mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2025-07-31 19:24:42 +02:00
Merge pull request #4168 from JacobBarthelmeh/wolfCLU
function additions and fixes for expansion of wolfCLU
This commit is contained in:
David Garske
GitHub
99
src/ssl.c
99
src/ssl.c
@@ -9662,6 +9662,18 @@ int wolfSSL_X509_EXTENSION_get_critical(const WOLFSSL_X509_EXTENSION* ex)
|
|||||||
return ex->crit;
|
return ex->crit;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Sets if the extension is critical
|
||||||
|
* returns WOLFSSL_SUCCESS on success
|
||||||
|
*/
|
||||||
|
int wolfSSL_X509_EXTENSION_set_critical(WOLFSSL_X509_EXTENSION* ex, int crit)
|
||||||
|
{
|
||||||
|
WOLFSSL_ENTER("wolfSSL_X509_EXTENSION_set_critical");
|
||||||
|
if (ex == NULL)
|
||||||
|
return WOLFSSL_FAILURE;
|
||||||
|
ex->crit = crit;
|
||||||
|
return WOLFSSL_SUCCESS;
|
||||||
|
}
|
||||||
|
|
||||||
/* Creates v3_ext_method for a given X509v3 extension
|
/* Creates v3_ext_method for a given X509v3 extension
|
||||||
*
|
*
|
||||||
* ex : The X509_EXTENSION used to create v3_ext_method. If the extension is
|
* ex : The X509_EXTENSION used to create v3_ext_method. If the extension is
|
||||||
@@ -10888,6 +10900,12 @@ WOLFSSL_X509_EXTENSION *wolfSSL_X509V3_EXT_i2d(int nid, int crit,
|
|||||||
else {
|
else {
|
||||||
ext->value.data = ext->value.strData;
|
ext->value.data = ext->value.strData;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (!(ext->obj = wolfSSL_OBJ_nid2obj(nid))) {
|
||||||
|
WOLFSSL_MSG("wolfSSL_ASN1_OBJECT_new failed");
|
||||||
|
goto err_cleanup;
|
||||||
|
}
|
||||||
|
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case NID_subject_alt_name:
|
case NID_subject_alt_name:
|
||||||
@@ -10943,6 +10961,12 @@ WOLFSSL_X509_EXTENSION *wolfSSL_X509V3_EXT_i2d(int nid, int crit,
|
|||||||
goto err_cleanup;
|
goto err_cleanup;
|
||||||
}
|
}
|
||||||
ext->value.type = akey->keyid->type;
|
ext->value.type = akey->keyid->type;
|
||||||
|
|
||||||
|
if (!(ext->obj = wolfSSL_OBJ_nid2obj(nid))) {
|
||||||
|
WOLFSSL_MSG("wolfSSL_ASN1_OBJECT_new failed");
|
||||||
|
goto err_cleanup;
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
else if (akey->issuer) {
|
else if (akey->issuer) {
|
||||||
ext->obj = wolfSSL_ASN1_OBJECT_dup(akey->issuer);
|
ext->obj = wolfSSL_ASN1_OBJECT_dup(akey->issuer);
|
||||||
@@ -10996,6 +11020,28 @@ WOLFSSL_ASN1_OBJECT* wolfSSL_X509_EXTENSION_get_object \
|
|||||||
return NULL;
|
return NULL;
|
||||||
return ext->obj;
|
return ext->obj;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* duplicates the 'obj' input and sets it into the 'ext' structure
|
||||||
|
* returns WOLFSSL_SUCCESS on success
|
||||||
|
*/
|
||||||
|
int wolfSSL_X509_EXTENSION_set_object(WOLFSSL_X509_EXTENSION* ext,
|
||||||
|
const WOLFSSL_ASN1_OBJECT* obj)
|
||||||
|
{
|
||||||
|
WOLFSSL_ASN1_OBJECT *current;
|
||||||
|
|
||||||
|
WOLFSSL_ENTER("wolfSSL_X509_EXTENSION_set_object");
|
||||||
|
if (ext == NULL)
|
||||||
|
return WOLFSSL_FAILURE;
|
||||||
|
|
||||||
|
current = wolfSSL_X509_EXTENSION_get_object(ext);
|
||||||
|
if (current != NULL) {
|
||||||
|
wolfSSL_ASN1_OBJECT_free(current);
|
||||||
|
}
|
||||||
|
ext->obj = wolfSSL_ASN1_OBJECT_dup((WOLFSSL_ASN1_OBJECT*)obj);
|
||||||
|
return WOLFSSL_SUCCESS;
|
||||||
|
}
|
||||||
#endif /* OPENSSL_ALL */
|
#endif /* OPENSSL_ALL */
|
||||||
|
|
||||||
/* Returns pointer to ASN1_STRING in X509_EXTENSION object */
|
/* Returns pointer to ASN1_STRING in X509_EXTENSION object */
|
||||||
@@ -11007,6 +11053,27 @@ WOLFSSL_ASN1_STRING* wolfSSL_X509_EXTENSION_get_data(WOLFSSL_X509_EXTENSION* ext
|
|||||||
return &ext->value;
|
return &ext->value;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Creates a duplicate of input 'data' and sets it into 'ext' structure
|
||||||
|
* returns WOLFSSL_SUCCESS on success
|
||||||
|
*/
|
||||||
|
int wolfSSL_X509_EXTENSION_set_data(WOLFSSL_X509_EXTENSION* ext,
|
||||||
|
WOLFSSL_ASN1_STRING* data)
|
||||||
|
{
|
||||||
|
WOLFSSL_ASN1_STRING* current;
|
||||||
|
|
||||||
|
if (ext == NULL || data == NULL)
|
||||||
|
return WOLFSSL_FAILURE;
|
||||||
|
|
||||||
|
current = wolfSSL_X509_EXTENSION_get_data(ext);
|
||||||
|
if (current->length > 0 && current->data != NULL && current->isDynamic) {
|
||||||
|
XFREE(current->data, NULL, DYNAMIC_TYPE_OPENSSL);
|
||||||
|
}
|
||||||
|
|
||||||
|
return wolfSSL_ASN1_STRING_copy(&ext->value, data);
|
||||||
|
}
|
||||||
|
|
||||||
#if !defined(NO_PWDBASED)
|
#if !defined(NO_PWDBASED)
|
||||||
int wolfSSL_X509_digest(const WOLFSSL_X509* x509, const WOLFSSL_EVP_MD* digest,
|
int wolfSSL_X509_digest(const WOLFSSL_X509* x509, const WOLFSSL_EVP_MD* digest,
|
||||||
unsigned char* buf, unsigned int* len)
|
unsigned char* buf, unsigned int* len)
|
||||||
@@ -41085,10 +41152,13 @@ cleanup:
|
|||||||
WC_RNG rng;
|
WC_RNG rng;
|
||||||
|
|
||||||
(void)req;
|
(void)req;
|
||||||
|
WOLFSSL_ENTER("wolfSSL_X509_resign_cert");
|
||||||
|
|
||||||
sigType = wolfSSL_sigTypeFromPKEY(md, pkey);
|
sigType = wolfSSL_sigTypeFromPKEY(md, pkey);
|
||||||
if (sigType == WOLFSSL_FAILURE)
|
if (sigType == WOLFSSL_FAILURE) {
|
||||||
|
WOLFSSL_MSG("Error getting signature type from pkey");
|
||||||
return WOLFSSL_FATAL_ERROR;
|
return WOLFSSL_FATAL_ERROR;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
/* Get the private key object and type from pkey. */
|
/* Get the private key object and type from pkey. */
|
||||||
@@ -41111,8 +41181,10 @@ cleanup:
|
|||||||
return ret;
|
return ret;
|
||||||
ret = wc_SignCert_ex(certBodySz, sigType, der, derSz, type, key, &rng);
|
ret = wc_SignCert_ex(certBodySz, sigType, der, derSz, type, key, &rng);
|
||||||
wc_FreeRng(&rng);
|
wc_FreeRng(&rng);
|
||||||
if (ret < 0)
|
if (ret < 0) {
|
||||||
|
WOLFSSL_LEAVE("wolfSSL_X509_resign_cert", ret);
|
||||||
return ret;
|
return ret;
|
||||||
|
}
|
||||||
derSz = ret;
|
derSz = ret;
|
||||||
|
|
||||||
/* Extract signature from buffer */
|
/* Extract signature from buffer */
|
||||||
@@ -45354,6 +45426,19 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_EVP(WOLFSSL_EVP_PKEY** out,
|
|||||||
}
|
}
|
||||||
XMEMCPY(pkey->pkey.ptr, mem, keyIdx);
|
XMEMCPY(pkey->pkey.ptr, mem, keyIdx);
|
||||||
pkey->type = EVP_PKEY_EC;
|
pkey->type = EVP_PKEY_EC;
|
||||||
|
|
||||||
|
pkey->ownEcc = 1;
|
||||||
|
pkey->ecc = wolfSSL_EC_KEY_new();
|
||||||
|
if (pkey->ecc == NULL) {
|
||||||
|
wolfSSL_EVP_PKEY_free(pkey);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
if (wolfSSL_EC_KEY_LoadDer(pkey->ecc,
|
||||||
|
(const unsigned char*)pkey->pkey.ptr, pkey->pkey_sz)
|
||||||
|
!= WOLFSSL_SUCCESS) {
|
||||||
|
wolfSSL_EVP_PKEY_free(pkey);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
if (out != NULL) {
|
if (out != NULL) {
|
||||||
*out = pkey;
|
*out = pkey;
|
||||||
}
|
}
|
||||||
@@ -53595,15 +53680,21 @@ void wolfSSL_X509_REQ_free(WOLFSSL_X509* req)
|
|||||||
int wolfSSL_X509_REQ_sign(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey,
|
int wolfSSL_X509_REQ_sign(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey,
|
||||||
const WOLFSSL_EVP_MD *md)
|
const WOLFSSL_EVP_MD *md)
|
||||||
{
|
{
|
||||||
|
int ret;
|
||||||
byte der[2048];
|
byte der[2048];
|
||||||
int derSz = sizeof(der);
|
int derSz = sizeof(der);
|
||||||
|
|
||||||
if (req == NULL || pkey == NULL || md == NULL)
|
if (req == NULL || pkey == NULL || md == NULL) {
|
||||||
|
WOLFSSL_LEAVE("wolfSSL_X509_REQ_sign", BAD_FUNC_ARG);
|
||||||
return WOLFSSL_FAILURE;
|
return WOLFSSL_FAILURE;
|
||||||
|
}
|
||||||
|
|
||||||
/* Create a Cert that has the certificate request fields. */
|
/* Create a Cert that has the certificate request fields. */
|
||||||
req->sigOID = wolfSSL_sigTypeFromPKEY((WOLFSSL_EVP_MD*)md, pkey);
|
req->sigOID = wolfSSL_sigTypeFromPKEY((WOLFSSL_EVP_MD*)md, pkey);
|
||||||
if (wolfssl_x509_make_der(req, 1, der, &derSz, 0) != WOLFSSL_SUCCESS) {
|
if ((ret = wolfssl_x509_make_der(req, 1, der, &derSz, 0))
|
||||||
|
!= WOLFSSL_SUCCESS) {
|
||||||
|
WOLFSSL_MSG("Unable to make DER for X509");
|
||||||
|
WOLFSSL_LEAVE("wolfSSL_X509_REQ_sign", ret);
|
||||||
return WOLFSSL_FAILURE;
|
return WOLFSSL_FAILURE;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
22
tests/api.c
22
tests/api.c
@@ -27832,6 +27832,7 @@ static void test_wolfSSL_certs(void)
|
|||||||
#ifdef OPENSSL_ALL
|
#ifdef OPENSSL_ALL
|
||||||
X509* x509;
|
X509* x509;
|
||||||
WOLFSSL_X509_EXTENSION* ext;
|
WOLFSSL_X509_EXTENSION* ext;
|
||||||
|
ASN1_OBJECT* obj;
|
||||||
#endif
|
#endif
|
||||||
WOLFSSL* ssl;
|
WOLFSSL* ssl;
|
||||||
WOLFSSL_CTX* ctx;
|
WOLFSSL_CTX* ctx;
|
||||||
@@ -27906,12 +27907,31 @@ static void test_wolfSSL_certs(void)
|
|||||||
bc = (BASIC_CONSTRAINTS*)X509_get_ext_d2i(x509ext, NID_basic_constraints,
|
bc = (BASIC_CONSTRAINTS*)X509_get_ext_d2i(x509ext, NID_basic_constraints,
|
||||||
&crit, NULL);
|
&crit, NULL);
|
||||||
AssertNotNull(bc);
|
AssertNotNull(bc);
|
||||||
|
AssertIntEQ(crit, 0);
|
||||||
|
|
||||||
#ifdef OPENSSL_ALL
|
#ifdef OPENSSL_ALL
|
||||||
ext = X509V3_EXT_i2d(NID_basic_constraints, crit, bc);
|
ext = X509V3_EXT_i2d(NID_basic_constraints, crit, bc);
|
||||||
AssertNotNull(ext);
|
AssertNotNull(ext);
|
||||||
X509_EXTENSION_free(ext);
|
X509_EXTENSION_free(ext);
|
||||||
|
|
||||||
|
AssertNotNull(ext = X509_EXTENSION_new());
|
||||||
|
X509_EXTENSION_set_critical(ext, 1);
|
||||||
|
AssertNotNull(obj = OBJ_nid2obj(NID_basic_constraints));
|
||||||
|
AssertIntEQ(X509_EXTENSION_set_object(ext, obj), SSL_SUCCESS);
|
||||||
|
ASN1_OBJECT_free(obj);
|
||||||
|
X509_EXTENSION_free(ext);
|
||||||
|
|
||||||
|
AssertNotNull(ext = X509_EXTENSION_new());
|
||||||
|
X509_EXTENSION_set_critical(ext, 0);
|
||||||
|
AssertIntEQ(X509_EXTENSION_set_data(ext, NULL), SSL_FAILURE);
|
||||||
|
asn1_str = (ASN1_STRING*)X509_get_ext_d2i(x509ext, NID_key_usage, &crit,
|
||||||
|
NULL);
|
||||||
|
AssertIntEQ(X509_EXTENSION_set_data(ext, asn1_str), SSL_SUCCESS);
|
||||||
|
ASN1_STRING_free(asn1_str); /* X509_EXTENSION_set_data has made a copy
|
||||||
|
* and X509_get_ext_d2i has created new */
|
||||||
|
X509_EXTENSION_free(ext);
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
AssertIntEQ(crit, 0);
|
|
||||||
BASIC_CONSTRAINTS_free(bc);
|
BASIC_CONSTRAINTS_free(bc);
|
||||||
|
|
||||||
asn1_str = (ASN1_STRING*)X509_get_ext_d2i(x509ext, NID_key_usage, &crit, NULL);
|
asn1_str = (ASN1_STRING*)X509_get_ext_d2i(x509ext, NID_key_usage, &crit, NULL);
|
||||||
|
|||||||
@@ -67,4 +67,8 @@
|
|||||||
|
|
||||||
#define XN_FLAG_MULTILINE 0xFFFF
|
#define XN_FLAG_MULTILINE 0xFFFF
|
||||||
|
|
||||||
|
#define X509_EXTENSION_set_critical wolfSSL_X509_EXTENSION_set_critical
|
||||||
|
#define X509_EXTENSION_set_object wolfSSL_X509_EXTENSION_set_object
|
||||||
|
#define X509_EXTENSION_set_data wolfSSL_X509_EXTENSION_set_data
|
||||||
|
|
||||||
#endif /* WOLFSSL_OPENSSL_509_H_ */
|
#endif /* WOLFSSL_OPENSSL_509_H_ */
|
||||||
|
|||||||
@@ -1623,6 +1623,7 @@ WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_get_subject_name(
|
|||||||
WOLFSSL_API unsigned long wolfSSL_X509_subject_name_hash(const WOLFSSL_X509* x509);
|
WOLFSSL_API unsigned long wolfSSL_X509_subject_name_hash(const WOLFSSL_X509* x509);
|
||||||
WOLFSSL_API int wolfSSL_X509_ext_isSet_by_NID(WOLFSSL_X509*, int);
|
WOLFSSL_API int wolfSSL_X509_ext_isSet_by_NID(WOLFSSL_X509*, int);
|
||||||
WOLFSSL_API int wolfSSL_X509_ext_get_critical_by_NID(WOLFSSL_X509*, int);
|
WOLFSSL_API int wolfSSL_X509_ext_get_critical_by_NID(WOLFSSL_X509*, int);
|
||||||
|
WOLFSSL_API int wolfSSL_X509_EXTENSION_set_critical(WOLFSSL_X509_EXTENSION*, int);
|
||||||
WOLFSSL_API int wolfSSL_X509_get_isCA(WOLFSSL_X509*);
|
WOLFSSL_API int wolfSSL_X509_get_isCA(WOLFSSL_X509*);
|
||||||
WOLFSSL_API int wolfSSL_X509_get_isSet_pathLength(WOLFSSL_X509*);
|
WOLFSSL_API int wolfSSL_X509_get_isSet_pathLength(WOLFSSL_X509*);
|
||||||
WOLFSSL_API unsigned int wolfSSL_X509_get_pathLength(WOLFSSL_X509*);
|
WOLFSSL_API unsigned int wolfSSL_X509_get_pathLength(WOLFSSL_X509*);
|
||||||
@@ -3892,7 +3893,11 @@ WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_new_x509_ext(void);
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_X509_EXTENSION_get_object(WOLFSSL_X509_EXTENSION* ext);
|
WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_X509_EXTENSION_get_object(WOLFSSL_X509_EXTENSION* ext);
|
||||||
|
WOLFSSL_API int wolfSSL_X509_EXTENSION_set_object(WOLFSSL_X509_EXTENSION* ext,
|
||||||
|
const WOLFSSL_ASN1_OBJECT* obj);
|
||||||
WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_X509_EXTENSION_get_data(WOLFSSL_X509_EXTENSION* ext);
|
WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_X509_EXTENSION_get_data(WOLFSSL_X509_EXTENSION* ext);
|
||||||
|
WOLFSSL_API int wolfSSL_X509_EXTENSION_set_data(WOLFSSL_X509_EXTENSION* ext,
|
||||||
|
WOLFSSL_ASN1_STRING* data);
|
||||||
#endif /* !NO_CERTS */
|
#endif /* !NO_CERTS */
|
||||||
|
|
||||||
WOLFSSL_API WOLFSSL_DH *wolfSSL_DSA_dup_DH(const WOLFSSL_DSA *r);
|
WOLFSSL_API WOLFSSL_DH *wolfSSL_DSA_dup_DH(const WOLFSSL_DSA *r);
|
||||||
|
|||||||
Reference in New Issue
Block a user