mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2025-08-02 04:04:39 +02:00
Merge pull request #7599 from dgarske/asn_checkcertsig
Expose `wc_CheckCertSigPubKey` with `WOLFSSL_SMALL_CERT_VERIFY`
This commit is contained in:
JacobBarthelmeh
GitHub
@@ -14057,7 +14057,7 @@ PRAGMA_GCC_DIAG_POP
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* perform cert parsing and signature check */
|
/* perform cert parsing and signature check */
|
||||||
sigRet = CheckCertSignature(cert->buffer, cert->length,
|
sigRet = wc_CheckCertSignature(cert->buffer, cert->length,
|
||||||
ssl->heap, SSL_CM(ssl));
|
ssl->heap, SSL_CM(ssl));
|
||||||
/* fail on errors here after the ParseCertRelative call, so dCert is populated */
|
/* fail on errors here after the ParseCertRelative call, so dCert is populated */
|
||||||
|
|
||||||
|
|||||||
24
tests/api.c
24
tests/api.c
@@ -53099,37 +53099,37 @@ static int test_CheckCertSignature(void)
|
|||||||
int certSz;
|
int certSz;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
ExpectIntEQ(BAD_FUNC_ARG, CheckCertSignature(NULL, 0, NULL, NULL));
|
ExpectIntEQ(BAD_FUNC_ARG, wc_CheckCertSignature(NULL, 0, NULL, NULL));
|
||||||
ExpectNotNull(cm = wolfSSL_CertManagerNew_ex(NULL));
|
ExpectNotNull(cm = wolfSSL_CertManagerNew_ex(NULL));
|
||||||
ExpectIntEQ(BAD_FUNC_ARG, CheckCertSignature(NULL, 0, NULL, cm));
|
ExpectIntEQ(BAD_FUNC_ARG, wc_CheckCertSignature(NULL, 0, NULL, cm));
|
||||||
|
|
||||||
#ifndef NO_RSA
|
#ifndef NO_RSA
|
||||||
#ifdef USE_CERT_BUFFERS_1024
|
#ifdef USE_CERT_BUFFERS_1024
|
||||||
ExpectIntEQ(ASN_NO_SIGNER_E, CheckCertSignature(server_cert_der_1024,
|
ExpectIntEQ(ASN_NO_SIGNER_E, wc_CheckCertSignature(server_cert_der_1024,
|
||||||
sizeof_server_cert_der_1024, NULL, cm));
|
sizeof_server_cert_der_1024, NULL, cm));
|
||||||
ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCABuffer(cm,
|
ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCABuffer(cm,
|
||||||
ca_cert_der_1024, sizeof_ca_cert_der_1024,
|
ca_cert_der_1024, sizeof_ca_cert_der_1024,
|
||||||
WOLFSSL_FILETYPE_ASN1));
|
WOLFSSL_FILETYPE_ASN1));
|
||||||
ExpectIntEQ(0, CheckCertSignature(server_cert_der_1024,
|
ExpectIntEQ(0, wc_CheckCertSignature(server_cert_der_1024,
|
||||||
sizeof_server_cert_der_1024, NULL, cm));
|
sizeof_server_cert_der_1024, NULL, cm));
|
||||||
#elif defined(USE_CERT_BUFFERS_2048)
|
#elif defined(USE_CERT_BUFFERS_2048)
|
||||||
ExpectIntEQ(ASN_NO_SIGNER_E, CheckCertSignature(server_cert_der_2048,
|
ExpectIntEQ(ASN_NO_SIGNER_E, wc_CheckCertSignature(server_cert_der_2048,
|
||||||
sizeof_server_cert_der_2048, NULL, cm));
|
sizeof_server_cert_der_2048, NULL, cm));
|
||||||
ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCABuffer(cm,
|
ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCABuffer(cm,
|
||||||
ca_cert_der_2048, sizeof_ca_cert_der_2048,
|
ca_cert_der_2048, sizeof_ca_cert_der_2048,
|
||||||
WOLFSSL_FILETYPE_ASN1));
|
WOLFSSL_FILETYPE_ASN1));
|
||||||
ExpectIntEQ(0, CheckCertSignature(server_cert_der_2048,
|
ExpectIntEQ(0, wc_CheckCertSignature(server_cert_der_2048,
|
||||||
sizeof_server_cert_der_2048, NULL, cm));
|
sizeof_server_cert_der_2048, NULL, cm));
|
||||||
#endif
|
#endif
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
|
#if defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
|
||||||
ExpectIntEQ(ASN_NO_SIGNER_E, CheckCertSignature(serv_ecc_der_256,
|
ExpectIntEQ(ASN_NO_SIGNER_E, wc_CheckCertSignature(serv_ecc_der_256,
|
||||||
sizeof_serv_ecc_der_256, NULL, cm));
|
sizeof_serv_ecc_der_256, NULL, cm));
|
||||||
ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCABuffer(cm,
|
ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCABuffer(cm,
|
||||||
ca_ecc_cert_der_256, sizeof_ca_ecc_cert_der_256,
|
ca_ecc_cert_der_256, sizeof_ca_ecc_cert_der_256,
|
||||||
WOLFSSL_FILETYPE_ASN1));
|
WOLFSSL_FILETYPE_ASN1));
|
||||||
ExpectIntEQ(0, CheckCertSignature(serv_ecc_der_256, sizeof_serv_ecc_der_256,
|
ExpectIntEQ(0, wc_CheckCertSignature(serv_ecc_der_256, sizeof_serv_ecc_der_256,
|
||||||
NULL, cm));
|
NULL, cm));
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@@ -53144,10 +53144,10 @@ static int test_CheckCertSignature(void)
|
|||||||
XFCLOSE(fp);
|
XFCLOSE(fp);
|
||||||
fp = XBADFILE;
|
fp = XBADFILE;
|
||||||
}
|
}
|
||||||
ExpectIntEQ(ASN_NO_SIGNER_E, CheckCertSignature(cert, certSz, NULL, cm));
|
ExpectIntEQ(ASN_NO_SIGNER_E, wc_CheckCertSignature(cert, certSz, NULL, cm));
|
||||||
ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCA(cm,
|
ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCA(cm,
|
||||||
"./certs/ca-cert.pem", NULL));
|
"./certs/ca-cert.pem", NULL));
|
||||||
ExpectIntEQ(0, CheckCertSignature(cert, certSz, NULL, cm));
|
ExpectIntEQ(0, wc_CheckCertSignature(cert, certSz, NULL, cm));
|
||||||
#endif
|
#endif
|
||||||
#ifdef HAVE_ECC
|
#ifdef HAVE_ECC
|
||||||
ExpectTrue((fp = XFOPEN("./certs/server-ecc.der", "rb")) != XBADFILE);
|
ExpectTrue((fp = XFOPEN("./certs/server-ecc.der", "rb")) != XBADFILE);
|
||||||
@@ -53156,10 +53156,10 @@ static int test_CheckCertSignature(void)
|
|||||||
XFCLOSE(fp);
|
XFCLOSE(fp);
|
||||||
fp = XBADFILE;
|
fp = XBADFILE;
|
||||||
}
|
}
|
||||||
ExpectIntEQ(ASN_NO_SIGNER_E, CheckCertSignature(cert, certSz, NULL, cm));
|
ExpectIntEQ(ASN_NO_SIGNER_E, wc_CheckCertSignature(cert, certSz, NULL, cm));
|
||||||
ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCA(cm,
|
ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCA(cm,
|
||||||
"./certs/ca-ecc-cert.pem", NULL));
|
"./certs/ca-ecc-cert.pem", NULL));
|
||||||
ExpectIntEQ(0, CheckCertSignature(cert, certSz, NULL, cm));
|
ExpectIntEQ(0, wc_CheckCertSignature(cert, certSz, NULL, cm));
|
||||||
#endif
|
#endif
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|||||||
@@ -23239,9 +23239,7 @@ static int CheckCertSignature_ex(const byte* cert, word32 certSz, void* heap,
|
|||||||
#endif /* WOLFSSL_ASN_TEMPLATE */
|
#endif /* WOLFSSL_ASN_TEMPLATE */
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef OPENSSL_EXTRA
|
/* Call CheckCertSignature_ex using a public key buffer for verification */
|
||||||
/* Call CheckCertSignature_ex using a public key buffer for verification
|
|
||||||
*/
|
|
||||||
int CheckCertSignaturePubKey(const byte* cert, word32 certSz, void* heap,
|
int CheckCertSignaturePubKey(const byte* cert, word32 certSz, void* heap,
|
||||||
const byte* pubKey, word32 pubKeySz, int pubKeyOID)
|
const byte* pubKey, word32 pubKeySz, int pubKeyOID)
|
||||||
{
|
{
|
||||||
@@ -23249,6 +23247,7 @@ int CheckCertSignaturePubKey(const byte* cert, word32 certSz, void* heap,
|
|||||||
pubKey, pubKeySz, pubKeyOID, 0);
|
pubKey, pubKeySz, pubKeyOID, 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Call CheckCertSignature_ex using a public key and oid */
|
||||||
int wc_CheckCertSigPubKey(const byte* cert, word32 certSz, void* heap,
|
int wc_CheckCertSigPubKey(const byte* cert, word32 certSz, void* heap,
|
||||||
const byte* pubKey, word32 pubKeySz, int pubKeyOID)
|
const byte* pubKey, word32 pubKeySz, int pubKeyOID)
|
||||||
{
|
{
|
||||||
@@ -23264,15 +23263,12 @@ int CheckCSRSignaturePubKey(const byte* cert, word32 certSz, void* heap,
|
|||||||
pubKey, pubKeySz, pubKeyOID, 1);
|
pubKey, pubKeySz, pubKeyOID, 1);
|
||||||
}
|
}
|
||||||
#endif /* WOLFSSL_CERT_REQ */
|
#endif /* WOLFSSL_CERT_REQ */
|
||||||
#endif /* OPENSSL_EXTRA */
|
|
||||||
#ifdef WOLFSSL_SMALL_CERT_VERIFY
|
/* Call CheckCertSignature_ex using a certificate manager (cm) */
|
||||||
/* Call CheckCertSignature_ex using a certificate manager (cm)
|
int wc_CheckCertSignature(const byte* cert, word32 certSz, void* heap, void* cm)
|
||||||
*/
|
|
||||||
int CheckCertSignature(const byte* cert, word32 certSz, void* heap, void* cm)
|
|
||||||
{
|
{
|
||||||
return CheckCertSignature_ex(cert, certSz, heap, cm, NULL, 0, 0, 0);
|
return CheckCertSignature_ex(cert, certSz, heap, cm, NULL, 0, 0, 0);
|
||||||
}
|
}
|
||||||
#endif /* WOLFSSL_SMALL_CERT_VERIFY */
|
|
||||||
#endif /* WOLFSSL_SMALL_CERT_VERIFY || OPENSSL_EXTRA */
|
#endif /* WOLFSSL_SMALL_CERT_VERIFY || OPENSSL_EXTRA */
|
||||||
|
|
||||||
#if (defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT) || \
|
#if (defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT) || \
|
||||||
|
|||||||
@@ -2149,14 +2149,20 @@ WOLFSSL_LOCAL int DecodePolicyOID(char *out, word32 outSz, const byte *in,
|
|||||||
word32 inSz);
|
word32 inSz);
|
||||||
WOLFSSL_LOCAL int EncodePolicyOID(byte *out, word32 *outSz,
|
WOLFSSL_LOCAL int EncodePolicyOID(byte *out, word32 *outSz,
|
||||||
const char *in, void* heap);
|
const char *in, void* heap);
|
||||||
WOLFSSL_API int CheckCertSignature(const byte*,word32,void*,void* cm);
|
|
||||||
WOLFSSL_LOCAL int CheckCertSignaturePubKey(const byte* cert, word32 certSz,
|
WOLFSSL_LOCAL int CheckCertSignaturePubKey(const byte* cert, word32 certSz,
|
||||||
void* heap, const byte* pubKey, word32 pubKeySz, int pubKeyOID);
|
void* heap, const byte* pubKey, word32 pubKeySz, int pubKeyOID);
|
||||||
#ifdef OPENSSL_EXTRA
|
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_SMALL_CERT_VERIFY)
|
||||||
WOLFSSL_API int wc_CheckCertSigPubKey(const byte* cert, word32 certSz,
|
WOLFSSL_API int wc_CheckCertSignature(const byte* cert, word32 certSz,
|
||||||
void* heap, const byte* pubKey,
|
void* heap, void* cm);
|
||||||
word32 pubKeySz, int pubKeyOID);
|
/* Depricated public API name kept for backwards build compatibility */
|
||||||
#endif
|
#define CheckCertSignature(cert, certSz, heap, cm) \
|
||||||
|
wc_CheckCertSignature(cert, certSz, heap, cm)
|
||||||
|
|
||||||
|
WOLFSSL_API int wc_CheckCertSigPubKey(const byte* cert, word32 certSz,
|
||||||
|
void* heap, const byte* pubKey,
|
||||||
|
word32 pubKeySz, int pubKeyOID);
|
||||||
|
#endif /* OPENSSL_EXTRA || WOLFSSL_SMALL_CERT_VERIFY */
|
||||||
|
|
||||||
#ifdef WOLFSSL_DUAL_ALG_CERTS
|
#ifdef WOLFSSL_DUAL_ALG_CERTS
|
||||||
WOLFSSL_LOCAL int wc_ConfirmAltSignature(
|
WOLFSSL_LOCAL int wc_ConfirmAltSignature(
|
||||||
const byte* buf, word32 bufSz,
|
const byte* buf, word32 bufSz,
|
||||||
|
|||||||
Reference in New Issue
Block a user