diff --git a/src/x509.c b/src/x509.c index de8033db7..c9a6baa82 100644 --- a/src/x509.c +++ b/src/x509.c @@ -5195,840 +5195,1070 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b) #ifdef OPENSSL_EXTRA #ifndef NO_BIO -#ifdef XSNPRINTF /* a snprintf function needs to be available */ - /* Writes the human readable form of x509 to bio. - * - * bio WOLFSSL_BIO to write to. - * x509 Certificate to write. - * - * returns WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure - */ - int wolfSSL_X509_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, - unsigned long nmflags, unsigned long cflag) +static int X509PrintSubjAltName(WOLFSSL_BIO* bio, WOLFSSL_X509* x509) +{ + int ret = WOLFSSL_SUCCESS; + int nameCount = 0; + DNS_entry* entry; + + if (bio == NULL || x509 == NULL) { + ret = WOLFSSL_FAILURE; + } + + if (ret == WOLFSSL_SUCCESS && x509->subjAltNameSet + && x509->altNames != NULL) { + if (wolfSSL_BIO_write(bio, + " X509v3 Subject Alternative Name: ", 45) <= 0) { + ret = WOLFSSL_FAILURE; + } + if (ret == WOLFSSL_SUCCESS && x509->subjAltNameCrit && + wolfSSL_BIO_write(bio, "critical", (int)XSTRLEN("critical")) <= 0) { + ret = WOLFSSL_FAILURE; + } + if (ret == WOLFSSL_SUCCESS && + wolfSSL_BIO_write(bio, "\n ", 17) <= 0) { + ret = WOLFSSL_FAILURE; + } + + if (ret == WOLFSSL_SUCCESS) { + entry = x509->altNames; + while (entry != NULL) { + ++nameCount; + if (nameCount > 1) { + if (wolfSSL_BIO_write(bio, ", ", 2) <= 0) { + ret = WOLFSSL_FAILURE; + break; + } + } + + if (entry->type == ASN_DNS_TYPE) { + if (entry->name == NULL) { + WOLFSSL_MSG("NULL DNS alt name."); + ret = WOLFSSL_FAILURE; + break; + } + if (wolfSSL_BIO_write(bio, "DNS:", 4) <= 0) { + ret = WOLFSSL_FAILURE; + break; + } + if (wolfSSL_BIO_write(bio, entry->name, + (int)XSTRLEN(entry->name)) + <= 0) { + ret = WOLFSSL_FAILURE; + break; + } + } + #if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME) + else if (entry->type == ASN_IP_TYPE) { + if (entry->ipString == NULL) { + WOLFSSL_MSG("NULL IP address alt name."); + ret = WOLFSSL_FAILURE; + break; + } + if (wolfSSL_BIO_write(bio, "IP Address:", 11) <= 0) { + ret = WOLFSSL_FAILURE; + break; + } + if (wolfSSL_BIO_write(bio, entry->ipString, + (int)XSTRLEN(entry->ipString)) <= 0) { + ret = WOLFSSL_FAILURE; + break; + } + } + #endif /* OPENSSL_ALL || WOLFSSL_IP_ALT_NAME */ + else { + WOLFSSL_MSG("Bad alt name type."); + ret = WOLFSSL_FAILURE; + break; + } + + entry = entry->next; + } + } + + if (ret == WOLFSSL_SUCCESS && wolfSSL_BIO_write(bio, "\n", 1) <= 0) { + ret = WOLFSSL_FAILURE; + } + } + + return ret; +} + +#ifdef XSNPRINTF +static int X509PrintKeyUsage(WOLFSSL_BIO* bio, WOLFSSL_X509* x509) +{ + int ret = WOLFSSL_SUCCESS; + word32 i = 0; + int usageCount = 0; + const int usages[] = { + KEYUSE_DIGITAL_SIG, + KEYUSE_CONTENT_COMMIT, + KEYUSE_KEY_ENCIPHER, + KEYUSE_DATA_ENCIPHER, + KEYUSE_KEY_AGREE, + KEYUSE_KEY_CERT_SIGN, + KEYUSE_CRL_SIGN, + KEYUSE_ENCIPHER_ONLY, + KEYUSE_DECIPHER_ONLY + }; + const char* usageStrs[] = { + "Digital Signature", + "Non Repudiation", + "Key Encipherment", + "Data Encipherment", + "Key Agreement", + "Certificate Sign", + "CRL Sign", + "Encipher Only", + "Decipher Only" + }; + + if (bio == NULL || x509 == NULL) { + ret = WOLFSSL_FAILURE; + } + + if (ret == WOLFSSL_SUCCESS && x509->keyUsageSet + && x509->keyUsage != 0) { + if (wolfSSL_BIO_write(bio, " X509v3 Key Usage: ", 30) <= 0) { + ret = WOLFSSL_FAILURE; + } + if (ret == WOLFSSL_SUCCESS && x509->keyUsageCrit && + wolfSSL_BIO_write(bio, "critical", 8) <= 0) { + ret = WOLFSSL_FAILURE; + } + if (ret == WOLFSSL_SUCCESS && + wolfSSL_BIO_write(bio, "\n ", 17) <= 0) { + ret = WOLFSSL_FAILURE; + } + for (; ret == WOLFSSL_SUCCESS && i < sizeof(usages) / sizeof(usages[i]); + i++) { + if (x509->keyUsage & usages[i]) { + ++usageCount; + if (usageCount > 1 && wolfSSL_BIO_write(bio, ", ", 2) <= 0) { + ret = WOLFSSL_FAILURE; + break; + } + if (wolfSSL_BIO_write(bio, usageStrs[i], + (int)XSTRLEN(usageStrs[i])) <= 0) { + ret = WOLFSSL_FAILURE; + break; + } + } + } + if (ret == WOLFSSL_SUCCESS && wolfSSL_BIO_write(bio, "\n", 1) <= 0) { + ret = WOLFSSL_FAILURE; + } + } + + return ret; +} + +static int X509PrintExtendedKeyUsage(WOLFSSL_BIO* bio, WOLFSSL_X509* x509) +{ + int ret = WOLFSSL_SUCCESS; + word32 i = 0; + int usageCount = 0; + const int usages[] = { + EXTKEYUSE_OCSP_SIGN, + EXTKEYUSE_TIMESTAMP, + EXTKEYUSE_EMAILPROT, + EXTKEYUSE_CODESIGN, + EXTKEYUSE_CLIENT_AUTH, + EXTKEYUSE_SERVER_AUTH + }; + const char* usageStrs[] = { + "OCSP Signing", + "Time Stamping", + "E-mail Protection", + "Code Signing", + "TLS Web Client Authentication", + "TLS Web Server Authentication" + }; + + if (bio == NULL || x509 == NULL) { + ret = WOLFSSL_FAILURE; + } + + if (ret == WOLFSSL_SUCCESS && x509->extKeyUsageCount > 0 + && x509->extKeyUsage != 0) { + + if (wolfSSL_BIO_write(bio, + " X509v3 Extended Key Usage: ", 39) <= 0) { + ret = WOLFSSL_FAILURE; + } + if (ret == WOLFSSL_SUCCESS && x509->extKeyUsageCrit && + wolfSSL_BIO_write(bio, "critical", 8) <= 0) { + ret = WOLFSSL_FAILURE; + } + if (ret == WOLFSSL_SUCCESS && + wolfSSL_BIO_write(bio, "\n ", 17) <= 0) { + ret = WOLFSSL_FAILURE; + } + for (; ret == WOLFSSL_SUCCESS && i < sizeof(usages) / sizeof(usages[i]); + i++) { + if (x509->extKeyUsage & usages[i]) { + ++usageCount; + if (usageCount > 1 && wolfSSL_BIO_write(bio, ", ", 2) <= 0) { + ret = WOLFSSL_FAILURE; + break; + } + if (wolfSSL_BIO_write(bio, usageStrs[i], + (int)XSTRLEN(usageStrs[i])) <= 0) { + ret = WOLFSSL_FAILURE; + break; + } + } + } + if (ret == WOLFSSL_SUCCESS && wolfSSL_BIO_write(bio, "\n", 1) <= 0) { + ret = WOLFSSL_FAILURE; + } + } + + return ret; +} + +/* Writes the human readable form of x509 to bio. + * + * bio WOLFSSL_BIO to write to. + * x509 Certificate to write. + * + * returns WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure + */ +int wolfSSL_X509_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, + unsigned long nmflags, unsigned long cflag) +{ + WOLFSSL_ENTER("wolfSSL_X509_print_ex"); + + /* flags currently not supported */ + (void)nmflags; + (void)cflag; + + if (bio == NULL || x509 == NULL) { + return WOLFSSL_FAILURE; + } + + if (wolfSSL_BIO_write(bio, "Certificate:\n", + (int)XSTRLEN("Certificate:\n")) <= 0) { + return WOLFSSL_FAILURE; + } + + if (wolfSSL_BIO_write(bio, " Data:\n", + (int)XSTRLEN(" Data:\n")) <= 0) { + return WOLFSSL_FAILURE; + } + + /* print version of cert */ { - WOLFSSL_ENTER("wolfSSL_X509_print_ex"); + int version; + char tmp[20]; - /* flags currently not supported */ - (void)nmflags; - (void)cflag; + if ((version = wolfSSL_X509_version(x509)) < 0) { + WOLFSSL_MSG("Error getting X509 version"); + return WOLFSSL_FAILURE; + } + if (wolfSSL_BIO_write(bio, " Version:", + (int)XSTRLEN(" Version:")) <= 0) { + return WOLFSSL_FAILURE; + } + XSNPRINTF(tmp, sizeof(tmp), " %d (0x%x)\n", version, (byte)version-1); + if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { + return WOLFSSL_FAILURE; + } + } - if (bio == NULL || x509 == NULL) { + /* print serial number out */ + { + unsigned char serial[32]; + int sz = sizeof(serial); + + XMEMSET(serial, 0, sz); + if (wolfSSL_X509_get_serial_number(x509, serial, &sz) + != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("Error getting x509 serial number"); + return WOLFSSL_FAILURE; + } + if (wolfSSL_BIO_write(bio, " Serial Number:", + (int)XSTRLEN(" Serial Number:")) <= 0) { return WOLFSSL_FAILURE; } - if (wolfSSL_BIO_write(bio, "Certificate:\n", - (int)XSTRLEN("Certificate:\n")) <= 0) { - return WOLFSSL_FAILURE; - } - - if (wolfSSL_BIO_write(bio, " Data:\n", - (int)XSTRLEN(" Data:\n")) <= 0) { - return WOLFSSL_FAILURE; - } - - /* print version of cert */ - { - int version; - char tmp[20]; - - if ((version = wolfSSL_X509_version(x509)) < 0) { - WOLFSSL_MSG("Error getting X509 version"); - return WOLFSSL_FAILURE; - } - if (wolfSSL_BIO_write(bio, " Version:", - (int)XSTRLEN(" Version:")) <= 0) { - return WOLFSSL_FAILURE; - } - XSNPRINTF(tmp, sizeof(tmp), " %d (0x%x)\n", version, (byte)version-1); + /* if serial can fit into byte than print on the same line */ + if (sz <= (int)sizeof(byte)) { + char tmp[17]; + XSNPRINTF(tmp, sizeof(tmp), " %d (0x%x)\n", serial[0],serial[0]); if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { return WOLFSSL_FAILURE; } } + else { + int i; + char tmp[100]; + int tmpSz = 100; + char val[5]; + int valSz = 5; - /* print serial number out */ - { - unsigned char serial[32]; - int sz = sizeof(serial); - - XMEMSET(serial, 0, sz); - if (wolfSSL_X509_get_serial_number(x509, serial, &sz) - != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("Error getting x509 serial number"); + /* serial is larger than int size so print off hex values */ + if (wolfSSL_BIO_write(bio, "\n ", + (int)XSTRLEN("\n ")) <= 0) { return WOLFSSL_FAILURE; } - if (wolfSSL_BIO_write(bio, " Serial Number:", - (int)XSTRLEN(" Serial Number:")) <= 0) { - return WOLFSSL_FAILURE; - } - - /* if serial can fit into byte than print on the same line */ - if (sz <= (int)sizeof(byte)) { - char tmp[17]; - XSNPRINTF(tmp, sizeof(tmp), " %d (0x%x)\n", serial[0],serial[0]); - if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { - return WOLFSSL_FAILURE; - } - } - else { - int i; - char tmp[100]; - int tmpSz = 100; - char val[5]; - int valSz = 5; - - /* serial is larger than int size so print off hex values */ - if (wolfSSL_BIO_write(bio, "\n ", - (int)XSTRLEN("\n ")) <= 0) { - return WOLFSSL_FAILURE; - } - tmp[0] = '\0'; - for (i = 0; i < sz - 1 && (3 * i) < tmpSz - valSz; i++) { - XSNPRINTF(val, sizeof(val) - 1, "%02x:", serial[i]); - val[3] = '\0'; /* make sure is null terminated */ - XSTRNCAT(tmp, val, valSz); - } - XSNPRINTF(val, sizeof(val) - 1, "%02x\n", serial[i]); + tmp[0] = '\0'; + for (i = 0; i < sz - 1 && (3 * i) < tmpSz - valSz; i++) { + XSNPRINTF(val, sizeof(val) - 1, "%02x:", serial[i]); val[3] = '\0'; /* make sure is null terminated */ XSTRNCAT(tmp, val, valSz); - if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { - return WOLFSSL_FAILURE; - } } - } - - /* print signature algo */ - { - int oid; - const char* sig; - - if ((oid = wolfSSL_X509_get_signature_type(x509)) <= 0) { - WOLFSSL_MSG("Error getting x509 signature type"); - return WOLFSSL_FAILURE; - } - if (wolfSSL_BIO_write(bio, " Signature Algorithm: ", - (int)XSTRLEN(" Signature Algorithm: ")) <= 0) { - return WOLFSSL_FAILURE; - } - sig = GetSigName(oid); - if (wolfSSL_BIO_write(bio, sig, (int)XSTRLEN(sig)) <= 0) { - return WOLFSSL_FAILURE; - } - if (wolfSSL_BIO_write(bio, "\n", (int)XSTRLEN("\n")) <= 0) { + XSNPRINTF(val, sizeof(val) - 1, "%02x\n", serial[i]); + val[3] = '\0'; /* make sure is null terminated */ + XSTRNCAT(tmp, val, valSz); + if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { return WOLFSSL_FAILURE; } } + } - /* print issuer */ - { - char* issuer; - #ifdef WOLFSSL_SMALL_STACK - char* buff = NULL; - int issSz = 0; - #else - char buff[256]; - int issSz = 256; - #endif + /* print signature algo */ + { + int oid; + const char* sig; - #if defined(WOLFSSL_QT) - issuer = wolfSSL_X509_get_name_oneline( - wolfSSL_X509_get_issuer_name(x509), buff, issSz); - #else - issuer = wolfSSL_X509_NAME_oneline( - wolfSSL_X509_get_issuer_name(x509), buff, issSz); - #endif + if ((oid = wolfSSL_X509_get_signature_type(x509)) <= 0) { + WOLFSSL_MSG("Error getting x509 signature type"); + return WOLFSSL_FAILURE; + } + if (wolfSSL_BIO_write(bio, " Signature Algorithm: ", + (int)XSTRLEN(" Signature Algorithm: ")) <= 0) { + return WOLFSSL_FAILURE; + } + sig = GetSigName(oid); + if (wolfSSL_BIO_write(bio, sig, (int)XSTRLEN(sig)) <= 0) { + return WOLFSSL_FAILURE; + } + if (wolfSSL_BIO_write(bio, "\n", (int)XSTRLEN("\n")) <= 0) { + return WOLFSSL_FAILURE; + } + } - if (wolfSSL_BIO_write(bio, " Issuer: ", - (int)XSTRLEN(" Issuer: ")) <= 0) { + /* print issuer */ + { + char* issuer; + #ifdef WOLFSSL_SMALL_STACK + char* buff = NULL; + int issSz = 0; + #else + char buff[256]; + int issSz = 256; + #endif + + issuer = wolfSSL_X509_get_name_oneline( + wolfSSL_X509_get_issuer_name(x509), buff, issSz); + + if (wolfSSL_BIO_write(bio, " Issuer: ", + (int)XSTRLEN(" Issuer: ")) <= 0) { + #ifdef WOLFSSL_SMALL_STACK + XFREE(issuer, NULL, DYNAMIC_TYPE_OPENSSL); + #endif + return WOLFSSL_FAILURE; + } + if (issuer != NULL) { + if (wolfSSL_BIO_write(bio, issuer, (int)XSTRLEN(issuer)) <= 0) { #ifdef WOLFSSL_SMALL_STACK XFREE(issuer, NULL, DYNAMIC_TYPE_OPENSSL); #endif return WOLFSSL_FAILURE; } - if (issuer != NULL) { - if (wolfSSL_BIO_write(bio, issuer, (int)XSTRLEN(issuer)) <= 0) { - #ifdef WOLFSSL_SMALL_STACK - XFREE(issuer, NULL, DYNAMIC_TYPE_OPENSSL); - #endif + } + #ifdef WOLFSSL_SMALL_STACK + XFREE(issuer, NULL, DYNAMIC_TYPE_OPENSSL); + #endif + if (wolfSSL_BIO_write(bio, "\n", (int)XSTRLEN("\n")) <= 0) { + return WOLFSSL_FAILURE; + } + } + +#ifndef NO_ASN_TIME + /* print validity */ + { + char tmp[80]; + + if (wolfSSL_BIO_write(bio, " Validity\n", + (int)XSTRLEN(" Validity\n")) <= 0) { + return WOLFSSL_FAILURE; + } + + if (wolfSSL_BIO_write(bio, " Not Before: ", + (int)XSTRLEN(" Not Before: ")) <= 0) { + return WOLFSSL_FAILURE; + } + if (x509->notBefore.length > 0) { + if (GetTimeString(x509->notBefore.data, ASN_UTC_TIME, + tmp, sizeof(tmp)) != WOLFSSL_SUCCESS) { + if (GetTimeString(x509->notBefore.data, ASN_GENERALIZED_TIME, + tmp, sizeof(tmp)) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("Error getting not before date"); return WOLFSSL_FAILURE; } } - #ifdef WOLFSSL_SMALL_STACK - XFREE(issuer, NULL, DYNAMIC_TYPE_OPENSSL); - #endif - if (wolfSSL_BIO_write(bio, "\n", (int)XSTRLEN("\n")) <= 0) { - return WOLFSSL_FAILURE; - } + } + else { + XSTRNCPY(tmp, "Not Set", sizeof(tmp)-1); + } + tmp[sizeof(tmp) - 1] = '\0'; /* make sure null terminated */ + if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { + return WOLFSSL_FAILURE; } - #ifndef NO_ASN_TIME - /* print validity */ - { - char tmp[80]; - - if (wolfSSL_BIO_write(bio, " Validity\n", - (int)XSTRLEN(" Validity\n")) <= 0) { - return WOLFSSL_FAILURE; - } - - if (wolfSSL_BIO_write(bio, " Not Before: ", - (int)XSTRLEN(" Not Before: ")) <= 0) { - return WOLFSSL_FAILURE; - } - if (x509->notBefore.length > 0) { - if (GetTimeString(x509->notBefore.data, ASN_UTC_TIME, + if (wolfSSL_BIO_write(bio, "\n Not After : ", + (int)XSTRLEN("\n Not After : ")) <= 0) { + return WOLFSSL_FAILURE; + } + if (x509->notAfter.length > 0) { + if (GetTimeString(x509->notAfter.data, ASN_UTC_TIME, + tmp, sizeof(tmp)) != WOLFSSL_SUCCESS) { + if (GetTimeString(x509->notAfter.data, ASN_GENERALIZED_TIME, tmp, sizeof(tmp)) != WOLFSSL_SUCCESS) { - if (GetTimeString(x509->notBefore.data, ASN_GENERALIZED_TIME, - tmp, sizeof(tmp)) != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("Error getting not before date"); - return WOLFSSL_FAILURE; - } + WOLFSSL_MSG("Error getting not after date"); + return WOLFSSL_FAILURE; } } - else { - XSTRNCPY(tmp, "Not Set", sizeof(tmp)-1); - } - tmp[sizeof(tmp) - 1] = '\0'; /* make sure null terminated */ - if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { - return WOLFSSL_FAILURE; - } - - if (wolfSSL_BIO_write(bio, "\n Not After : ", - (int)XSTRLEN("\n Not After : ")) <= 0) { - return WOLFSSL_FAILURE; - } - if (x509->notAfter.length > 0) { - if (GetTimeString(x509->notAfter.data, ASN_UTC_TIME, - tmp, sizeof(tmp)) != WOLFSSL_SUCCESS) { - if (GetTimeString(x509->notAfter.data, ASN_GENERALIZED_TIME, - tmp, sizeof(tmp)) != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("Error getting not after date"); - return WOLFSSL_FAILURE; - } - } - } - else { - XSTRNCPY(tmp, "Not Set", sizeof(tmp)-1); - } - tmp[sizeof(tmp) - 1] = '\0'; /* make sure null terminated */ - if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { - return WOLFSSL_FAILURE; - } } + else { + XSTRNCPY(tmp, "Not Set", sizeof(tmp)-1); + } + tmp[sizeof(tmp) - 1] = '\0'; /* make sure null terminated */ + if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { + return WOLFSSL_FAILURE; + } + } +#endif + + /* print subject */ + { + char* subject; + #ifdef WOLFSSL_SMALL_STACK + char* buff = NULL; + int subSz = 0; + #else + char buff[256]; + int subSz = 256; #endif - /* print subject */ - { - char* subject; - #ifdef WOLFSSL_SMALL_STACK - char* buff = NULL; - int subSz = 0; - #else - char buff[256]; - int subSz = 256; - #endif + subject = wolfSSL_X509_get_name_oneline( + wolfSSL_X509_get_subject_name(x509), buff, subSz); - #if defined(WOLFSSL_QT) - subject = wolfSSL_X509_get_name_oneline( - wolfSSL_X509_get_subject_name(x509), buff, subSz); - #else - subject = wolfSSL_X509_NAME_oneline( - wolfSSL_X509_get_subject_name(x509), buff, subSz); - #endif - - if (wolfSSL_BIO_write(bio, "\n Subject: ", - (int)XSTRLEN("\n Subject: ")) <= 0) { + if (wolfSSL_BIO_write(bio, "\n Subject: ", + (int)XSTRLEN("\n Subject: ")) <= 0) { + #ifdef WOLFSSL_SMALL_STACK + XFREE(subject, NULL, DYNAMIC_TYPE_OPENSSL); + #endif + return WOLFSSL_FAILURE; + } + if (subject != NULL) { + if (wolfSSL_BIO_write(bio, subject, (int)XSTRLEN(subject)) <= 0) { #ifdef WOLFSSL_SMALL_STACK XFREE(subject, NULL, DYNAMIC_TYPE_OPENSSL); #endif return WOLFSSL_FAILURE; } - if (subject != NULL) { - if (wolfSSL_BIO_write(bio, subject, (int)XSTRLEN(subject)) <= 0) { - #ifdef WOLFSSL_SMALL_STACK - XFREE(subject, NULL, DYNAMIC_TYPE_OPENSSL); - #endif + } + #ifdef WOLFSSL_SMALL_STACK + XFREE(subject, NULL, DYNAMIC_TYPE_OPENSSL); + #endif + } + + /* get and print public key */ + if (wolfSSL_BIO_write(bio, "\n Subject Public Key Info:\n", + (int)XSTRLEN("\n Subject Public Key Info:\n")) <= 0) { + return WOLFSSL_FAILURE; + } + { + #if (!defined(NO_RSA) && !defined(HAVE_USER_RSA)) || defined(HAVE_ECC) + char tmp[100]; + #endif + + switch (x509->pubKeyOID) { + #ifndef NO_RSA + case RSAk: + if (wolfSSL_BIO_write(bio, + " Public Key Algorithm: rsaEncryption\n", + (int)XSTRLEN(" Public Key Algorithm: rsaEncryption\n")) <= 0) { return WOLFSSL_FAILURE; } - } - #ifdef WOLFSSL_SMALL_STACK - XFREE(subject, NULL, DYNAMIC_TYPE_OPENSSL); - #endif - } - - /* get and print public key */ - if (wolfSSL_BIO_write(bio, "\n Subject Public Key Info:\n", - (int)XSTRLEN("\n Subject Public Key Info:\n")) <= 0) { - return WOLFSSL_FAILURE; - } - { - #if (!defined(NO_RSA) && !defined(HAVE_USER_RSA)) || defined(HAVE_ECC) - char tmp[100]; - #endif - - switch (x509->pubKeyOID) { - #ifndef NO_RSA - case RSAk: - if (wolfSSL_BIO_write(bio, - " Public Key Algorithm: rsaEncryption\n", - (int)XSTRLEN(" Public Key Algorithm: rsaEncryption\n")) <= 0) { - return WOLFSSL_FAILURE; - } - #ifdef HAVE_USER_RSA - if (wolfSSL_BIO_write(bio, - " Build without user RSA to print key\n", - (int)XSTRLEN(" Build without user RSA to print key\n")) - <= 0) { + #ifdef HAVE_USER_RSA + if (wolfSSL_BIO_write(bio, + " Build without user RSA to print key\n", + (int)XSTRLEN(" Build without user RSA to print key\n")) + <= 0) { + return WOLFSSL_FAILURE; + } + #else + { + word32 idx = 0; + int sz; + byte lbit = 0; + int rawLen; + unsigned char* rawKey; + #ifdef WOLFSSL_SMALL_STACK + RsaKey *rsa = (RsaKey*)XMALLOC(sizeof(RsaKey), NULL, + DYNAMIC_TYPE_RSA); + if (rsa == NULL) { + WOLFSSL_MSG("RsaKey malloc failure"); return WOLFSSL_FAILURE; } #else - { - word32 idx = 0; - int sz; - byte lbit = 0; - int rawLen; - unsigned char* rawKey; + RsaKey rsa[1]; + #endif + + if (wc_InitRsaKey(rsa, NULL) != 0) { + WOLFSSL_MSG("wc_InitRsaKey failure"); + return WOLFSSL_FAILURE; + } + if (wc_RsaPublicKeyDecode(x509->pubKey.buffer, + &idx, rsa, x509->pubKey.length) != 0) { + WOLFSSL_MSG("Error decoding RSA key"); + wc_FreeRsaKey(rsa); #ifdef WOLFSSL_SMALL_STACK - RsaKey *rsa = (RsaKey*)XMALLOC(sizeof(RsaKey), NULL, - DYNAMIC_TYPE_RSA); - if (rsa == NULL) { - WOLFSSL_MSG("RsaKey malloc failure"); - return WOLFSSL_FAILURE; - } - #else - RsaKey rsa[1]; + XFREE(rsa, NULL, DYNAMIC_TYPE_RSA); #endif + return WOLFSSL_FAILURE; + } + if ((sz = wc_RsaEncryptSize(rsa)) < 0) { + WOLFSSL_MSG("Error getting RSA key size"); + wc_FreeRsaKey(rsa); + #ifdef WOLFSSL_SMALL_STACK + XFREE(rsa, NULL, DYNAMIC_TYPE_RSA); + #endif + return WOLFSSL_FAILURE; + } + XSNPRINTF(tmp, sizeof(tmp) - 1, "%s%s: (%d bit)\n%s\n", + " ", "Public-Key", 8 * sz, + " Modulus:"); + tmp[sizeof(tmp) - 1] = '\0'; + if (wolfSSL_BIO_write(bio, tmp, + (int)XSTRLEN(tmp)) <= 0) { + wc_FreeRsaKey(rsa); + #ifdef WOLFSSL_SMALL_STACK + XFREE(rsa, NULL, DYNAMIC_TYPE_RSA); + #endif + return WOLFSSL_FAILURE; + } - if (wc_InitRsaKey(rsa, NULL) != 0) { - WOLFSSL_MSG("wc_InitRsaKey failure"); - return WOLFSSL_FAILURE; - } - if (wc_RsaPublicKeyDecode(x509->pubKey.buffer, - &idx, rsa, x509->pubKey.length) != 0) { - WOLFSSL_MSG("Error decoding RSA key"); - wc_FreeRsaKey(rsa); - #ifdef WOLFSSL_SMALL_STACK - XFREE(rsa, NULL, DYNAMIC_TYPE_RSA); - #endif - return WOLFSSL_FAILURE; - } - if ((sz = wc_RsaEncryptSize(rsa)) < 0) { - WOLFSSL_MSG("Error getting RSA key size"); - wc_FreeRsaKey(rsa); - #ifdef WOLFSSL_SMALL_STACK - XFREE(rsa, NULL, DYNAMIC_TYPE_RSA); - #endif - return WOLFSSL_FAILURE; - } - XSNPRINTF(tmp, sizeof(tmp) - 1, "%s%s: (%d bit)\n%s\n", - " ", "Public-Key", 8 * sz, - " Modulus:"); - tmp[sizeof(tmp) - 1] = '\0'; - if (wolfSSL_BIO_write(bio, tmp, - (int)XSTRLEN(tmp)) <= 0) { - wc_FreeRsaKey(rsa); - #ifdef WOLFSSL_SMALL_STACK - XFREE(rsa, NULL, DYNAMIC_TYPE_RSA); - #endif - return WOLFSSL_FAILURE; - } + /* print out modulus */ + XSNPRINTF(tmp, sizeof(tmp) - 1," "); + tmp[sizeof(tmp) - 1] = '\0'; + if (mp_leading_bit(&rsa->n)) { + lbit = 1; + XSTRNCAT(tmp, "00", 3); + } - /* print out modulus */ - XSNPRINTF(tmp, sizeof(tmp) - 1," "); - tmp[sizeof(tmp) - 1] = '\0'; - if (mp_leading_bit(&rsa->n)) { - lbit = 1; - XSTRNCAT(tmp, "00", 3); - } + rawLen = mp_unsigned_bin_size(&rsa->n); + rawKey = (unsigned char*)XMALLOC(rawLen, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (rawKey == NULL) { + WOLFSSL_MSG("Memory error"); + wc_FreeRsaKey(rsa); + #ifdef WOLFSSL_SMALL_STACK + XFREE(rsa, NULL, DYNAMIC_TYPE_RSA); + #endif + return WOLFSSL_FAILURE; + } + mp_to_unsigned_bin(&rsa->n, rawKey); + for (idx = 0; idx < (word32)rawLen; idx++) { + char val[5]; + int valSz = 5; - rawLen = mp_unsigned_bin_size(&rsa->n); - rawKey = (unsigned char*)XMALLOC(rawLen, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (rawKey == NULL) { - WOLFSSL_MSG("Memory error"); - wc_FreeRsaKey(rsa); - #ifdef WOLFSSL_SMALL_STACK - XFREE(rsa, NULL, DYNAMIC_TYPE_RSA); - #endif - return WOLFSSL_FAILURE; + if ((idx == 0) && !lbit) { + XSNPRINTF(val, valSz - 1, "%02x", rawKey[idx]); } - mp_to_unsigned_bin(&rsa->n, rawKey); - for (idx = 0; idx < (word32)rawLen; idx++) { - char val[5]; - int valSz = 5; - - if ((idx == 0) && !lbit) { - XSNPRINTF(val, valSz - 1, "%02x", rawKey[idx]); - } - else if ((idx != 0) && (((idx + lbit) % 15) == 0)) { - tmp[sizeof(tmp) - 1] = '\0'; - if (wolfSSL_BIO_write(bio, tmp, - (int)XSTRLEN(tmp)) <= 0) { - XFREE(rawKey, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - wc_FreeRsaKey(rsa); - #ifdef WOLFSSL_SMALL_STACK - XFREE(rsa, NULL, DYNAMIC_TYPE_RSA); - #endif - return WOLFSSL_FAILURE; - } - XSNPRINTF(tmp, sizeof(tmp) - 1, - ":\n "); - XSNPRINTF(val, valSz - 1, "%02x", rawKey[idx]); - } - else { - XSNPRINTF(val, valSz - 1, ":%02x", rawKey[idx]); - } - XSTRNCAT(tmp, val, valSz); - } - XFREE(rawKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); - - /* print out remaining modulus values */ - if ((idx > 0) && (((idx - 1 + lbit) % 15) != 0)) { + else if ((idx != 0) && (((idx + lbit) % 15) == 0)) { tmp[sizeof(tmp) - 1] = '\0'; if (wolfSSL_BIO_write(bio, tmp, - (int)XSTRLEN(tmp)) <= 0) { + (int)XSTRLEN(tmp)) <= 0) { + XFREE(rawKey, NULL, + DYNAMIC_TYPE_TMP_BUFFER); wc_FreeRsaKey(rsa); #ifdef WOLFSSL_SMALL_STACK XFREE(rsa, NULL, DYNAMIC_TYPE_RSA); #endif return WOLFSSL_FAILURE; } + XSNPRINTF(tmp, sizeof(tmp) - 1, + ":\n "); + XSNPRINTF(val, valSz - 1, "%02x", rawKey[idx]); } + else { + XSNPRINTF(val, valSz - 1, ":%02x", rawKey[idx]); + } + XSTRNCAT(tmp, val, valSz); + } + XFREE(rawKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); - /* print out exponent values */ - rawLen = mp_unsigned_bin_size(&rsa->e); - if (rawLen < 0) { - WOLFSSL_MSG("Error getting exponent size"); - wc_FreeRsaKey(rsa); - #ifdef WOLFSSL_SMALL_STACK - XFREE(rsa, NULL, DYNAMIC_TYPE_RSA); - #endif - return WOLFSSL_FAILURE; - } - - if ((word32)rawLen < sizeof(word32)) { - rawLen = sizeof(word32); - } - rawKey = (unsigned char*)XMALLOC(rawLen, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (rawKey == NULL) { - WOLFSSL_MSG("Memory error"); - wc_FreeRsaKey(rsa); - #ifdef WOLFSSL_SMALL_STACK - XFREE(rsa, NULL, DYNAMIC_TYPE_RSA); - #endif - return WOLFSSL_FAILURE; - } - XMEMSET(rawKey, 0, rawLen); - mp_to_unsigned_bin(&rsa->e, rawKey); - if ((word32)rawLen <= sizeof(word32)) { - idx = *(word32*)rawKey; - #ifdef BIG_ENDIAN_ORDER - idx = ByteReverseWord32(idx); - #endif - } - XSNPRINTF(tmp, sizeof(tmp) - 1, - "\n Exponent: %u (0x%x)\n",idx, idx); + /* print out remaining modulus values */ + if ((idx > 0) && (((idx - 1 + lbit) % 15) != 0)) { + tmp[sizeof(tmp) - 1] = '\0'; if (wolfSSL_BIO_write(bio, tmp, - (int)XSTRLEN(tmp)) <= 0) { - XFREE(rawKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); + (int)XSTRLEN(tmp)) <= 0) { wc_FreeRsaKey(rsa); #ifdef WOLFSSL_SMALL_STACK XFREE(rsa, NULL, DYNAMIC_TYPE_RSA); #endif return WOLFSSL_FAILURE; } + } + + /* print out exponent values */ + rawLen = mp_unsigned_bin_size(&rsa->e); + if (rawLen < 0) { + WOLFSSL_MSG("Error getting exponent size"); + wc_FreeRsaKey(rsa); + #ifdef WOLFSSL_SMALL_STACK + XFREE(rsa, NULL, DYNAMIC_TYPE_RSA); + #endif + return WOLFSSL_FAILURE; + } + + if ((word32)rawLen < sizeof(word32)) { + rawLen = sizeof(word32); + } + rawKey = (unsigned char*)XMALLOC(rawLen, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (rawKey == NULL) { + WOLFSSL_MSG("Memory error"); + wc_FreeRsaKey(rsa); + #ifdef WOLFSSL_SMALL_STACK + XFREE(rsa, NULL, DYNAMIC_TYPE_RSA); + #endif + return WOLFSSL_FAILURE; + } + XMEMSET(rawKey, 0, rawLen); + mp_to_unsigned_bin(&rsa->e, rawKey); + if ((word32)rawLen <= sizeof(word32)) { + idx = *(word32*)rawKey; + #ifdef BIG_ENDIAN_ORDER + idx = ByteReverseWord32(idx); + #endif + } + XSNPRINTF(tmp, sizeof(tmp) - 1, + "\n Exponent: %u (0x%x)\n",idx, idx); + if (wolfSSL_BIO_write(bio, tmp, + (int)XSTRLEN(tmp)) <= 0) { XFREE(rawKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); wc_FreeRsaKey(rsa); #ifdef WOLFSSL_SMALL_STACK XFREE(rsa, NULL, DYNAMIC_TYPE_RSA); #endif + return WOLFSSL_FAILURE; } - #endif /* HAVE_USER_RSA */ - break; - #endif /* NO_RSA */ + XFREE(rawKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); + wc_FreeRsaKey(rsa); + #ifdef WOLFSSL_SMALL_STACK + XFREE(rsa, NULL, DYNAMIC_TYPE_RSA); + #endif + } + #endif /* HAVE_USER_RSA */ + break; + #endif /* NO_RSA */ - #ifdef HAVE_ECC - case ECDSAk: - { - word32 i; + #ifdef HAVE_ECC + case ECDSAk: + { + word32 i; + #ifdef WOLFSSL_SMALL_STACK + ecc_key *ecc = (ecc_key*)XMALLOC(sizeof(ecc_key), NULL, + DYNAMIC_TYPE_ECC); + if (ecc == NULL) + return WOLFSSL_FAILURE; + #else + ecc_key ecc[1]; + #endif + + if (wolfSSL_BIO_write(bio, + " Public Key Algorithm: EC\n", + (int)XSTRLEN(" Public Key Algorithm: EC\n")) <= 0) { #ifdef WOLFSSL_SMALL_STACK - ecc_key *ecc = (ecc_key*)XMALLOC(sizeof(ecc_key), NULL, - DYNAMIC_TYPE_ECC); - if (ecc == NULL) - return WOLFSSL_FAILURE; - #else - ecc_key ecc[1]; + XFREE(ecc, NULL, DYNAMIC_TYPE_ECC); #endif + return WOLFSSL_FAILURE; + } + if (wc_ecc_init_ex(ecc, x509->heap, INVALID_DEVID) + != 0) { + #ifdef WOLFSSL_SMALL_STACK + XFREE(ecc, NULL, DYNAMIC_TYPE_ECC); + #endif + return WOLFSSL_FAILURE; + } - if (wolfSSL_BIO_write(bio, - " Public Key Algorithm: EC\n", - (int)XSTRLEN(" Public Key Algorithm: EC\n")) <= 0) { - #ifdef WOLFSSL_SMALL_STACK - XFREE(ecc, NULL, DYNAMIC_TYPE_ECC); - #endif - return WOLFSSL_FAILURE; - } - if (wc_ecc_init_ex(ecc, x509->heap, INVALID_DEVID) - != 0) { - #ifdef WOLFSSL_SMALL_STACK - XFREE(ecc, NULL, DYNAMIC_TYPE_ECC); - #endif - return WOLFSSL_FAILURE; - } + i = 0; + if (wc_EccPublicKeyDecode(x509->pubKey.buffer, &i, + ecc, x509->pubKey.length) != 0) { + wc_ecc_free(ecc); + #ifdef WOLFSSL_SMALL_STACK + XFREE(ecc, NULL, DYNAMIC_TYPE_ECC); + #endif + return WOLFSSL_FAILURE; + } + XSNPRINTF(tmp, sizeof(tmp) - 1, "%s%s: (%d bit)\n%s\n", + " ", "Public-Key", + 8 * wc_ecc_size(ecc), + " pub:"); + tmp[sizeof(tmp) - 1] = '\0'; + if (wolfSSL_BIO_write(bio, tmp, + (int)XSTRLEN(tmp)) <= 0) { + wc_ecc_free(ecc); + #ifdef WOLFSSL_SMALL_STACK + XFREE(ecc, NULL, DYNAMIC_TYPE_ECC); + #endif + return WOLFSSL_FAILURE; + } + XSNPRINTF(tmp, sizeof(tmp) - 1," "); + { + word32 derSz; + byte* der; - i = 0; - if (wc_EccPublicKeyDecode(x509->pubKey.buffer, &i, - ecc, x509->pubKey.length) != 0) { + derSz = wc_ecc_size(ecc) * WOLFSSL_BIT_SIZE; + der = (byte*)XMALLOC(derSz, x509->heap, + DYNAMIC_TYPE_TMP_BUFFER); + if (der == NULL) { wc_ecc_free(ecc); #ifdef WOLFSSL_SMALL_STACK XFREE(ecc, NULL, DYNAMIC_TYPE_ECC); #endif return WOLFSSL_FAILURE; } - XSNPRINTF(tmp, sizeof(tmp) - 1, "%s%s: (%d bit)\n%s\n", - " ", "Public-Key", - 8 * wc_ecc_size(ecc), - " pub:"); - tmp[sizeof(tmp) - 1] = '\0'; - if (wolfSSL_BIO_write(bio, tmp, - (int)XSTRLEN(tmp)) <= 0) { - wc_ecc_free(ecc); - #ifdef WOLFSSL_SMALL_STACK - XFREE(ecc, NULL, DYNAMIC_TYPE_ECC); - #endif - return WOLFSSL_FAILURE; - } - XSNPRINTF(tmp, sizeof(tmp) - 1," "); - { - word32 derSz; - byte* der; - - derSz = wc_ecc_size(ecc) * WOLFSSL_BIT_SIZE; - der = (byte*)XMALLOC(derSz, x509->heap, - DYNAMIC_TYPE_TMP_BUFFER); - if (der == NULL) { - wc_ecc_free(ecc); - #ifdef WOLFSSL_SMALL_STACK - XFREE(ecc, NULL, DYNAMIC_TYPE_ECC); - #endif - return WOLFSSL_FAILURE; - } - PRIVATE_KEY_UNLOCK(); - if (wc_ecc_export_x963(ecc, der, &derSz) != 0) { - PRIVATE_KEY_LOCK(); - wc_ecc_free(ecc); - #ifdef WOLFSSL_SMALL_STACK - XFREE(ecc, NULL, DYNAMIC_TYPE_ECC); - #endif - XFREE(der, x509->heap, DYNAMIC_TYPE_TMP_BUFFER); - return WOLFSSL_FAILURE; - } + PRIVATE_KEY_UNLOCK(); + if (wc_ecc_export_x963(ecc, der, &derSz) != 0) { PRIVATE_KEY_LOCK(); - for (i = 0; i < derSz; i++) { - char val[5]; - int valSz = 5; + wc_ecc_free(ecc); + #ifdef WOLFSSL_SMALL_STACK + XFREE(ecc, NULL, DYNAMIC_TYPE_ECC); + #endif + XFREE(der, x509->heap, DYNAMIC_TYPE_TMP_BUFFER); + return WOLFSSL_FAILURE; + } + PRIVATE_KEY_LOCK(); + for (i = 0; i < derSz; i++) { + char val[5]; + int valSz = 5; - if (i == 0) { - XSNPRINTF(val, valSz - 1, "%02x", der[i]); - } - else if ((i % 15) == 0) { - tmp[sizeof(tmp) - 1] = '\0'; - if (wolfSSL_BIO_write(bio, tmp, - (int)XSTRLEN(tmp)) <= 0) { - wc_ecc_free(ecc); - #ifdef WOLFSSL_SMALL_STACK - XFREE(ecc, NULL, DYNAMIC_TYPE_ECC); - #endif - XFREE(der, x509->heap, - DYNAMIC_TYPE_TMP_BUFFER); - return WOLFSSL_FAILURE; - } - XSNPRINTF(tmp, sizeof(tmp) - 1, - ":\n "); - XSNPRINTF(val, valSz - 1, "%02x", der[i]); - } - else { - XSNPRINTF(val, valSz - 1, ":%02x", der[i]); - } - XSTRNCAT(tmp, val, valSz); + if (i == 0) { + XSNPRINTF(val, valSz - 1, "%02x", der[i]); } - - /* print out remaining modulus values */ - if ((i > 0) && (((i - 1) % 15) != 0)) { + else if ((i % 15) == 0) { tmp[sizeof(tmp) - 1] = '\0'; if (wolfSSL_BIO_write(bio, tmp, - (int)XSTRLEN(tmp)) <= 0) { + (int)XSTRLEN(tmp)) <= 0) { wc_ecc_free(ecc); #ifdef WOLFSSL_SMALL_STACK XFREE(ecc, NULL, DYNAMIC_TYPE_ECC); #endif XFREE(der, x509->heap, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_TMP_BUFFER); return WOLFSSL_FAILURE; } + XSNPRINTF(tmp, sizeof(tmp) - 1, + ":\n "); + XSNPRINTF(val, valSz - 1, "%02x", der[i]); } + else { + XSNPRINTF(val, valSz - 1, ":%02x", der[i]); + } + XSTRNCAT(tmp, val, valSz); + } - XFREE(der, x509->heap, DYNAMIC_TYPE_TMP_BUFFER); - } - XSNPRINTF(tmp, sizeof(tmp) - 1, "\n%s%s: %s\n", - " ", "ASN1 OID", - ecc->dp->name); - if (wolfSSL_BIO_write(bio, tmp, - (int)XSTRLEN(tmp)) <= 0) { - wc_ecc_free(ecc); - #ifdef WOLFSSL_SMALL_STACK - XFREE(ecc, NULL, DYNAMIC_TYPE_ECC); - #endif - return WOLFSSL_FAILURE; + /* print out remaining modulus values */ + if ((i > 0) && (((i - 1) % 15) != 0)) { + tmp[sizeof(tmp) - 1] = '\0'; + if (wolfSSL_BIO_write(bio, tmp, + (int)XSTRLEN(tmp)) <= 0) { + wc_ecc_free(ecc); + #ifdef WOLFSSL_SMALL_STACK + XFREE(ecc, NULL, DYNAMIC_TYPE_ECC); + #endif + XFREE(der, x509->heap, + DYNAMIC_TYPE_TMP_BUFFER); + return WOLFSSL_FAILURE; + } } + + XFREE(der, x509->heap, DYNAMIC_TYPE_TMP_BUFFER); + } + XSNPRINTF(tmp, sizeof(tmp) - 1, "\n%s%s: %s\n", + " ", "ASN1 OID", + ecc->dp->name); + if (wolfSSL_BIO_write(bio, tmp, + (int)XSTRLEN(tmp)) <= 0) { + wc_ecc_free(ecc); #ifdef WOLFSSL_SMALL_STACK XFREE(ecc, NULL, DYNAMIC_TYPE_ECC); #endif - wc_ecc_free(ecc); + return WOLFSSL_FAILURE; } - break; - #endif /* HAVE_ECC */ - default: - WOLFSSL_MSG("Unknown key type"); - return WOLFSSL_FAILURE; - } + #ifdef WOLFSSL_SMALL_STACK + XFREE(ecc, NULL, DYNAMIC_TYPE_ECC); + #endif + wc_ecc_free(ecc); + } + break; + #endif /* HAVE_ECC */ + default: + WOLFSSL_MSG("Unknown key type"); + return WOLFSSL_FAILURE; } + } - /* print out extensions */ - if (wolfSSL_BIO_write(bio, " X509v3 extensions:\n", - (int)XSTRLEN(" X509v3 extensions:\n")) <= 0) { + /* print out extensions */ + if (wolfSSL_BIO_write(bio, " X509v3 extensions:\n", + (int)XSTRLEN(" X509v3 extensions:\n")) <= 0) { + return WOLFSSL_FAILURE; + } + + /* print subject key id */ + if (x509->subjKeyIdSet && x509->subjKeyId != NULL && + x509->subjKeyIdSz > 0) { + char tmp[100]; + word32 i; + char val[5]; + int valSz = 5; + + XSNPRINTF(tmp, sizeof(tmp), + " X509v3 Subject Key Identifier: "); + if (x509->subjKeyIdCrit) { + XSTRNCAT(tmp, "critical", sizeof(tmp) - XSTRLEN(tmp) - 1); + } + XSTRNCAT(tmp, "\n", sizeof(tmp) - XSTRLEN(tmp) - 1); + + if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { return WOLFSSL_FAILURE; } + XMEMSET(tmp, 0, sizeof(tmp)); - /* print subject key id */ - if (x509->subjKeyIdSet && x509->subjKeyId != NULL && - x509->subjKeyIdSz > 0) { - char tmp[100]; - word32 i; - char val[5]; - int valSz = 5; - - - if (wolfSSL_BIO_write(bio, - " X509v3 Subject Key Identifier: \n", - (int)XSTRLEN(" X509v3 Subject Key Identifier: \n")) - <= 0) { - return WOLFSSL_FAILURE; - } - - XSNPRINTF(tmp, sizeof(tmp) - 1, " "); - for (i = 0; i < sizeof(tmp) && i < (x509->subjKeyIdSz - 1); i++) { - XSNPRINTF(val, valSz - 1, "%02X:", x509->subjKeyId[i]); - XSTRNCAT(tmp, val, valSz); - } - XSNPRINTF(val, valSz - 1, "%02X\n", x509->subjKeyId[i]); + XSNPRINTF(tmp, sizeof(tmp) - 1, " "); + for (i = 0; i < sizeof(tmp) && i < (x509->subjKeyIdSz - 1); i++) { + XSNPRINTF(val, valSz - 1, "%02X:", x509->subjKeyId[i]); XSTRNCAT(tmp, val, valSz); - if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { - return WOLFSSL_FAILURE; - } } - - /* printf out authority key id */ - if (x509->authKeyIdSet && x509->authKeyId != NULL && - x509->authKeyIdSz > 0) { - char tmp[100]; - word32 i; - char val[5]; - int valSz = 5; - int len = 0; - - if (wolfSSL_BIO_write(bio, - " X509v3 Authority Key Identifier: \n", - (int)XSTRLEN(" X509v3 Authority Key Identifier: \n")) - <= 0) { - return WOLFSSL_FAILURE; - } - - XSNPRINTF(tmp, sizeof(tmp) - 1, " keyid"); - for (i = 0; i < x509->authKeyIdSz; i++) { - /* check if buffer is almost full */ - if (XSTRLEN(tmp) >= sizeof(tmp) - valSz) { - if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { - return WOLFSSL_FAILURE; - } - tmp[0] = '\0'; - } - XSNPRINTF(val, valSz - 1, ":%02X", x509->authKeyId[i]); - XSTRNCAT(tmp, val, valSz); - } - len = (int)XSTRLEN("\n"); - XSTRNCAT(tmp, "\n", len + 1); - if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { - return WOLFSSL_FAILURE; - } + XSNPRINTF(val, valSz - 1, "%02X\n", x509->subjKeyId[i]); + XSTRNCAT(tmp, val, valSz); + if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { + return WOLFSSL_FAILURE; } + } - /* print basic constraint */ - if (x509->basicConstSet) { - char tmp[100]; + /* printf out authority key id */ + if (x509->authKeyIdSet && x509->authKeyId != NULL && + x509->authKeyIdSz > 0) { + char tmp[100]; + word32 i; + char val[5]; + int valSz = 5; + int len = 0; - if (wolfSSL_BIO_write(bio, - "\n X509v3 Basic Constraints: \n", - (int)XSTRLEN("\n X509v3 Basic Constraints: \n")) - <= 0) { - return WOLFSSL_FAILURE; - } - XSNPRINTF(tmp, sizeof(tmp), - " CA:%s\n", - (x509->isCa)? "TRUE": "FALSE"); - if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { - return WOLFSSL_FAILURE; - } + XSNPRINTF(tmp, sizeof(tmp), + " X509v3 Authority Key Identifier: "); + if (x509->authKeyIdCrit) { + XSTRNCAT(tmp, "critical", sizeof(tmp) - XSTRLEN(tmp) - 1); } + XSTRNCAT(tmp, "\n", sizeof(tmp) - XSTRLEN(tmp) - 1); - /* print out signature */ - if (x509->sig.length > 0) { - unsigned char* sig; - int sigSz; - int i; - char tmp[100]; - int sigOid = wolfSSL_X509_get_signature_type(x509); - - if (wolfSSL_BIO_write(bio, - " Signature Algorithm: ", - (int)XSTRLEN(" Signature Algorithm: ")) <= 0) { - return WOLFSSL_FAILURE; - } - XSNPRINTF(tmp, sizeof(tmp) - 1,"%s\n", GetSigName(sigOid)); - tmp[sizeof(tmp) - 1] = '\0'; - if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { - return WOLFSSL_FAILURE; - } - - sigSz = (int)x509->sig.length; - sig = (unsigned char*)XMALLOC(sigSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (sig == NULL) { - return WOLFSSL_FAILURE; - } - - if (wolfSSL_X509_get_signature(x509, sig, &sigSz) <= 0) { - XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER); - return WOLFSSL_FAILURE; - } - XSNPRINTF(tmp, sizeof(tmp) - 1," "); - tmp[sizeof(tmp) - 1] = '\0'; - for (i = 0; i < sigSz; i++) { - char val[5]; - int valSz = 5; - - if (i == 0) { - XSNPRINTF(val, valSz - 1, "%02x", sig[i]); - } - else if (((i % 18) == 0)) { - tmp[sizeof(tmp) - 1] = '\0'; - if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) - <= 0) { - XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER); - return WOLFSSL_FAILURE; - } - XSNPRINTF(tmp, sizeof(tmp) - 1, - ":\n "); - XSNPRINTF(val, valSz - 1, "%02x", sig[i]); - } - else { - XSNPRINTF(val, valSz - 1, ":%02x", sig[i]); - } - XSTRNCAT(tmp, val, valSz); - } - XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER); - - /* print out remaining sig values */ - if ((i > 0) && (((i - 1) % 18) != 0)) { - tmp[sizeof(tmp) - 1] = '\0'; - if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) - <= 0) { - return WOLFSSL_FAILURE; - } - } + if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { + return WOLFSSL_FAILURE; } + XMEMSET(tmp, 0, sizeof(tmp)); - /* done with print out */ - if (wolfSSL_BIO_write(bio, "\n\0", (int)XSTRLEN("\n\0")) <= 0) { + XSNPRINTF(tmp, sizeof(tmp) - 1, " keyid"); + for (i = 0; i < x509->authKeyIdSz; i++) { + /* check if buffer is almost full */ + if (XSTRLEN(tmp) >= sizeof(tmp) - valSz) { + if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { + return WOLFSSL_FAILURE; + } + tmp[0] = '\0'; + } + XSNPRINTF(val, valSz - 1, ":%02X", x509->authKeyId[i]); + XSTRNCAT(tmp, val, valSz); + } + len = (int)XSTRLEN("\n"); + XSTRNCAT(tmp, "\n", len + 1); + if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { + return WOLFSSL_FAILURE; + } + } + + /* print basic constraint */ + if (x509->basicConstSet) { + char tmp[100]; + + XSNPRINTF(tmp, sizeof(tmp), + " X509v3 Basic Constraints: "); + if (x509->basicConstCrit) { + XSTRNCAT(tmp, "critical", sizeof(tmp) - XSTRLEN(tmp) - 1); + } + XSTRNCAT(tmp, "\n", sizeof(tmp) - XSTRLEN(tmp) - 1); + + if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { + return WOLFSSL_FAILURE; + } + XMEMSET(tmp, 0, sizeof(tmp)); + + XSNPRINTF(tmp, sizeof(tmp), + " CA:%s\n", + (x509->isCa)? "TRUE": "FALSE"); + if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { + return WOLFSSL_FAILURE; + } + } + + X509PrintSubjAltName(bio, x509); + X509PrintKeyUsage(bio, x509); + X509PrintExtendedKeyUsage(bio, x509); + + /* print out signature */ + if (x509->sig.length > 0) { + unsigned char* sig; + int sigSz; + int i; + char tmp[100]; + int sigOid = wolfSSL_X509_get_signature_type(x509); + + if (wolfSSL_BIO_write(bio, + " Signature Algorithm: ", + (int)XSTRLEN(" Signature Algorithm: ")) <= 0) { + return WOLFSSL_FAILURE; + } + XSNPRINTF(tmp, sizeof(tmp) - 1,"%s\n", GetSigName(sigOid)); + tmp[sizeof(tmp) - 1] = '\0'; + if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { return WOLFSSL_FAILURE; } - return WOLFSSL_SUCCESS; + sigSz = (int)x509->sig.length; + sig = (unsigned char*)XMALLOC(sigSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (sig == NULL) { + return WOLFSSL_FAILURE; + } + + if (wolfSSL_X509_get_signature(x509, sig, &sigSz) <= 0) { + XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return WOLFSSL_FAILURE; + } + XSNPRINTF(tmp, sizeof(tmp) - 1," "); + tmp[sizeof(tmp) - 1] = '\0'; + for (i = 0; i < sigSz; i++) { + char val[5]; + int valSz = 5; + + if (i == 0) { + XSNPRINTF(val, valSz - 1, "%02x", sig[i]); + } + else if (((i % 18) == 0)) { + tmp[sizeof(tmp) - 1] = '\0'; + if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) + <= 0) { + XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return WOLFSSL_FAILURE; + } + XSNPRINTF(tmp, sizeof(tmp) - 1, + ":\n "); + XSNPRINTF(val, valSz - 1, "%02x", sig[i]); + } + else { + XSNPRINTF(val, valSz - 1, ":%02x", sig[i]); + } + XSTRNCAT(tmp, val, valSz); + } + XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + /* print out remaining sig values */ + if ((i > 0) && (((i - 1) % 18) != 0)) { + tmp[sizeof(tmp) - 1] = '\0'; + if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) + <= 0) { + return WOLFSSL_FAILURE; + } + } } - int wolfSSL_X509_print(WOLFSSL_BIO* bio, WOLFSSL_X509* x509) - { - return wolfSSL_X509_print_ex(bio, x509, 0, 0); + + /* done with print out */ + if (wolfSSL_BIO_write(bio, "\n\0", (int)XSTRLEN("\n\0")) <= 0) { + return WOLFSSL_FAILURE; } + return WOLFSSL_SUCCESS; +} +int wolfSSL_X509_print(WOLFSSL_BIO* bio, WOLFSSL_X509* x509) +{ + return wolfSSL_X509_print_ex(bio, x509, 0, 0); +} + #ifndef NO_FILESYSTEM - int wolfSSL_X509_print_fp(XFILE fp, WOLFSSL_X509 *x509) - { - WOLFSSL_BIO* bio; - int ret; +int wolfSSL_X509_print_fp(XFILE fp, WOLFSSL_X509 *x509) +{ + WOLFSSL_BIO* bio; + int ret; - WOLFSSL_ENTER("wolfSSL_X509_print_fp"); + WOLFSSL_ENTER("wolfSSL_X509_print_fp"); - if (!fp || !x509) { - WOLFSSL_MSG("Bad parameter"); - return WOLFSSL_FAILURE; - } - - if (!(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file()))) { - WOLFSSL_MSG("wolfSSL_BIO_new wolfSSL_BIO_s_file error"); - return WOLFSSL_FAILURE; - } - - if (wolfSSL_BIO_set_fp(bio, fp, BIO_NOCLOSE) != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("wolfSSL_BIO_set_fp error"); - wolfSSL_BIO_free(bio); - return WOLFSSL_FAILURE; - } - - ret = wolfSSL_X509_print(bio, x509); - - wolfSSL_BIO_free(bio); - - return ret; + if (!fp || !x509) { + WOLFSSL_MSG("Bad parameter"); + return WOLFSSL_FAILURE; } + + if (!(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file()))) { + WOLFSSL_MSG("wolfSSL_BIO_new wolfSSL_BIO_s_file error"); + return WOLFSSL_FAILURE; + } + + if (wolfSSL_BIO_set_fp(bio, fp, BIO_NOCLOSE) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("wolfSSL_BIO_set_fp error"); + wolfSSL_BIO_free(bio); + return WOLFSSL_FAILURE; + } + + ret = wolfSSL_X509_print(bio, x509); + + wolfSSL_BIO_free(bio); + + return ret; +} #endif /* NO_FILESYSTEM */ #endif /* XSNPRINTF */ - int wolfSSL_X509_signature_print(WOLFSSL_BIO *bp, - const WOLFSSL_X509_ALGOR *sigalg, const WOLFSSL_ASN1_STRING *sig) - { - (void)sig; +int wolfSSL_X509_signature_print(WOLFSSL_BIO *bp, + const WOLFSSL_X509_ALGOR *sigalg, const WOLFSSL_ASN1_STRING *sig) +{ + (void)sig; - WOLFSSL_ENTER("wolfSSL_X509_signature_print"); + WOLFSSL_ENTER("wolfSSL_X509_signature_print"); - if (!bp || !sigalg) { - WOLFSSL_MSG("Bad parameter"); - return WOLFSSL_FAILURE; - } - - if (wolfSSL_BIO_puts(bp, " Signature Algorithm: ") <= 0) { - WOLFSSL_MSG("wolfSSL_BIO_puts error"); - return WOLFSSL_FAILURE; - } - - if (wolfSSL_i2a_ASN1_OBJECT(bp, sigalg->algorithm) <= 0) { - WOLFSSL_MSG("wolfSSL_i2a_ASN1_OBJECT error"); - return WOLFSSL_FAILURE; - } - - return WOLFSSL_SUCCESS; + if (!bp || !sigalg) { + WOLFSSL_MSG("Bad parameter"); + return WOLFSSL_FAILURE; } + + if (wolfSSL_BIO_puts(bp, " Signature Algorithm: ") <= 0) { + WOLFSSL_MSG("wolfSSL_BIO_puts error"); + return WOLFSSL_FAILURE; + } + + if (wolfSSL_i2a_ASN1_OBJECT(bp, sigalg->algorithm) <= 0) { + WOLFSSL_MSG("wolfSSL_i2a_ASN1_OBJECT error"); + return WOLFSSL_FAILURE; + } + + return WOLFSSL_SUCCESS; +} #endif /* !NO_BIO */ #ifndef NO_WOLFSSL_STUB - void wolfSSL_X509_get0_signature(const WOLFSSL_ASN1_BIT_STRING **psig, - const WOLFSSL_X509_ALGOR **palg, const WOLFSSL_X509 *x509) - { - (void)psig; - (void)palg; - (void)x509; - WOLFSSL_STUB("wolfSSL_X509_get0_signature"); - } +void wolfSSL_X509_get0_signature(const WOLFSSL_ASN1_BIT_STRING **psig, + const WOLFSSL_X509_ALGOR **palg, const WOLFSSL_X509 *x509) +{ + (void)psig; + (void)palg; + (void)x509; + WOLFSSL_STUB("wolfSSL_X509_get0_signature"); +} #endif #endif /* OPENSSL_EXTRA */ diff --git a/tests/api.c b/tests/api.c index 79b98d659..f240c8c95 100644 --- a/tests/api.c +++ b/tests/api.c @@ -51464,10 +51464,11 @@ static void test_wolfSSL_X509_print(void) AssertNotNull(bio = BIO_new(BIO_s_mem())); AssertIntEQ(X509_print(bio, x509), SSL_SUCCESS); -#if defined(WOLFSSL_QT) - AssertIntEQ(BIO_get_mem_data(bio, NULL), 3113); +#if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME) + /* Will print IP address subject alt name. */ + AssertIntEQ(BIO_get_mem_data(bio, NULL), 3329); #else - AssertIntEQ(BIO_get_mem_data(bio, NULL), 3103); + AssertIntEQ(BIO_get_mem_data(bio, NULL), 3307); #endif BIO_free(bio);