wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-31 19:24:42 +02:00
Code Issues Packages Projects Releases Wiki Activity

add ASN_ prefixes to ISSUER, SUBJECT, BEFORE, and AFTER enum constants defined in wolfssl/wolfcrypt/asn.h.

Browse Source
This commit is contained in:
Daniel Pouzzner
2024-04-20 00:45:12 -05:00
parent 198f4030e8
commit 41efa0492c
9 changed files with 96 additions and 96 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/crl.c
View File

@@ -426,7 +426,7 @@ static int CheckCertCRLList(WOLFSSL_CRL* crl, byte* issuerHash, byte* serial,
#endif #endif
{ {
#if !defined(NO_ASN_TIME) && !defined(WOLFSSL_NO_CRL_DATE_CHECK) #if !defined(NO_ASN_TIME) && !defined(WOLFSSL_NO_CRL_DATE_CHECK)
if (!XVALIDATE_DATE(crle->nextDate,crle->nextDateFormat, AFTER)) { if (!XVALIDATE_DATE(crle->nextDate,crle->nextDateFormat, ASN_AFTER)) {
WOLFSSL_MSG("CRL next date is no longer valid"); WOLFSSL_MSG("CRL next date is no longer valid");
nextDateValid = 0; nextDateValid = 0;
} }

10
src/internal.c
View File

@@ -12636,7 +12636,7 @@ void CopyDecodedName(WOLFSSL_X509_NAME* name, DecodedCert* dCert, int nameType)
name->dynamicName = 0; name->dynamicName = 0;
} }
if (nameType == SUBJECT) { if (nameType == ASN_SUBJECT) {
XSTRNCPY(name->name, dCert->subject, ASN_NAME_MAX); XSTRNCPY(name->name, dCert->subject, ASN_NAME_MAX);
name->name[ASN_NAME_MAX - 1] = '\0'; name->name[ASN_NAME_MAX - 1] = '\0';
name->sz = (int)XSTRLEN(name->name) + 1; name->sz = (int)XSTRLEN(name->name) + 1;
@@ -12821,7 +12821,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
x509->version = dCert->version + 1; x509->version = dCert->version + 1;
CopyDecodedName(&x509->issuer, dCert, ISSUER); CopyDecodedName(&x509->issuer, dCert, ASN_ISSUER);
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
if (dCert->issuerName != NULL) { if (dCert->issuerName != NULL) {
wolfSSL_X509_set_issuer_name(x509, wolfSSL_X509_set_issuer_name(x509,
@@ -12829,7 +12829,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
x509->issuer.x509 = x509; x509->issuer.x509 = x509;
} }
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
CopyDecodedName(&x509->subject, dCert, SUBJECT); CopyDecodedName(&x509->subject, dCert, ASN_SUBJECT);
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
if (dCert->subjectName != NULL) { if (dCert->subjectName != NULL) {
wolfSSL_X509_set_subject_name(x509, wolfSSL_X509_set_subject_name(x509,
@@ -30286,7 +30286,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
InitDecodedCert(cert, input + *inOutIdx, dnSz, ssl->heap); InitDecodedCert(cert, input + *inOutIdx, dnSz, ssl->heap);
ret = GetName(cert, SUBJECT, dnSz); ret = GetName(cert, ASN_SUBJECT, dnSz);
if (ret == 0) { if (ret == 0) {
if ((name = wolfSSL_X509_NAME_new_ex(cert->heap)) == NULL) if ((name = wolfSSL_X509_NAME_new_ex(cert->heap)) == NULL)
@@ -30294,7 +30294,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
} }
if (ret == 0) { if (ret == 0) {
CopyDecodedName(name, cert, SUBJECT); CopyDecodedName(name, cert, ASN_SUBJECT);
} }
if (ret == 0) { if (ret == 0) {

4
src/ocsp.c
View File

@@ -251,10 +251,10 @@ static int GetOcspStatus(WOLFSSL_OCSP* ocsp, OcspRequest* request,
else if (*status) { else if (*status) {
#ifndef NO_ASN_TIME #ifndef NO_ASN_TIME
if (XVALIDATE_DATE((*status)->thisDate, if (XVALIDATE_DATE((*status)->thisDate,
(*status)->thisDateFormat, BEFORE) (*status)->thisDateFormat, ASN_BEFORE)
&& ((*status)->nextDate[0] != 0) && ((*status)->nextDate[0] != 0)
&& XVALIDATE_DATE((*status)->nextDate, && XVALIDATE_DATE((*status)->nextDate,
(*status)->nextDateFormat, AFTER)) (*status)->nextDateFormat, ASN_AFTER))
#endif #endif
{ {
ret = xstat2err((*status)->status); ret = xstat2err((*status)->status);

4
src/tls.c
View File

@@ -6907,14 +6907,14 @@ static int TLSX_CA_Names_Parse(WOLFSSL *ssl, const byte* input,
InitDecodedCert(cert, input + idx, extLen, ssl->heap); InitDecodedCert(cert, input + idx, extLen, ssl->heap);
didInit = TRUE; didInit = TRUE;
idx += extLen; idx += extLen;
ret = GetName(cert, SUBJECT, extLen); ret = GetName(cert, ASN_SUBJECT, extLen);
} }
if (ret == 0 && (name = wolfSSL_X509_NAME_new()) == NULL) if (ret == 0 && (name = wolfSSL_X509_NAME_new()) == NULL)
ret = MEMORY_ERROR; ret = MEMORY_ERROR;
if (ret == 0) { if (ret == 0) {
CopyDecodedName(name, cert, SUBJECT); CopyDecodedName(name, cert, ASN_SUBJECT);
if (wolfSSL_sk_X509_NAME_push(ssl->client_ca_names, name) if (wolfSSL_sk_X509_NAME_push(ssl->client_ca_names, name)
== WOLFSSL_FAILURE) == WOLFSSL_FAILURE)
ret = MEMORY_ERROR; ret = MEMORY_ERROR;

2
src/x509.c
View File

@@ -11113,7 +11113,7 @@ int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* name, unsigned char** out)
InitDecodedCert(cert, *in, (word32)length, NULL); InitDecodedCert(cert, *in, (word32)length, NULL);
/* Parse the X509 subject name */ /* Parse the X509 subject name */
if (GetName(cert, SUBJECT, (int)length) != 0) { if (GetName(cert, ASN_SUBJECT, (int)length) != 0) {
WOLFSSL_MSG("WOLFSSL_X509_NAME parse error"); WOLFSSL_MSG("WOLFSSL_X509_NAME parse error");
goto cleanup; goto cleanup;
} }

4
src/x509_str.c
View File

@@ -281,11 +281,11 @@ int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx)
byte *beforeDate = ctx->current_cert->notBefore.data; byte *beforeDate = ctx->current_cert->notBefore.data;
if (XVALIDATE_DATE(afterDate, if (XVALIDATE_DATE(afterDate,
(byte)ctx->current_cert->notAfter.type, AFTER) < 1) { (byte)ctx->current_cert->notAfter.type, ASN_AFTER) < 1) {
ret = ASN_AFTER_DATE_E; ret = ASN_AFTER_DATE_E;
} }
else if (XVALIDATE_DATE(beforeDate, else if (XVALIDATE_DATE(beforeDate,
(byte)ctx->current_cert->notBefore.type, BEFORE) < 1) { (byte)ctx->current_cert->notBefore.type, ASN_BEFORE) < 1) {
ret = ASN_BEFORE_DATE_E; ret = ASN_BEFORE_DATE_E;
} }
SetupStoreCtxError(ctx, ret); SetupStoreCtxError(ctx, ret);

156
wolfcrypt/src/asn.c
View File

@@ -13830,13 +13830,13 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
#if defined(HAVE_PKCS7) || defined(WOLFSSL_CERT_EXT) #if defined(HAVE_PKCS7) || defined(WOLFSSL_CERT_EXT)
/* store pointer to raw issuer */ /* store pointer to raw issuer */
if (nameType == ISSUER) { if (nameType == ASN_ISSUER) {
cert->issuerRaw = &input[srcIdx]; cert->issuerRaw = &input[srcIdx];
cert->issuerRawLen = length; cert->issuerRawLen = length;
} }
#endif #endif
#if !defined(IGNORE_NAME_CONSTRAINTS) || defined(WOLFSSL_CERT_EXT) #if !defined(IGNORE_NAME_CONSTRAINTS) || defined(WOLFSSL_CERT_EXT)
if (nameType == SUBJECT) { if (nameType == ASN_SUBJECT) {
cert->subjectRaw = &input[srcIdx]; cert->subjectRaw = &input[srcIdx];
cert->subjectRawLen = length; cert->subjectRawLen = length;
} }
@@ -13917,14 +13917,14 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
#endif #endif
if (id == ASN_COMMON_NAME) { if (id == ASN_COMMON_NAME) {
if (nameType == SUBJECT) { if (nameType == ASN_SUBJECT) {
cert->subjectCN = (char *)&input[srcIdx]; cert->subjectCN = (char *)&input[srcIdx];
cert->subjectCNLen = strLen; cert->subjectCNLen = strLen;
cert->subjectCNEnc = (char)b; cert->subjectCNEnc = (char)b;
} }
#if (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)) && \ #if (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)) && \
defined(WOLFSSL_HAVE_ISSUER_NAMES) defined(WOLFSSL_HAVE_ISSUER_NAMES)
else if (nameType == ISSUER) { else if (nameType == ASN_ISSUER) {
cert->issuerCN = (char*)&input[srcIdx]; cert->issuerCN = (char*)&input[srcIdx];
cert->issuerCNLen = strLen; cert->issuerCNLen = strLen;
cert->issuerCNEnc = (char)b; cert->issuerCNEnc = (char)b;
@@ -13943,7 +13943,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
copy = WOLFSSL_NAME; copy = WOLFSSL_NAME;
copyLen = sizeof(WOLFSSL_NAME) - 1; copyLen = sizeof(WOLFSSL_NAME) - 1;
#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
if (nameType == SUBJECT) { if (nameType == ASN_SUBJECT) {
cert->subjectN = (char*)&input[srcIdx]; cert->subjectN = (char*)&input[srcIdx];
cert->subjectNLen = strLen; cert->subjectNLen = strLen;
cert->subjectNEnc = b; cert->subjectNEnc = b;
@@ -13959,7 +13959,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
copy = WOLFSSL_INITIALS; copy = WOLFSSL_INITIALS;
copyLen = sizeof(WOLFSSL_INITIALS) - 1; copyLen = sizeof(WOLFSSL_INITIALS) - 1;
#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
if (nameType == SUBJECT) { if (nameType == ASN_SUBJECT) {
cert->subjectI = (char*)&input[srcIdx]; cert->subjectI = (char*)&input[srcIdx];
cert->subjectILen = strLen; cert->subjectILen = strLen;
cert->subjectIEnc = b; cert->subjectIEnc = b;
@@ -13975,7 +13975,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
copy = WOLFSSL_GIVEN_NAME; copy = WOLFSSL_GIVEN_NAME;
copyLen = sizeof(WOLFSSL_GIVEN_NAME) - 1; copyLen = sizeof(WOLFSSL_GIVEN_NAME) - 1;
#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
if (nameType == SUBJECT) { if (nameType == ASN_SUBJECT) {
cert->subjectGN = (char*)&input[srcIdx]; cert->subjectGN = (char*)&input[srcIdx];
cert->subjectGNLen = strLen; cert->subjectGNLen = strLen;
cert->subjectGNEnc = b; cert->subjectGNEnc = b;
@@ -13991,7 +13991,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
copy = WOLFSSL_DNQUALIFIER; copy = WOLFSSL_DNQUALIFIER;
copyLen = sizeof(WOLFSSL_DNQUALIFIER) - 1; copyLen = sizeof(WOLFSSL_DNQUALIFIER) - 1;
#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
if (nameType == SUBJECT) { if (nameType == ASN_SUBJECT) {
cert->subjectDNQ = (char*)&input[srcIdx]; cert->subjectDNQ = (char*)&input[srcIdx];
cert->subjectDNQLen = strLen; cert->subjectDNQLen = strLen;
cert->subjectDNQEnc = b; cert->subjectDNQEnc = b;
@@ -14008,13 +14008,13 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
copy = WOLFSSL_SUR_NAME; copy = WOLFSSL_SUR_NAME;
copyLen = sizeof(WOLFSSL_SUR_NAME) - 1; copyLen = sizeof(WOLFSSL_SUR_NAME) - 1;
#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
if (nameType == SUBJECT) { if (nameType == ASN_SUBJECT) {
cert->subjectSN = (char*)&input[srcIdx]; cert->subjectSN = (char*)&input[srcIdx];
cert->subjectSNLen = strLen; cert->subjectSNLen = strLen;
cert->subjectSNEnc = (char)b; cert->subjectSNEnc = (char)b;
} }
#if defined(WOLFSSL_HAVE_ISSUER_NAMES) #if defined(WOLFSSL_HAVE_ISSUER_NAMES)
else if (nameType == ISSUER) { else if (nameType == ASN_ISSUER) {
cert->issuerSN = (char*)&input[srcIdx]; cert->issuerSN = (char*)&input[srcIdx];
cert->issuerSNLen = strLen; cert->issuerSNLen = strLen;
cert->issuerSNEnc = (char)b; cert->issuerSNEnc = (char)b;
@@ -14031,13 +14031,13 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
copy = WOLFSSL_COUNTRY_NAME; copy = WOLFSSL_COUNTRY_NAME;
copyLen = sizeof(WOLFSSL_COUNTRY_NAME) - 1; copyLen = sizeof(WOLFSSL_COUNTRY_NAME) - 1;
#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
if (nameType == SUBJECT) { if (nameType == ASN_SUBJECT) {
cert->subjectC = (char*)&input[srcIdx]; cert->subjectC = (char*)&input[srcIdx];
cert->subjectCLen = strLen; cert->subjectCLen = strLen;
cert->subjectCEnc = (char)b; cert->subjectCEnc = (char)b;
} }
#if defined(WOLFSSL_HAVE_ISSUER_NAMES) #if defined(WOLFSSL_HAVE_ISSUER_NAMES)
else if (nameType == ISSUER) { else if (nameType == ASN_ISSUER) {
cert->issuerC = (char*)&input[srcIdx]; cert->issuerC = (char*)&input[srcIdx];
cert->issuerCLen = strLen; cert->issuerCLen = strLen;
cert->issuerCEnc = (char)b; cert->issuerCEnc = (char)b;
@@ -14054,13 +14054,13 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
copy = WOLFSSL_LOCALITY_NAME; copy = WOLFSSL_LOCALITY_NAME;
copyLen = sizeof(WOLFSSL_LOCALITY_NAME) - 1; copyLen = sizeof(WOLFSSL_LOCALITY_NAME) - 1;
#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
if (nameType == SUBJECT) { if (nameType == ASN_SUBJECT) {
cert->subjectL = (char*)&input[srcIdx]; cert->subjectL = (char*)&input[srcIdx];
cert->subjectLLen = strLen; cert->subjectLLen = strLen;
cert->subjectLEnc = (char)b; cert->subjectLEnc = (char)b;
} }
#if defined(WOLFSSL_HAVE_ISSUER_NAMES) #if defined(WOLFSSL_HAVE_ISSUER_NAMES)
else if (nameType == ISSUER) { else if (nameType == ASN_ISSUER) {
cert->issuerL = (char*)&input[srcIdx]; cert->issuerL = (char*)&input[srcIdx];
cert->issuerLLen = strLen; cert->issuerLLen = strLen;
cert->issuerLEnc = (char)b; cert->issuerLEnc = (char)b;
@@ -14077,13 +14077,13 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
copy = WOLFSSL_STATE_NAME; copy = WOLFSSL_STATE_NAME;
copyLen = sizeof(WOLFSSL_STATE_NAME) - 1; copyLen = sizeof(WOLFSSL_STATE_NAME) - 1;
#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
if (nameType == SUBJECT) { if (nameType == ASN_SUBJECT) {
cert->subjectST = (char*)&input[srcIdx]; cert->subjectST = (char*)&input[srcIdx];
cert->subjectSTLen = strLen; cert->subjectSTLen = strLen;
cert->subjectSTEnc = (char)b; cert->subjectSTEnc = (char)b;
} }
#if defined(WOLFSSL_HAVE_ISSUER_NAMES) #if defined(WOLFSSL_HAVE_ISSUER_NAMES)
else if (nameType == ISSUER) { else if (nameType == ASN_ISSUER) {
cert->issuerST = (char*)&input[srcIdx]; cert->issuerST = (char*)&input[srcIdx];
cert->issuerSTLen = strLen; cert->issuerSTLen = strLen;
cert->issuerSTEnc = (char)b; cert->issuerSTEnc = (char)b;
@@ -14100,13 +14100,13 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
copy = WOLFSSL_ORG_NAME; copy = WOLFSSL_ORG_NAME;
copyLen = sizeof(WOLFSSL_ORG_NAME) - 1; copyLen = sizeof(WOLFSSL_ORG_NAME) - 1;
#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
if (nameType == SUBJECT) { if (nameType == ASN_SUBJECT) {
cert->subjectO = (char*)&input[srcIdx]; cert->subjectO = (char*)&input[srcIdx];
cert->subjectOLen = strLen; cert->subjectOLen = strLen;
cert->subjectOEnc = (char)b; cert->subjectOEnc = (char)b;
} }
#if defined(WOLFSSL_HAVE_ISSUER_NAMES) #if defined(WOLFSSL_HAVE_ISSUER_NAMES)
else if (nameType == ISSUER) { else if (nameType == ASN_ISSUER) {
cert->issuerO = (char*)&input[srcIdx]; cert->issuerO = (char*)&input[srcIdx];
cert->issuerOLen = strLen; cert->issuerOLen = strLen;
cert->issuerOEnc = (char)b; cert->issuerOEnc = (char)b;
@@ -14123,13 +14123,13 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
copy = WOLFSSL_ORGUNIT_NAME; copy = WOLFSSL_ORGUNIT_NAME;
copyLen = sizeof(WOLFSSL_ORGUNIT_NAME) - 1; copyLen = sizeof(WOLFSSL_ORGUNIT_NAME) - 1;
#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
if (nameType == SUBJECT) { if (nameType == ASN_SUBJECT) {
cert->subjectOU = (char*)&input[srcIdx]; cert->subjectOU = (char*)&input[srcIdx];
cert->subjectOULen = strLen; cert->subjectOULen = strLen;
cert->subjectOUEnc = (char)b; cert->subjectOUEnc = (char)b;
} }
#if defined(WOLFSSL_HAVE_ISSUER_NAMES) #if defined(WOLFSSL_HAVE_ISSUER_NAMES)
else if (nameType == ISSUER) { else if (nameType == ASN_ISSUER) {
cert->issuerOU = (char*)&input[srcIdx]; cert->issuerOU = (char*)&input[srcIdx];
cert->issuerOULen = strLen; cert->issuerOULen = strLen;
cert->issuerOUEnc = (char)b; cert->issuerOUEnc = (char)b;
@@ -14146,13 +14146,13 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
copy = WOLFSSL_SERIAL_NUMBER; copy = WOLFSSL_SERIAL_NUMBER;
copyLen = sizeof(WOLFSSL_SERIAL_NUMBER) - 1; copyLen = sizeof(WOLFSSL_SERIAL_NUMBER) - 1;
#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
if (nameType == SUBJECT) { if (nameType == ASN_SUBJECT) {
cert->subjectSND = (char*)&input[srcIdx]; cert->subjectSND = (char*)&input[srcIdx];
cert->subjectSNDLen = strLen; cert->subjectSNDLen = strLen;
cert->subjectSNDEnc = (char)b; cert->subjectSNDEnc = (char)b;
} }
#if defined(WOLFSSL_HAVE_ISSUER_NAMES) #if defined(WOLFSSL_HAVE_ISSUER_NAMES)
else if (nameType == ISSUER) { else if (nameType == ASN_ISSUER) {
cert->issuerSND = (char*)&input[srcIdx]; cert->issuerSND = (char*)&input[srcIdx];
cert->issuerSNDLen = strLen; cert->issuerSNDLen = strLen;
cert->issuerSNDEnc = (char)b; cert->issuerSNDEnc = (char)b;
@@ -14169,7 +14169,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
copy = WOLFSSL_USER_ID; copy = WOLFSSL_USER_ID;
copyLen = sizeof(WOLFSSL_USER_ID) - 1; copyLen = sizeof(WOLFSSL_USER_ID) - 1;
#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
if (nameType == SUBJECT) { if (nameType == ASN_SUBJECT) {
cert->subjectUID = (char*)&input[srcIdx]; cert->subjectUID = (char*)&input[srcIdx];
cert->subjectUIDLen = strLen; cert->subjectUIDLen = strLen;
cert->subjectUIDEnc = (char)b; cert->subjectUIDEnc = (char)b;
@@ -14186,7 +14186,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
copy = WOLFSSL_STREET_ADDR_NAME; copy = WOLFSSL_STREET_ADDR_NAME;
copyLen = sizeof(WOLFSSL_STREET_ADDR_NAME) - 1; copyLen = sizeof(WOLFSSL_STREET_ADDR_NAME) - 1;
#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
if (nameType == SUBJECT) { if (nameType == ASN_SUBJECT) {
cert->subjectStreet = (char*)&input[srcIdx]; cert->subjectStreet = (char*)&input[srcIdx];
cert->subjectStreetLen = strLen; cert->subjectStreetLen = strLen;
cert->subjectStreetEnc = (char)b; cert->subjectStreetEnc = (char)b;
@@ -14202,7 +14202,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
copy = WOLFSSL_BUS_CAT; copy = WOLFSSL_BUS_CAT;
copyLen = sizeof(WOLFSSL_BUS_CAT) - 1; copyLen = sizeof(WOLFSSL_BUS_CAT) - 1;
#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
if (nameType == SUBJECT) { if (nameType == ASN_SUBJECT) {
cert->subjectBC = (char*)&input[srcIdx]; cert->subjectBC = (char*)&input[srcIdx];
cert->subjectBCLen = strLen; cert->subjectBCLen = strLen;
cert->subjectBCEnc = (char)b; cert->subjectBCEnc = (char)b;
@@ -14217,7 +14217,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
copy = WOLFSSL_POSTAL_NAME; copy = WOLFSSL_POSTAL_NAME;
copyLen = sizeof(WOLFSSL_POSTAL_NAME) - 1; copyLen = sizeof(WOLFSSL_POSTAL_NAME) - 1;
#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
if (nameType == SUBJECT) { if (nameType == ASN_SUBJECT) {
cert->subjectPC = (char*)&input[srcIdx]; cert->subjectPC = (char*)&input[srcIdx];
cert->subjectPCLen = strLen; cert->subjectPCLen = strLen;
cert->subjectPCEnc = (char)b; cert->subjectPCEnc = (char)b;
@@ -14256,7 +14256,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
copy = WOLFSSL_JOI_C; copy = WOLFSSL_JOI_C;
copyLen = sizeof(WOLFSSL_JOI_C) - 1; copyLen = sizeof(WOLFSSL_JOI_C) - 1;
#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
if (nameType == SUBJECT) { if (nameType == ASN_SUBJECT) {
cert->subjectJC = (char*)&input[srcIdx]; cert->subjectJC = (char*)&input[srcIdx];
cert->subjectJCLen = strLen; cert->subjectJCLen = strLen;
cert->subjectJCEnc = (char)b; cert->subjectJCEnc = (char)b;
@@ -14274,7 +14274,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
copy = WOLFSSL_JOI_ST; copy = WOLFSSL_JOI_ST;
copyLen = sizeof(WOLFSSL_JOI_ST) - 1; copyLen = sizeof(WOLFSSL_JOI_ST) - 1;
#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
if (nameType == SUBJECT) { if (nameType == ASN_SUBJECT) {
cert->subjectJS = (char*)&input[srcIdx]; cert->subjectJS = (char*)&input[srcIdx];
cert->subjectJSLen = strLen; cert->subjectJSLen = strLen;
cert->subjectJSEnc = (char)b; cert->subjectJSEnc = (char)b;
@@ -14338,13 +14338,13 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
#if !defined(IGNORE_NAME_CONSTRAINTS) || \ #if !defined(IGNORE_NAME_CONSTRAINTS) || \
defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
if (nameType == SUBJECT) { if (nameType == ASN_SUBJECT) {
cert->subjectEmail = (char*)&input[srcIdx]; cert->subjectEmail = (char*)&input[srcIdx];
cert->subjectEmailLen = strLen; cert->subjectEmailLen = strLen;
} }
#if defined(WOLFSSL_HAVE_ISSUER_NAMES) && \ #if defined(WOLFSSL_HAVE_ISSUER_NAMES) && \
(defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)) (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT))
else if (nameType == ISSUER) { else if (nameType == ASN_ISSUER) {
cert->issuerEmail = (char*)&input[srcIdx]; cert->issuerEmail = (char*)&input[srcIdx];
cert->issuerEmailLen = strLen; cert->issuerEmailLen = strLen;
} }
@@ -14446,7 +14446,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
!defined(WOLFCRYPT_ONLY) !defined(WOLFCRYPT_ONLY)
if (nameType == ISSUER) { if (nameType == ASN_ISSUER) {
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY)) && \ #if (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY)) && \
(defined(HAVE_PKCS7) || defined(WOLFSSL_CERT_EXT)) (defined(HAVE_PKCS7) || defined(WOLFSSL_CERT_EXT))
dName->rawLen = min(cert->issuerRawLen, WC_ASN_NAME_MAX); dName->rawLen = min(cert->issuerRawLen, WC_ASN_NAME_MAX);
@@ -14505,14 +14505,14 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
if (ret == 0) { if (ret == 0) {
#if defined(HAVE_PKCS7) || defined(WOLFSSL_CERT_EXT) #if defined(HAVE_PKCS7) || defined(WOLFSSL_CERT_EXT)
/* Store pointer and length to raw issuer. */ /* Store pointer and length to raw issuer. */
if (nameType == ISSUER) { if (nameType == ASN_ISSUER) {
cert->issuerRaw = &input[srcIdx]; cert->issuerRaw = &input[srcIdx];
cert->issuerRawLen = len; cert->issuerRawLen = len;
} }
#endif #endif
#if !defined(IGNORE_NAME_CONSTRAINTS) || defined(WOLFSSL_CERT_EXT) #if !defined(IGNORE_NAME_CONSTRAINTS) || defined(WOLFSSL_CERT_EXT)
/* Store pointer and length to raw subject. */ /* Store pointer and length to raw subject. */
if (nameType == SUBJECT) { if (nameType == ASN_SUBJECT) {
cert->subjectRaw = &input[srcIdx]; cert->subjectRaw = &input[srcIdx];
cert->subjectRawLen = len; cert->subjectRawLen = len;
} }
@@ -14531,7 +14531,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
&srcIdx, maxIdx); &srcIdx, maxIdx);
if (ret == 0) { if (ret == 0) {
/* Put RDN data into certificate. */ /* Put RDN data into certificate. */
ret = GetRDN(cert, full, &idx, &nid, nameType == SUBJECT, ret = GetRDN(cert, full, &idx, &nid, nameType == ASN_SUBJECT,
dataASN); dataASN);
} }
#ifdef WOLFSSL_X509_NAME_AVAILABLE #ifdef WOLFSSL_X509_NAME_AVAILABLE
@@ -14589,7 +14589,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
#ifdef WOLFSSL_X509_NAME_AVAILABLE #ifdef WOLFSSL_X509_NAME_AVAILABLE
/* Store X509_NAME in certificate. */ /* Store X509_NAME in certificate. */
if (nameType == ISSUER) { if (nameType == ASN_ISSUER) {
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \ #if (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
defined(HAVE_LIGHTY)) && \ defined(HAVE_LIGHTY)) && \
(defined(HAVE_PKCS7) || defined(WOLFSSL_CERT_EXT)) (defined(HAVE_PKCS7) || defined(WOLFSSL_CERT_EXT))
@@ -14639,7 +14639,7 @@ enum {
* Either the issuer or subject name. * Either the issuer or subject name.
* *
* @param [in, out] cert Decoded certificate object. * @param [in, out] cert Decoded certificate object.
* @param [in] nameType Type of name being decoded: ISSUER or SUBJECT. * @param [in] nameType Type being decoded: ASN_ISSUER or ASN_SUBJECT.
* @param [in] maxIdx Index of next item after certificate name. * @param [in] maxIdx Index of next item after certificate name.
* @return 0 on success. * @return 0 on success.
* @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or
@@ -14660,7 +14660,7 @@ int GetName(DecodedCert* cert, int nameType, int maxIdx)
WOLFSSL_MSG("Getting Name"); WOLFSSL_MSG("Getting Name");
if (nameType == ISSUER) { if (nameType == ASN_ISSUER) {
full = cert->issuer; full = cert->issuer;
hash = cert->issuerHash; hash = cert->issuerHash;
} }
@@ -14718,7 +14718,7 @@ int GetName(DecodedCert* cert, int nameType, int maxIdx)
cert->srcIdx = dataASN[CERTNAMEASN_IDX_NAME].offset; cert->srcIdx = dataASN[CERTNAMEASN_IDX_NAME].offset;
/* Get fields to fill in based on name type. */ /* Get fields to fill in based on name type. */
if (nameType == ISSUER) { if (nameType == ASN_ISSUER) {
full = cert->issuer; full = cert->issuer;
hash = cert->issuerHash; hash = cert->issuerHash;
} }
@@ -15092,7 +15092,7 @@ static WC_INLINE int DateLessThan(const struct tm* a, const struct tm* b)
/* Make sure before and after dates are valid */ /* Make sure before and after dates are valid */
/* date = ASN.1 raw */ /* date = ASN.1 raw */
/* format = ASN_UTC_TIME or ASN_GENERALIZED_TIME */ /* format = ASN_UTC_TIME or ASN_GENERALIZED_TIME */
/* dateType = AFTER or BEFORE */ /* dateType = ASN_AFTER or ASN_BEFORE */
int wc_ValidateDate(const byte* date, byte format, int dateType) int wc_ValidateDate(const byte* date, byte format, int dateType)
{ {
time_t ltime; time_t ltime;
@@ -15122,14 +15122,14 @@ int wc_ValidateDate(const byte* date, byte format, int dateType)
#endif #endif
#ifdef WOLFSSL_BEFORE_DATE_CLOCK_SKEW #ifdef WOLFSSL_BEFORE_DATE_CLOCK_SKEW
if (dateType == BEFORE) { if (dateType == ASN_BEFORE) {
WOLFSSL_MSG("Skewing local time for before date check"); WOLFSSL_MSG("Skewing local time for before date check");
ltime += WOLFSSL_BEFORE_DATE_CLOCK_SKEW; ltime += WOLFSSL_BEFORE_DATE_CLOCK_SKEW;
} }
#endif #endif
#ifdef WOLFSSL_AFTER_DATE_CLOCK_SKEW #ifdef WOLFSSL_AFTER_DATE_CLOCK_SKEW
if (dateType == AFTER) { if (dateType == ASN_AFTER) {
WOLFSSL_MSG("Skewing local time for after date check"); WOLFSSL_MSG("Skewing local time for after date check");
ltime -= WOLFSSL_AFTER_DATE_CLOCK_SKEW; ltime -= WOLFSSL_AFTER_DATE_CLOCK_SKEW;
} }
@@ -15163,13 +15163,13 @@ int wc_ValidateDate(const byte* date, byte format, int dateType)
return 0; return 0;
} }
if (dateType == BEFORE) { if (dateType == ASN_BEFORE) {
if (DateLessThan(localTime, &certTime)) { if (DateLessThan(localTime, &certTime)) {
WOLFSSL_MSG("Date BEFORE check failed"); WOLFSSL_MSG("Date BEFORE check failed");
return 0; return 0;
} }
} }
else { /* dateType == AFTER */ else { /* dateType == ASN_AFTER */
if (DateGreaterThan(localTime, &certTime)) { if (DateGreaterThan(localTime, &certTime)) {
WOLFSSL_MSG("Date AFTER check failed"); WOLFSSL_MSG("Date AFTER check failed");
return 0; return 0;
@@ -15335,7 +15335,7 @@ static int GetDate(DecodedCert* cert, int dateType, int verify, int maxIdx)
byte format; byte format;
word32 startIdx = 0; word32 startIdx = 0;
if (dateType == BEFORE) if (dateType == ASN_BEFORE)
cert->beforeDate = &cert->source[cert->srcIdx]; cert->beforeDate = &cert->source[cert->srcIdx];
else else
cert->afterDate = &cert->source[cert->srcIdx]; cert->afterDate = &cert->source[cert->srcIdx];
@@ -15349,7 +15349,7 @@ static int GetDate(DecodedCert* cert, int dateType, int verify, int maxIdx)
XMEMSET(date, 0, MAX_DATE_SIZE); XMEMSET(date, 0, MAX_DATE_SIZE);
XMEMCPY(date, datePtr, (size_t)length); XMEMCPY(date, datePtr, (size_t)length);
if (dateType == BEFORE) if (dateType == ASN_BEFORE)
cert->beforeDateLen = (int)(cert->srcIdx - startIdx); cert->beforeDateLen = (int)(cert->srcIdx - startIdx);
else else
cert->afterDateLen = (int)(cert->srcIdx - startIdx); cert->afterDateLen = (int)(cert->srcIdx - startIdx);
@@ -15357,7 +15357,7 @@ static int GetDate(DecodedCert* cert, int dateType, int verify, int maxIdx)
#ifndef NO_ASN_TIME_CHECK #ifndef NO_ASN_TIME_CHECK
if (verify != NO_VERIFY && verify != VERIFY_SKIP_DATE && if (verify != NO_VERIFY && verify != VERIFY_SKIP_DATE &&
!XVALIDATE_DATE(date, format, dateType)) { !XVALIDATE_DATE(date, format, dateType)) {
if (dateType == BEFORE) { if (dateType == ASN_BEFORE) {
WOLFSSL_ERROR_VERBOSE(ASN_BEFORE_DATE_E); WOLFSSL_ERROR_VERBOSE(ASN_BEFORE_DATE_E);
return ASN_BEFORE_DATE_E; return ASN_BEFORE_DATE_E;
} }
@@ -15383,10 +15383,10 @@ static int GetValidity(DecodedCert* cert, int verify, int maxIdx)
maxIdx = (int)cert->srcIdx + length; maxIdx = (int)cert->srcIdx + length;
if (GetDate(cert, BEFORE, verify, maxIdx) < 0) if (GetDate(cert, ASN_BEFORE, verify, maxIdx) < 0)
badDate = ASN_BEFORE_DATE_E; /* continue parsing */ badDate = ASN_BEFORE_DATE_E; /* continue parsing */
if (GetDate(cert, AFTER, verify, maxIdx) < 0) if (GetDate(cert, ASN_AFTER, verify, maxIdx) < 0)
return ASN_AFTER_DATE_E; return ASN_AFTER_DATE_E;
if (badDate != 0) if (badDate != 0)
@@ -15586,7 +15586,7 @@ int wc_GetPubX509(DecodedCert* cert, int verify, int* badDate)
WOLFSSL_MSG("Got Algo ID"); WOLFSSL_MSG("Got Algo ID");
if ( (ret = GetName(cert, ISSUER, (int)cert->sigIndex)) < 0) if ( (ret = GetName(cert, ASN_ISSUER, (int)cert->sigIndex)) < 0)
return ret; return ret;
if ( (ret = GetValidity(cert, verify, (int)cert->sigIndex)) < 0) if ( (ret = GetValidity(cert, verify, (int)cert->sigIndex)) < 0)
@@ -15595,7 +15595,7 @@ int wc_GetPubX509(DecodedCert* cert, int verify, int* badDate)
} }
#endif #endif
if ( (ret = GetName(cert, SUBJECT, (int)cert->sigIndex)) < 0) if ( (ret = GetName(cert, ASN_SUBJECT, (int)cert->sigIndex)) < 0)
return ret; return ret;
WOLFSSL_MSG("Got Subject Name"); WOLFSSL_MSG("Got Subject Name");
@@ -15622,8 +15622,8 @@ int wc_GetPubX509(DecodedCert* cert, int verify, int* badDate)
* @return 0 on success. * @return 0 on success.
* @return ASN_TIME_E when date BER tag is nor UTC or GENERALIZED time. * @return ASN_TIME_E when date BER tag is nor UTC or GENERALIZED time.
* @return ASN_DATE_SZ_E when time data is not supported. * @return ASN_DATE_SZ_E when time data is not supported.
* @return ASN_BEFORE_DATE_E when BEFORE date is invalid. * @return ASN_BEFORE_DATE_E when ASN_BEFORE date is invalid.
* @return ASN_AFTER_DATE_E when AFTER date is invalid. * @return ASN_AFTER_DATE_E when ASN_AFTER date is invalid.
* @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or
* is invalid. * is invalid.
* @return BUFFER_E when data in buffer is too small. * @return BUFFER_E when data in buffer is too small.
@@ -21725,12 +21725,12 @@ enum {
/* Check the data data. /* Check the data data.
* *
* @param [in] dataASN ASN template dynamic data item. * @param [in] dataASN ASN template dynamic data item.
* @param [in] dataType BEFORE or AFTER date. * @param [in] dataType ASN_BEFORE or ASN_AFTER date.
* @return 0 on success. * @return 0 on success.
* @return ASN_TIME_E when BER tag is nor UTC or GENERALIZED time. * @return ASN_TIME_E when BER tag is nor UTC or GENERALIZED time.
* @return ASN_DATE_SZ_E when time data is not supported. * @return ASN_DATE_SZ_E when time data is not supported.
* @return ASN_BEFORE_DATE_E when BEFORE date is invalid. * @return ASN_BEFORE_DATE_E when ASN_BEFORE date is invalid.
* @return ASN_AFTER_DATE_E when AFTER date is invalid. * @return ASN_AFTER_DATE_E when ASN_AFTER date is invalid.
*/ */
static int CheckDate(ASNGetData *dataASN, int dateType) static int CheckDate(ASNGetData *dataASN, int dateType)
{ {
@@ -21748,10 +21748,10 @@ static int CheckDate(ASNGetData *dataASN, int dateType)
} }
#ifndef NO_ASN_TIME_CHECK #ifndef NO_ASN_TIME_CHECK
/* Check date is a valid string and BEFORE or AFTER now. */ /* Check date is a valid string and ASN_BEFORE or ASN_AFTER now. */
if ((ret == 0) && if ((ret == 0) &&
(!XVALIDATE_DATE(dataASN->data.ref.data, dataASN->tag, dateType))) { (!XVALIDATE_DATE(dataASN->data.ref.data, dataASN->tag, dateType))) {
if (dateType == BEFORE) { if (dateType == ASN_BEFORE) {
ret = ASN_BEFORE_DATE_E; ret = ASN_BEFORE_DATE_E;
} }
else { else {
@@ -21776,8 +21776,8 @@ static int CheckDate(ASNGetData *dataASN, int dateType)
* @return ASN_CRIT_EXT_E when a critical extension was not recognized. * @return ASN_CRIT_EXT_E when a critical extension was not recognized.
* @return ASN_TIME_E when date BER tag is nor UTC or GENERALIZED time. * @return ASN_TIME_E when date BER tag is nor UTC or GENERALIZED time.
* @return ASN_DATE_SZ_E when time data is not supported. * @return ASN_DATE_SZ_E when time data is not supported.
* @return ASN_BEFORE_DATE_E when BEFORE date is invalid. * @return ASN_BEFORE_DATE_E when ASN_BEFORE date is invalid.
* @return ASN_AFTER_DATE_E when AFTER date is invalid. * @return ASN_AFTER_DATE_E when ASN_AFTER date is invalid.
* @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or
* is invalid. * is invalid.
* @return BUFFER_E when data in buffer is too small. * @return BUFFER_E when data in buffer is too small.
@@ -21898,27 +21898,27 @@ static int DecodeCertInternal(DecodedCert* cert, int verify, int* criticalExt,
/* No bad date error - don't always care. */ /* No bad date error - don't always care. */
badDate = 0; badDate = 0;
/* Find the item with the BEFORE date and check it. */ /* Find the item with the ASN_BEFORE date and check it. */
i = (dataASN[X509CERTASN_IDX_TBS_VALIDITY_NOTB_UTC].tag != 0) i = (dataASN[X509CERTASN_IDX_TBS_VALIDITY_NOTB_UTC].tag != 0)
? X509CERTASN_IDX_TBS_VALIDITY_NOTB_UTC ? X509CERTASN_IDX_TBS_VALIDITY_NOTB_UTC
: X509CERTASN_IDX_TBS_VALIDITY_NOTB_GT; : X509CERTASN_IDX_TBS_VALIDITY_NOTB_GT;
if ((CheckDate(&dataASN[i], BEFORE) < 0) && (verify != NO_VERIFY) && if ((CheckDate(&dataASN[i], ASN_BEFORE) < 0) && (verify != NO_VERIFY) &&
(verify != VERIFY_SKIP_DATE)) { (verify != VERIFY_SKIP_DATE)) {
badDate = ASN_BEFORE_DATE_E; badDate = ASN_BEFORE_DATE_E;
} }
/* Store reference to BEFOREdate. */ /* Store reference to ASN_BEFORE date. */
cert->beforeDate = GetASNItem_Addr(dataASN[i], cert->source); cert->beforeDate = GetASNItem_Addr(dataASN[i], cert->source);
cert->beforeDateLen = (int)GetASNItem_Length(dataASN[i], cert->source); cert->beforeDateLen = (int)GetASNItem_Length(dataASN[i], cert->source);
/* Find the item with the AFTER date and check it. */ /* Find the item with the ASN_AFTER date and check it. */
i = (dataASN[X509CERTASN_IDX_TBS_VALIDITY_NOTA_UTC].tag != 0) i = (dataASN[X509CERTASN_IDX_TBS_VALIDITY_NOTA_UTC].tag != 0)
? X509CERTASN_IDX_TBS_VALIDITY_NOTA_UTC ? X509CERTASN_IDX_TBS_VALIDITY_NOTA_UTC
: X509CERTASN_IDX_TBS_VALIDITY_NOTA_GT; : X509CERTASN_IDX_TBS_VALIDITY_NOTA_GT;
if ((CheckDate(&dataASN[i], AFTER) < 0) && (verify != NO_VERIFY) && if ((CheckDate(&dataASN[i], ASN_AFTER) < 0) && (verify != NO_VERIFY) &&
(verify != VERIFY_SKIP_DATE)) { (verify != VERIFY_SKIP_DATE)) {
badDate = ASN_AFTER_DATE_E; badDate = ASN_AFTER_DATE_E;
} }
/* Store reference to AFTER date. */ /* Store reference to ASN_AFTER date. */
cert->afterDate = GetASNItem_Addr(dataASN[i], cert->source); cert->afterDate = GetASNItem_Addr(dataASN[i], cert->source);
cert->afterDateLen = (int)GetASNItem_Length(dataASN[i], cert->source); cert->afterDateLen = (int)GetASNItem_Length(dataASN[i], cert->source);
@@ -22049,13 +22049,13 @@ static int DecodeCertInternal(DecodedCert* cert, int verify, int* criticalExt,
if ((ret == 0) && (issuer != NULL)) { if ((ret == 0) && (issuer != NULL)) {
idx = 0; idx = 0;
/* Put issuer into cert and calculate hash. */ /* Put issuer into cert and calculate hash. */
ret = GetCertName(cert, cert->issuer, cert->issuerHash, ISSUER, issuer, ret = GetCertName(cert, cert->issuer, cert->issuerHash, ASN_ISSUER, issuer,
&idx, issuerSz); &idx, issuerSz);
} }
if ((ret == 0) && (subject != NULL)) { if ((ret == 0) && (subject != NULL)) {
idx = 0; idx = 0;
/* Put subject into cert and calculate hash. */ /* Put subject into cert and calculate hash. */
ret = GetCertName(cert, cert->subject, cert->subjectHash, SUBJECT, ret = GetCertName(cert, cert->subject, cert->subjectHash, ASN_SUBJECT,
subject, &idx, subjectSz); subject, &idx, subjectSz);
} }
if (ret == 0) { if (ret == 0) {
@@ -22117,8 +22117,8 @@ static int DecodeCertInternal(DecodedCert* cert, int verify, int* criticalExt,
* @return ASN_CRIT_EXT_E when a critical extension was not recognized. * @return ASN_CRIT_EXT_E when a critical extension was not recognized.
* @return ASN_TIME_E when date BER tag is nor UTC or GENERALIZED time. * @return ASN_TIME_E when date BER tag is nor UTC or GENERALIZED time.
* @return ASN_DATE_SZ_E when time data is not supported. * @return ASN_DATE_SZ_E when time data is not supported.
* @return ASN_BEFORE_DATE_E when BEFORE date is invalid. * @return ASN_BEFORE_DATE_E when ASN_BEFORE date is invalid.
* @return ASN_AFTER_DATE_E when AFTER date is invalid. * @return ASN_AFTER_DATE_E when ASN_AFTER date is invalid.
* @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or
* is invalid. * is invalid.
* @return BUFFER_E when data in buffer is too small. * @return BUFFER_E when data in buffer is too small.
@@ -22463,7 +22463,7 @@ static int DecodeCertReq(DecodedCert* cert, int* criticalExt)
/* Parse the subject name. */ /* Parse the subject name. */
idx = dataASN[CERTREQASN_IDX_INFO_SUBJ_SEQ].offset; idx = dataASN[CERTREQASN_IDX_INFO_SUBJ_SEQ].offset;
ret = GetCertName(cert, cert->subject, cert->subjectHash, SUBJECT, ret = GetCertName(cert, cert->subject, cert->subjectHash, ASN_SUBJECT,
cert->source, &idx, cert->source, &idx,
dataASN[CERTREQASN_IDX_INFO_SPUBKEYINFO_SEQ].offset); dataASN[CERTREQASN_IDX_INFO_SPUBKEYINFO_SEQ].offset);
} }
@@ -35811,7 +35811,7 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size,
#ifndef NO_ASN_TIME_CHECK #ifndef NO_ASN_TIME_CHECK
#ifndef WOLFSSL_NO_OCSP_DATE_CHECK #ifndef WOLFSSL_NO_OCSP_DATE_CHECK
if (!XVALIDATE_DATE(single->status->thisDate, single->status->thisDateFormat, BEFORE)) if (!XVALIDATE_DATE(single->status->thisDate, single->status->thisDateFormat, ASN_BEFORE))
return ASN_BEFORE_DATE_E; return ASN_BEFORE_DATE_E;
#endif #endif
#endif #endif
@@ -35847,7 +35847,7 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size,
#ifndef NO_ASN_TIME_CHECK #ifndef NO_ASN_TIME_CHECK
#ifndef WOLFSSL_NO_OCSP_DATE_CHECK #ifndef WOLFSSL_NO_OCSP_DATE_CHECK
if (!XVALIDATE_DATE(single->status->nextDate, single->status->nextDateFormat, AFTER)) if (!XVALIDATE_DATE(single->status->nextDate, single->status->nextDateFormat, ASN_AFTER))
return ASN_AFTER_DATE_E; return ASN_AFTER_DATE_E;
#endif #endif
#endif #endif
@@ -35955,8 +35955,8 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size,
/* Store the thisDate format - only one possible. */ /* Store the thisDate format - only one possible. */
cs->thisDateFormat = ASN_GENERALIZED_TIME; cs->thisDateFormat = ASN_GENERALIZED_TIME;
#if !defined(NO_ASN_TIME_CHECK) && !defined(WOLFSSL_NO_OCSP_DATE_CHECK) #if !defined(NO_ASN_TIME_CHECK) && !defined(WOLFSSL_NO_OCSP_DATE_CHECK)
/* Check date is a valid string and BEFORE now. */ /* Check date is a valid string and ASN_BEFORE now. */
if (!XVALIDATE_DATE(cs->thisDate, ASN_GENERALIZED_TIME, BEFORE)) { if (!XVALIDATE_DATE(cs->thisDate, ASN_GENERALIZED_TIME, ASN_BEFORE)) {
ret = ASN_BEFORE_DATE_E; ret = ASN_BEFORE_DATE_E;
} }
} }
@@ -35978,8 +35978,8 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size,
/* Store the nextDate format - only one possible. */ /* Store the nextDate format - only one possible. */
cs->nextDateFormat = ASN_GENERALIZED_TIME; cs->nextDateFormat = ASN_GENERALIZED_TIME;
#if !defined(NO_ASN_TIME_CHECK) && !defined(WOLFSSL_NO_OCSP_DATE_CHECK) #if !defined(NO_ASN_TIME_CHECK) && !defined(WOLFSSL_NO_OCSP_DATE_CHECK)
/* Check date is a valid string and AFTER now. */ /* Check date is a valid string and ASN_AFTER now. */
if (!XVALIDATE_DATE(cs->nextDate, ASN_GENERALIZED_TIME, AFTER)) { if (!XVALIDATE_DATE(cs->nextDate, ASN_GENERALIZED_TIME, ASN_AFTER)) {
ret = ASN_AFTER_DATE_E; ret = ASN_AFTER_DATE_E;
} }
} }
@@ -38011,7 +38011,7 @@ static int ParseCRL_CertList(RevokedCert* rcert, DecodedCRL* dcrl,
{ {
#if !defined(NO_ASN_TIME) && !defined(WOLFSSL_NO_CRL_DATE_CHECK) #if !defined(NO_ASN_TIME) && !defined(WOLFSSL_NO_CRL_DATE_CHECK)
if (verify != NO_VERIFY && if (verify != NO_VERIFY &&
!XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat, AFTER)) { !XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat, ASN_AFTER)) {
WOLFSSL_MSG("CRL after date is no longer valid"); WOLFSSL_MSG("CRL after date is no longer valid");
WOLFSSL_ERROR_VERBOSE(CRL_CERT_DATE_ERR); WOLFSSL_ERROR_VERBOSE(CRL_CERT_DATE_ERR);
return CRL_CERT_DATE_ERR; return CRL_CERT_DATE_ERR;
@@ -38627,7 +38627,7 @@ end:
if (dcrl->nextDateFormat != 0) { if (dcrl->nextDateFormat != 0) {
/* Next date was set, so validate it. */ /* Next date was set, so validate it. */
if (verify != NO_VERIFY && if (verify != NO_VERIFY &&
!XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat, AFTER)) { !XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat, ASN_AFTER)) {
WOLFSSL_MSG("CRL after date is no longer valid"); WOLFSSL_MSG("CRL after date is no longer valid");
ret = CRL_CERT_DATE_ERR; ret = CRL_CERT_DATE_ERR;
WOLFSSL_ERROR_VERBOSE(ret); WOLFSSL_ERROR_VERBOSE(ret);

2
wolfssl/openssl/ssl.h
View File

@@ -835,7 +835,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#define COMP_zlib wolfSSL_COMP_zlib #define COMP_zlib wolfSSL_COMP_zlib
#define COMP_rle wolfSSL_COMP_rle #define COMP_rle wolfSSL_COMP_rle
#define SSL_COMP_add_compression_method wolfSSL_COMP_add_compression_method #define SSL_COMP_add_compression_method wolfSSL_COMP_add_compression_method
#define COMP_get_name wolfSSL_COMP_get_name #define SSL_COMP_get_name wolfSSL_COMP_get_name
#define SSL_get_current_compression wolfSSL_get_current_compression #define SSL_get_current_compression wolfSSL_get_current_compression
#define SSL_get_current_expansion wolfSSL_get_current_expansion #define SSL_get_current_expansion wolfSSL_get_current_expansion

8
wolfssl/wolfcrypt/asn.h
View File

@@ -76,11 +76,11 @@ that can be serialized and deserialized in a cross-platform way.
#endif #endif
enum { enum {
ISSUER = 0, ASN_ISSUER = 0,
SUBJECT = 1, ASN_SUBJECT = 1,
BEFORE = 0, ASN_BEFORE = 0,
AFTER = 1 ASN_AFTER = 1
}; };
/* ASN Tags */ /* ASN Tags */