if (!method)
return;
WOLFSSL_ENTER("wolfSSL_X509V3_EXT_METHOD_populate");
switch (nid) {
case NID_subject_key_identifier:
method->i2s = (X509V3_EXT_I2S)wolfSSL_i2s_ASN1_STRING;
FALL_THROUGH;
case NID_authority_key_identifier:
case NID_key_usage:
method->i2d = (X509V3_EXT_I2D)wolfSSL_i2d_ASN1_STRING;
method->d2i = (X509V3_EXT_D2I)wolfSSL_d2i_ASN1_STRING;
break;
case NID_certificate_policies:
case NID_policy_mappings:
case NID_subject_alt_name:
case NID_issuer_alt_name:
case NID_basic_constraints:
case NID_name_constraints:
case NID_policy_constraints:
case NID_ext_key_usage:
case NID_crl_distribution_points:
case NID_inhibit_any_policy:
case NID_info_access:
WOLFSSL_MSG("Nothing to populate for current NID");
break;
default:
WOLFSSL_MSG("Unknown or unsupported NID");
break;
}
return;
}
WOLFSSL_X509_EXTENSION *wolfSSL_X509V3_EXT_i2d(int nid, int crit,
void *data)
{
WOLFSSL_X509_EXTENSION *ext = NULL;
WOLFSSL_ENTER("wolfSSL_X509V3_EXT_i2d");
if (!data) {
return NULL;
}
if (!(ext = wolfSSL_X509_EXTENSION_new())) {
return NULL;
}
wolfSSL_X509V3_EXT_METHOD_populate(&ext->ext_method, nid);
switch (nid) {
case NID_subject_key_identifier:
case NID_authority_key_identifier:
case NID_key_usage:
{
WOLFSSL_ASN1_STRING* asn1str = (WOLFSSL_ASN1_STRING*)data;
ext->value = *asn1str;
if (asn1str->isDynamic) {
ext->value.data = (char*)XMALLOC(asn1str->length, NULL,
DYNAMIC_TYPE_OPENSSL);
if (!ext->value.data) {
WOLFSSL_MSG("malloc failed");
/* Zero so that no existing memory is freed */
XMEMSET(&ext->value, 0, sizeof(WOLFSSL_ASN1_STRING));
goto err_cleanup;
}
XMEMCPY(ext->value.data, asn1str->data, asn1str->length);
}
else {
ext->value.data = ext->value.strData;
}
break;
}
case NID_certificate_policies:
case NID_policy_mappings:
case NID_subject_alt_name:
case NID_issuer_alt_name:
case NID_basic_constraints:
case NID_name_constraints:
case NID_policy_constraints:
case NID_ext_key_usage:
case NID_crl_distribution_points:
case NID_inhibit_any_policy:
case NID_info_access:
default:
WOLFSSL_MSG("Unknown or unsupported NID");
break;
}
ext->crit = crit;
return ext;
err_cleanup:
if (ext) {
wolfSSL_X509_EXTENSION_free(ext);
}
return NULL;
}
/* Returns pointer to ASN1_OBJECT from an X509_EXTENSION object */ /* Returns pointer to ASN1_OBJECT from an X509_EXTENSION object */
WOLFSSL_ASN1_OBJECT* wolfSSL_X509_EXTENSION_get_object \ WOLFSSL_ASN1_OBJECT* wolfSSL_X509_EXTENSION_get_object \
(WOLFSSL_X509_EXTENSION* ext) (WOLFSSL_X509_EXTENSION* ext)
@@ -9610,6 +9762,7 @@ WOLFSSL_ASN1_OBJECT* wolfSSL_X509_EXTENSION_get_object \
return NULL; return NULL;
return ext->obj; return ext->obj;
} }
#endif /* OPENSSL_ALL */
/* Returns pointer to ASN1_STRING in X509_EXTENSION object */ /* Returns pointer to ASN1_STRING in X509_EXTENSION object */
WOLFSSL_ASN1_STRING* wolfSSL_X509_EXTENSION_get_data(WOLFSSL_X509_EXTENSION* ext) WOLFSSL_ASN1_STRING* wolfSSL_X509_EXTENSION_get_data(WOLFSSL_X509_EXTENSION* ext)
@@ -20438,9 +20591,9 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b)
asn1->data = NULL; asn1->data = NULL;
} }
if (sz + 1 > CTC_NAME_SIZE) { if (sz + 1 > CTC_NAME_SIZE) { /* account for null char */
/* create new data buffer and copy over +1 for null */ /* create new data buffer and copy over */
asn1->data = (char*)XMALLOC(sz + 1, NULL, DYNAMIC_TYPE_OPENSSL); asn1->data = (char*)XMALLOC(sz, NULL, DYNAMIC_TYPE_OPENSSL);
if (asn1->data == NULL) { if (asn1->data == NULL) {
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
} }
@@ -24903,6 +25056,14 @@ long wolfSSL_num_renegotiations(WOLFSSL* s)
return s->secure_rene_count; return s->secure_rene_count;
} }
/* Is there a renegotiation currently in progress? */
int wolfSSL_SSL_renegotiate_pending(WOLFSSL *s)
{
return s && s->options.handShakeDone &&
s->options.handShakeState != HANDSHAKE_DONE ? 1 : 0;
}
#endif /* HAVE_SECURE_RENEGOTIATION || HAVE_SERVER_RENEGOTIATION_INFO */ #endif /* HAVE_SECURE_RENEGOTIATION || HAVE_SERVER_RENEGOTIATION_INFO */
#ifndef NO_DH #ifndef NO_DH

17
tests/api.c
View File

@@ -4786,8 +4786,8 @@ static void test_wolfSSL_PKCS12(void)
WOLFSSL_X509 *cert; WOLFSSL_X509 *cert;
WOLFSSL_X509 *tmp; WOLFSSL_X509 *tmp;
WOLF_STACK_OF(WOLFSSL_X509) *ca; WOLF_STACK_OF(WOLFSSL_X509) *ca;
#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \ #if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \
|| defined(WOLFSSL_NGINX) || defined(WOLFSSL_NGINX)) && defined(SESSION_CERTS)
WOLFSSL_CTX *ctx; WOLFSSL_CTX *ctx;
WOLFSSL *ssl; WOLFSSL *ssl;
WOLF_STACK_OF(WOLFSSL_X509) *tmp_ca = NULL; WOLF_STACK_OF(WOLFSSL_X509) *tmp_ca = NULL;
@@ -4833,11 +4833,11 @@ static void test_wolfSSL_PKCS12(void)
AssertNotNull(cert); AssertNotNull(cert);
AssertNotNull(ca); AssertNotNull(ca);
#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \ #if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \
|| defined(WOLFSSL_NGINX) || defined(WOLFSSL_NGINX)) && defined(SESSION_CERTS)
/* Check that SSL_CTX_set0_chain correctly sets the certChain buffer */ /* Check that SSL_CTX_set0_chain correctly sets the certChain buffer */
#ifndef NO_WOLFSSL_CLIENT #if !defined(NO_WOLFSSL_CLIENT) && defined(SESSION_CERTS)
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
#else #else
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
@@ -31263,7 +31263,7 @@ static void test_wolfSSL_X509V3_EXT_get(void) {
#endif #endif
} }
static void test_wolfSSL_X509V3_EXT_d2i(void) { static void test_wolfSSL_X509V3_EXT(void) {
#if !defined(NO_FILESYSTEM) && defined (OPENSSL_ALL) #if !defined(NO_FILESYSTEM) && defined (OPENSSL_ALL)
FILE* f; FILE* f;
int numOfExt = 0, nid = 0, i = 0, expected, actual; int numOfExt = 0, nid = 0, i = 0, expected, actual;
@@ -31272,6 +31272,7 @@ static void test_wolfSSL_X509V3_EXT_d2i(void) {
const WOLFSSL_v3_ext_method* method; const WOLFSSL_v3_ext_method* method;
WOLFSSL_X509* x509; WOLFSSL_X509* x509;
WOLFSSL_X509_EXTENSION* ext; WOLFSSL_X509_EXTENSION* ext;
WOLFSSL_X509_EXTENSION* ext2;
WOLFSSL_ASN1_OBJECT *obj, *adObj; WOLFSSL_ASN1_OBJECT *obj, *adObj;
WOLFSSL_ASN1_STRING* asn1str; WOLFSSL_ASN1_STRING* asn1str;
WOLFSSL_AUTHORITY_KEYID* aKeyId; WOLFSSL_AUTHORITY_KEYID* aKeyId;
@@ -31309,6 +31310,8 @@ static void test_wolfSSL_X509V3_EXT_d2i(void) {
AssertIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_subject_key_identifier); AssertIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_subject_key_identifier);
AssertNotNull(asn1str = (WOLFSSL_ASN1_STRING*)wolfSSL_X509V3_EXT_d2i(ext)); AssertNotNull(asn1str = (WOLFSSL_ASN1_STRING*)wolfSSL_X509V3_EXT_d2i(ext));
AssertNotNull(ext2 = wolfSSL_X509V3_EXT_i2d(NID_subject_key_identifier, 0,
asn1str));
AssertNotNull(method = wolfSSL_X509V3_EXT_get(ext)); AssertNotNull(method = wolfSSL_X509V3_EXT_get(ext));
AssertNotNull(method->i2s); AssertNotNull(method->i2s);
AssertNotNull(str = method->i2s((WOLFSSL_v3_ext_method*)method, asn1str)); AssertNotNull(str = method->i2s((WOLFSSL_v3_ext_method*)method, asn1str));
@@ -35695,7 +35698,7 @@ void ApiTest(void)
test_wolfSSL_BIO_get_len(); test_wolfSSL_BIO_get_len();
test_wolfSSL_RSA_verify(); test_wolfSSL_RSA_verify();
test_wolfSSL_X509V3_EXT_get(); test_wolfSSL_X509V3_EXT_get();
test_wolfSSL_X509V3_EXT_d2i(); test_wolfSSL_X509V3_EXT();
test_wolfSSL_X509_get_ext(); test_wolfSSL_X509_get_ext();
test_wolfSSL_X509_get_ext_by_NID(); test_wolfSSL_X509_get_ext_by_NID();
test_wolfSSL_X509_get_ext_count(); test_wolfSSL_X509_get_ext_count();

2
wolfssl/openssl/ssl.h
View File

@@ -175,6 +175,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define SSL_use_certificate_ASN1 wolfSSL_use_certificate_ASN1 #define SSL_use_certificate_ASN1 wolfSSL_use_certificate_ASN1
#define d2i_PKCS8_PRIV_KEY_INFO_bio wolfSSL_d2i_PKCS8_PKEY_bio #define d2i_PKCS8_PRIV_KEY_INFO_bio wolfSSL_d2i_PKCS8_PKEY_bio
#define d2i_PKCS8PrivateKey_bio wolfSSL_d2i_PKCS8PrivateKey_bio #define d2i_PKCS8PrivateKey_bio wolfSSL_d2i_PKCS8PrivateKey_bio
#define i2d_PKCS8PrivateKey_bio wolfSSL_PEM_write_bio_PKCS8PrivateKey
#define PKCS8_PRIV_KEY_INFO_free wolfSSL_EVP_PKEY_free #define PKCS8_PRIV_KEY_INFO_free wolfSSL_EVP_PKEY_free
#define d2i_PKCS12_fp wolfSSL_d2i_PKCS12_fp #define d2i_PKCS12_fp wolfSSL_d2i_PKCS12_fp
@@ -955,6 +956,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#define SSL_num_renegotiations wolfSSL_num_renegotiations #define SSL_num_renegotiations wolfSSL_num_renegotiations
#define SSL_renegotiate wolfSSL_Rehandshake #define SSL_renegotiate wolfSSL_Rehandshake
#define SSL_get_secure_renegotiation_support wolfSSL_SSL_get_secure_renegotiation_support #define SSL_get_secure_renegotiation_support wolfSSL_SSL_get_secure_renegotiation_support
#define SSL_renegotiate_pending wolfSSL_SSL_renegotiate_pending
#define SSL_set_tlsext_debug_arg wolfSSL_set_tlsext_debug_arg #define SSL_set_tlsext_debug_arg wolfSSL_set_tlsext_debug_arg
#define SSL_set_tlsext_status_type wolfSSL_set_tlsext_status_type #define SSL_set_tlsext_status_type wolfSSL_set_tlsext_status_type
#define SSL_set_tlsext_status_exts wolfSSL_set_tlsext_status_exts #define SSL_set_tlsext_status_exts wolfSSL_set_tlsext_status_exts

2
wolfssl/openssl/x509v3.h
View File

@@ -40,6 +40,7 @@
/* Forward reference */ /* Forward reference */
typedef void *(*X509V3_EXT_D2I)(void *, const unsigned char **, long); typedef void *(*X509V3_EXT_D2I)(void *, const unsigned char **, long);
typedef int (*X509V3_EXT_I2D) (void *, unsigned char **);
typedef STACK_OF(CONF_VALUE) *(*X509V3_EXT_I2V) ( typedef STACK_OF(CONF_VALUE) *(*X509V3_EXT_I2V) (
struct WOLFSSL_v3_ext_method *method, struct WOLFSSL_v3_ext_method *method,
void *ext, STACK_OF(CONF_VALUE) *extlist); void *ext, STACK_OF(CONF_VALUE) *extlist);
@@ -53,6 +54,7 @@ struct WOLFSSL_v3_ext_method {
int ext_flags; int ext_flags;
void *usr_data; void *usr_data;
X509V3_EXT_D2I d2i; X509V3_EXT_D2I d2i;
X509V3_EXT_I2D i2d;
X509V3_EXT_I2V i2v; X509V3_EXT_I2V i2v;
X509V3_EXT_I2S i2s; X509V3_EXT_I2S i2s;
X509V3_EXT_I2R i2r; X509V3_EXT_I2R i2r;

3
wolfssl/ssl.h
View File

@@ -1577,6 +1577,7 @@ WOLFSSL_API long wolfSSL_clear_options(WOLFSSL *s, long op);
WOLFSSL_API long wolfSSL_clear_num_renegotiations(WOLFSSL *s); WOLFSSL_API long wolfSSL_clear_num_renegotiations(WOLFSSL *s);
WOLFSSL_API long wolfSSL_total_renegotiations(WOLFSSL *s); WOLFSSL_API long wolfSSL_total_renegotiations(WOLFSSL *s);
WOLFSSL_API long wolfSSL_num_renegotiations(WOLFSSL* s); WOLFSSL_API long wolfSSL_num_renegotiations(WOLFSSL* s);
WOLFSSL_API int wolfSSL_SSL_renegotiate_pending(WOLFSSL *s);
WOLFSSL_API long wolfSSL_set_tmp_dh(WOLFSSL *s, WOLFSSL_DH *dh); WOLFSSL_API long wolfSSL_set_tmp_dh(WOLFSSL *s, WOLFSSL_DH *dh);
WOLFSSL_API long wolfSSL_set_tlsext_debug_arg(WOLFSSL *s, void *arg); WOLFSSL_API long wolfSSL_set_tlsext_debug_arg(WOLFSSL *s, void *arg);
WOLFSSL_API long wolfSSL_set_tlsext_status_type(WOLFSSL *s, int type); WOLFSSL_API long wolfSSL_set_tlsext_status_type(WOLFSSL *s, int type);
@@ -3319,6 +3320,8 @@ WOLFSSL_API void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509,
WOLFSSL_API int wolfSSL_X509_get_ext_count(const WOLFSSL_X509* passedCert); WOLFSSL_API int wolfSSL_X509_get_ext_count(const WOLFSSL_X509* passedCert);
WOLFSSL_API int wolfSSL_X509_get_ext_by_NID(const WOLFSSL_X509 *x, int nid, int lastpos); WOLFSSL_API int wolfSSL_X509_get_ext_by_NID(const WOLFSSL_X509 *x, int nid, int lastpos);
WOLFSSL_API int wolfSSL_X509_add_ext(WOLFSSL_X509 *x, WOLFSSL_X509_EXTENSION *ex, int loc); WOLFSSL_API int wolfSSL_X509_add_ext(WOLFSSL_X509 *x, WOLFSSL_X509_EXTENSION *ex, int loc);
WOLFSSL_API WOLFSSL_X509_EXTENSION *wolfSSL_X509V3_EXT_i2d(int nid, int crit,
void *data);
WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509V3_EXT_conf_nid( WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509V3_EXT_conf_nid(
WOLF_LHASH_OF(CONF_VALUE)* conf, WOLFSSL_X509V3_CTX* ctx, int nid, WOLF_LHASH_OF(CONF_VALUE)* conf, WOLFSSL_X509V3_CTX* ctx, int nid,
char* value); char* value);