wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-04 13:14:45 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/wolfSSL/wolfssl

Browse Source
This commit is contained in:
Ludovic FLAMENT
2015-08-20 13:22:30 +02:00
parent c6ef29ac4c
commit 66e91beb2d
8 changed files with 159 additions and 127 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
README
View File

@@ -34,13 +34,29 @@ before calling wolfSSL_new(); Though it's not recommended.
*** end Notes *** *** end Notes ***
wolfSSL (Formerly CyaSSL) Release 3.6.2 (07/20/2015) wolfSSL (Formerly CyaSSL) Release 3.6.6 (08/20/2015)
Release 3.6.2 of wolfSSL is an intermediate custom release including: Release 3.6.6 of wolfSSL has bug fixes and new features including:
- OpenSSH compatibility with --enable-openssh - OpenSSH compatibility with --enable-openssh
- stunnel compatibility with --enable-stunnel - stunnel compatibility with --enable-stunnel
- lighttpd compatibility with --enable-lighty - lighttpd compatibility with --enable-lighty
- SSLv3 is now disabled by default, can be enabled with --enable-sslv3
- Ephemeral key cipher suites only are now supported by default
To enable static ECDH cipher suites define WOLFSSL_STATIC_DH
To enable static RSA cipher suites define WOLFSSL_STATIC_RSA
To enable static PSK cipher suites define WOLFSSL_STATIC_PSK
- Added QSH (quantum-safe handshake) extension with --enable-ntru
- SRP is now part of wolfCrypt, enable with --enabe-srp
- Certificate handshake messages can now be sent fragmented if the record
size is smaller than the total message size, no user action required.
- DTLS duplicate message fixes
- Visual Studio project files now support DLL and static builds for 32/64bit.
- Support for new Freesacle I/O
- FreeRTOS FIPS support
- No high level security fixes that requires an update though we always
recommend updating to the latest
See INSTALL file for build instructions. See INSTALL file for build instructions.
More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html

20
README.md
View File

@@ -38,13 +38,29 @@ before calling wolfSSL_new(); Though it's not recommended.
- GNU Binutils 2.24 ld has problems with some debug builds, to fix an ld error - GNU Binutils 2.24 ld has problems with some debug builds, to fix an ld error
add -fdebug-types-section to C_EXTRA_FLAGS add -fdebug-types-section to C_EXTRA_FLAGS
#wolfSSL (Formerly CyaSSL) Release 3.6.2 (07/20/2015) #wolfSSL (Formerly CyaSSL) Release 3.6.6 (08/20/2015)
##Release 3.6.2 of wolfSSL is an intermediate custom release including: ##Release 3.6.6 of wolfSSL has bug fixes and new features including:
- OpenSSH compatibility with --enable-openssh - OpenSSH compatibility with --enable-openssh
- stunnel compatibility with --enable-stunnel - stunnel compatibility with --enable-stunnel
- lighttpd compatibility with --enable-lighty - lighttpd compatibility with --enable-lighty
- SSLv3 is now disabled by default, can be enabled with --enable-sslv3
- Ephemeral key cipher suites only are now supported by default
To enable static ECDH cipher suites define WOLFSSL_STATIC_DH
To enable static RSA cipher suites define WOLFSSL_STATIC_RSA
To enable static PSK cipher suites define WOLFSSL_STATIC_PSK
- Added QSH (quantum-safe handshake) extension with --enable-ntru
- SRP is now part of wolfCrypt, enable with --enabe-srp
- Certificate handshake messages can now be sent fragmented if the record
size is smaller than the total message size, no user action required.
- DTLS duplicate message fixes
- Visual Studio project files now support DLL and static builds for 32/64bit.
- Support for new Freesacle I/O
- FreeRTOS FIPS support
- No high level security fixes that requires an update though we always
recommend updating to the latest
See INSTALL file for build instructions. See INSTALL file for build instructions.
More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html

6
configure.ac
View File

@@ -6,7 +6,7 @@
# #
# #
AC_INIT([wolfssl],[3.6.3],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com]) AC_INIT([wolfssl],[3.6.6],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com])
AC_CONFIG_AUX_DIR([build-aux]) AC_CONFIG_AUX_DIR([build-aux])
@@ -31,7 +31,7 @@ AC_CONFIG_MACRO_DIR([m4])
AC_CONFIG_HEADERS([config.h:config.in])dnl Keep filename to 8.3 for MS-DOS. AC_CONFIG_HEADERS([config.h:config.in])dnl Keep filename to 8.3 for MS-DOS.
#shared library versioning #shared library versioning
WOLFSSL_LIBRARY_VERSION=0:2:0 WOLFSSL_LIBRARY_VERSION=0:3:0
# | | | # | | |
# +------+ | +---+ # +------+ | +---+
# | | | # | | |
@@ -889,7 +889,7 @@ fi
# SSLv3 # SSLv3
AC_ARG_ENABLE([sslv3], AC_ARG_ENABLE([sslv3],
[ --enable-sslv3 Enable SSL version 3.0 (default: disabled)], [AS_HELP_STRING([--enable-sslv3],[Enable SSL version 3.0 (default: disabled)])],
[ ENABLED_SSLV3=$enableval ], [ ENABLED_SSLV3=$enableval ],
[ ENABLED_SSLV3=no] [ ENABLED_SSLV3=no]
) )

2
rpm/spec.in
View File

@@ -69,7 +69,7 @@ mkdir -p $RPM_BUILD_ROOT/
%{_libdir}/libwolfssl.la %{_libdir}/libwolfssl.la
%{_libdir}/libwolfssl.so %{_libdir}/libwolfssl.so
%{_libdir}/libwolfssl.so.0 %{_libdir}/libwolfssl.so.0
%{_libdir}/libwolfssl.so.0.0.2 %{_libdir}/libwolfssl.so.0.0.3
%files devel %files devel
%defattr(-,root,root,-) %defattr(-,root,root,-)

1
sslSniffer/sslSnifferTest/snifftest.c
View File

@@ -60,6 +60,7 @@ int main(void)
#ifndef _WIN32 #ifndef _WIN32
#include <sys/socket.h> /* AF_INET */ #include <sys/socket.h> /* AF_INET */
#include <arpa/inet.h> #include <arpa/inet.h>
#include <netinet/in.h>
#endif #endif
typedef unsigned char byte; typedef unsigned char byte;

2
support/wolfssl.pc
View File

@@ -5,6 +5,6 @@ includedir=${prefix}/include
Name: wolfssl Name: wolfssl
Description: wolfssl C library. Description: wolfssl C library.
Version: 3.6.3 Version: 3.6.6
Libs: -L${libdir} -lwolfssl Libs: -L${libdir} -lwolfssl
Cflags: -I${includedir} Cflags: -I${includedir}

231
wolfcrypt/src/asn.c
View File

@@ -115,9 +115,9 @@
#define XVALIDATE_DATE(d, f, t) ValidateDate((d), (f), (t)) #define XVALIDATE_DATE(d, f, t) ValidateDate((d), (f), (t))
#elif defined(USER_TIME) #elif defined(USER_TIME)
/* user time, and gmtime compatible functions, there is a gmtime /* user time, and gmtime compatible functions, there is a gmtime
implementation here that WINCE uses, so really just need some ticks implementation here that WINCE uses, so really just need some ticks
since the EPOCH since the EPOCH
*/ */
struct tm { struct tm {
@@ -391,7 +391,7 @@ CPU_INT32S NetSecure_ValidateDateHandler(CPU_INT08U *date, CPU_INT08U format,
{ {
CPU_BOOLEAN rtn_code; CPU_BOOLEAN rtn_code;
CPU_INT32S i; CPU_INT32S i;
CPU_INT32S val; CPU_INT32S val;
CPU_INT16U year; CPU_INT16U year;
CPU_INT08U month; CPU_INT08U month;
CPU_INT16U day; CPU_INT16U day;
@@ -411,33 +411,33 @@ CPU_INT32S NetSecure_ValidateDateHandler(CPU_INT08U *date, CPU_INT08U format,
else { /* format == GENERALIZED_TIME */ else { /* format == GENERALIZED_TIME */
year += btoi(date[i++]) * 1000; year += btoi(date[i++]) * 1000;
year += btoi(date[i++]) * 100; year += btoi(date[i++]) * 100;
} }
val = year; val = year;
GetTime(&val, date, &i); GetTime(&val, date, &i);
year = (CPU_INT16U)val; year = (CPU_INT16U)val;
val = 0; val = 0;
GetTime(&val, date, &i); GetTime(&val, date, &i);
month = (CPU_INT08U)val; month = (CPU_INT08U)val;
val = 0; val = 0;
GetTime(&val, date, &i); GetTime(&val, date, &i);
day = (CPU_INT16U)val; day = (CPU_INT16U)val;
val = 0; val = 0;
GetTime(&val, date, &i); GetTime(&val, date, &i);
hour = (CPU_INT08U)val; hour = (CPU_INT08U)val;
val = 0; val = 0;
GetTime(&val, date, &i); GetTime(&val, date, &i);
min = (CPU_INT08U)val; min = (CPU_INT08U)val;
val = 0; val = 0;
GetTime(&val, date, &i); GetTime(&val, date, &i);
sec = (CPU_INT08U)val; sec = (CPU_INT08U)val;
return NetSecure_ValidateDate(year, month, day, hour, min, sec, dateType); return NetSecure_ValidateDate(year, month, day, hour, min, sec, dateType);
} }
#endif /* MICRIUM */ #endif /* MICRIUM */
@@ -458,7 +458,7 @@ WOLFSSL_LOCAL int GetLength(const byte* input, word32* inOutIdx, int* len,
} }
b = input[i++]; b = input[i++];
if (b >= ASN_LONG_LENGTH) { if (b >= ASN_LONG_LENGTH) {
word32 bytes = b & 0x7F; word32 bytes = b & 0x7F;
if ( (i+bytes) > maxIdx) { /* for reading bytes */ if ( (i+bytes) > maxIdx) { /* for reading bytes */
@@ -473,7 +473,7 @@ WOLFSSL_LOCAL int GetLength(const byte* input, word32* inOutIdx, int* len,
} }
else else
length = b; length = b;
if ( (i+length) > maxIdx) { /* for user of length */ if ( (i+length) > maxIdx) { /* for user of length */
WOLFSSL_MSG("GetLength value exceeds buffer length"); WOLFSSL_MSG("GetLength value exceeds buffer length");
return BUFFER_E; return BUFFER_E;
@@ -625,20 +625,20 @@ static int GetObjectId(const byte* input, word32* inOutIdx, word32* oid,
word32 i = *inOutIdx; word32 i = *inOutIdx;
byte b; byte b;
*oid = 0; *oid = 0;
b = input[i++]; b = input[i++];
if (b != ASN_OBJECT_ID) if (b != ASN_OBJECT_ID)
return ASN_OBJECT_ID_E; return ASN_OBJECT_ID_E;
if (GetLength(input, &i, &length, maxIdx) < 0) if (GetLength(input, &i, &length, maxIdx) < 0)
return ASN_PARSE_E; return ASN_PARSE_E;
while(length--) while(length--)
*oid += input[i++]; *oid += input[i++];
/* just sum it up for now */ /* just sum it up for now */
*inOutIdx = i; *inOutIdx = i;
return 0; return 0;
} }
@@ -650,29 +650,29 @@ WOLFSSL_LOCAL int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid,
word32 i = *inOutIdx; word32 i = *inOutIdx;
byte b; byte b;
*oid = 0; *oid = 0;
WOLFSSL_ENTER("GetAlgoId"); WOLFSSL_ENTER("GetAlgoId");
if (GetSequence(input, &i, &length, maxIdx) < 0) if (GetSequence(input, &i, &length, maxIdx) < 0)
return ASN_PARSE_E; return ASN_PARSE_E;
b = input[i++]; b = input[i++];
if (b != ASN_OBJECT_ID) if (b != ASN_OBJECT_ID)
return ASN_OBJECT_ID_E; return ASN_OBJECT_ID_E;
if (GetLength(input, &i, &length, maxIdx) < 0) if (GetLength(input, &i, &length, maxIdx) < 0)
return ASN_PARSE_E; return ASN_PARSE_E;
while(length--) { while(length--) {
/* odd HC08 compiler behavior here when input[i++] */ /* odd HC08 compiler behavior here when input[i++] */
*oid += input[i]; *oid += input[i];
i++; i++;
} }
/* just sum it up for now */ /* just sum it up for now */
/* could have NULL tag and 0 terminator, but may not */ /* could have NULL tag and 0 terminator, but may not */
b = input[i++]; b = input[i++];
if (b == ASN_TAG_NULL) { if (b == ASN_TAG_NULL) {
b = input[i++]; b = input[i++];
if (b != 0) if (b != 0)
@@ -681,9 +681,9 @@ WOLFSSL_LOCAL int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid,
else else
/* go back, didn't have it */ /* go back, didn't have it */
i--; i--;
*inOutIdx = i; *inOutIdx = i;
return 0; return 0;
} }
@@ -951,7 +951,7 @@ static int DecryptKey(const char* password, int passwordSz, byte* salt,
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif #endif
return UNICODE_SIZE_E; return UNICODE_SIZE_E;
} }
for (i = 0; i < passwordSz; i++) { for (i = 0; i < passwordSz; i++) {
@@ -1043,7 +1043,7 @@ static int DecryptKey(const char* password, int passwordSz, byte* salt,
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif #endif
return ALGO_ID_E; return ALGO_ID_E;
} }
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
@@ -1068,13 +1068,13 @@ int ToTraditionalEnc(byte* input, word32 sz,const char* password,int passwordSz)
byte salt[MAX_SALT_SIZE]; byte salt[MAX_SALT_SIZE];
byte cbcIv[MAX_IV_SIZE]; byte cbcIv[MAX_IV_SIZE];
#endif #endif
if (GetSequence(input, &inOutIdx, &length, sz) < 0) if (GetSequence(input, &inOutIdx, &length, sz) < 0)
return ASN_PARSE_E; return ASN_PARSE_E;
if (GetAlgoId(input, &inOutIdx, &oid, sz) < 0) if (GetAlgoId(input, &inOutIdx, &oid, sz) < 0)
return ASN_PARSE_E; return ASN_PARSE_E;
first = input[inOutIdx - 2]; /* PKCS version alwyas 2nd to last byte */ first = input[inOutIdx - 2]; /* PKCS version alwyas 2nd to last byte */
second = input[inOutIdx - 1]; /* version.algo, algo id last byte */ second = input[inOutIdx - 1]; /* version.algo, algo id last byte */
@@ -1098,13 +1098,13 @@ int ToTraditionalEnc(byte* input, word32 sz,const char* password,int passwordSz)
if (input[inOutIdx++] != ASN_OCTET_STRING) if (input[inOutIdx++] != ASN_OCTET_STRING)
return ASN_PARSE_E; return ASN_PARSE_E;
if (GetLength(input, &inOutIdx, &saltSz, sz) < 0) if (GetLength(input, &inOutIdx, &saltSz, sz) < 0)
return ASN_PARSE_E; return ASN_PARSE_E;
if (saltSz > MAX_SALT_SIZE) if (saltSz > MAX_SALT_SIZE)
return ASN_PARSE_E; return ASN_PARSE_E;
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
salt = (byte*)XMALLOC(MAX_SALT_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); salt = (byte*)XMALLOC(MAX_SALT_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (salt == NULL) if (salt == NULL)
@@ -1154,7 +1154,7 @@ int ToTraditionalEnc(byte* input, word32 sz,const char* password,int passwordSz)
#endif #endif
return ASN_PARSE_E; return ASN_PARSE_E;
} }
if (GetLength(input, &inOutIdx, &length, sz) < 0) { if (GetLength(input, &inOutIdx, &length, sz) < 0) {
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(salt, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(salt, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -1222,41 +1222,41 @@ int wc_RsaPublicKeyDecode(const byte* input, word32* inOutIdx, RsaKey* key,
/* not from decoded cert, will have algo id, skip past */ /* not from decoded cert, will have algo id, skip past */
if (GetSequence(input, inOutIdx, &length, inSz) < 0) if (GetSequence(input, inOutIdx, &length, inSz) < 0)
return ASN_PARSE_E; return ASN_PARSE_E;
b = input[(*inOutIdx)++]; b = input[(*inOutIdx)++];
if (b != ASN_OBJECT_ID) if (b != ASN_OBJECT_ID)
return ASN_OBJECT_ID_E; return ASN_OBJECT_ID_E;
if (GetLength(input, inOutIdx, &length, inSz) < 0) if (GetLength(input, inOutIdx, &length, inSz) < 0)
return ASN_PARSE_E; return ASN_PARSE_E;
*inOutIdx += length; /* skip past */ *inOutIdx += length; /* skip past */
/* could have NULL tag and 0 terminator, but may not */ /* could have NULL tag and 0 terminator, but may not */
b = input[(*inOutIdx)++]; b = input[(*inOutIdx)++];
if (b == ASN_TAG_NULL) { if (b == ASN_TAG_NULL) {
b = input[(*inOutIdx)++]; b = input[(*inOutIdx)++];
if (b != 0) if (b != 0)
return ASN_EXPECT_0_E; return ASN_EXPECT_0_E;
} }
else else
/* go back, didn't have it */ /* go back, didn't have it */
(*inOutIdx)--; (*inOutIdx)--;
/* should have bit tag length and seq next */ /* should have bit tag length and seq next */
b = input[(*inOutIdx)++]; b = input[(*inOutIdx)++];
if (b != ASN_BIT_STRING) if (b != ASN_BIT_STRING)
return ASN_BITSTR_E; return ASN_BITSTR_E;
if (GetLength(input, inOutIdx, &length, inSz) < 0) if (GetLength(input, inOutIdx, &length, inSz) < 0)
return ASN_PARSE_E; return ASN_PARSE_E;
/* could have 0 */ /* could have 0 */
b = input[(*inOutIdx)++]; b = input[(*inOutIdx)++];
if (b != 0) if (b != 0)
(*inOutIdx)--; (*inOutIdx)--;
if (GetSequence(input, inOutIdx, &length, inSz) < 0) if (GetSequence(input, inOutIdx, &length, inSz) < 0)
return ASN_PARSE_E; return ASN_PARSE_E;
} /* end if */ } /* end if */
@@ -1444,7 +1444,6 @@ int wc_DsaKeyToDer(DsaKey* key, byte* output, word32 inLen)
word32 seqSz, verSz, rawLen, intTotalLen = 0; word32 seqSz, verSz, rawLen, intTotalLen = 0;
word32 sizes[DSA_INTS]; word32 sizes[DSA_INTS];
int i, j, outLen, ret = 0, lbit; int i, j, outLen, ret = 0, lbit;
int err;
byte seq[MAX_SEQ_SZ]; byte seq[MAX_SEQ_SZ];
byte ver[MAX_VERSION_SZ]; byte ver[MAX_VERSION_SZ];
@@ -1769,7 +1768,7 @@ static int StoreRsaKey(DecodedCert* cert)
if (GetSequence(cert->source, &cert->srcIdx, &length, cert->maxIdx) < 0) if (GetSequence(cert->source, &cert->srcIdx, &length, cert->maxIdx) < 0)
return ASN_PARSE_E; return ASN_PARSE_E;
recvd = cert->srcIdx - recvd; recvd = cert->srcIdx - recvd;
length += recvd; length += recvd;
@@ -1832,7 +1831,7 @@ static int GetKey(DecodedCert* cert)
if (GetSequence(cert->source, &cert->srcIdx, &length, cert->maxIdx) < 0) if (GetSequence(cert->source, &cert->srcIdx, &length, cert->maxIdx) < 0)
return ASN_PARSE_E; return ASN_PARSE_E;
if (GetAlgoId(cert->source, &cert->srcIdx, &cert->keyOID, cert->maxIdx) < 0) if (GetAlgoId(cert->source, &cert->srcIdx, &cert->keyOID, cert->maxIdx) < 0)
return ASN_PARSE_E; return ASN_PARSE_E;
@@ -1849,7 +1848,7 @@ static int GetKey(DecodedCert* cert)
b = cert->source[cert->srcIdx++]; b = cert->source[cert->srcIdx++];
if (b != 0x00) if (b != 0x00)
return ASN_EXPECT_0_E; return ASN_EXPECT_0_E;
return StoreRsaKey(cert); return StoreRsaKey(cert);
} }
@@ -1923,8 +1922,8 @@ static int GetKey(DecodedCert* cert)
{ {
int oidSz = 0; int oidSz = 0;
byte b = cert->source[cert->srcIdx++]; byte b = cert->source[cert->srcIdx++];
if (b != ASN_OBJECT_ID) if (b != ASN_OBJECT_ID)
return ASN_OBJECT_ID_E; return ASN_OBJECT_ID_E;
if (GetLength(cert->source,&cert->srcIdx,&oidSz,cert->maxIdx) < 0) if (GetLength(cert->source,&cert->srcIdx,&oidSz,cert->maxIdx) < 0)
@@ -2050,7 +2049,7 @@ static int GetName(DecodedCert* cert, int nameType)
return ASN_PARSE_E; return ASN_PARSE_E;
b = cert->source[cert->srcIdx++]; b = cert->source[cert->srcIdx++];
if (b != ASN_OBJECT_ID) if (b != ASN_OBJECT_ID)
return ASN_OBJECT_ID_E; return ASN_OBJECT_ID_E;
if (GetLength(cert->source, &cert->srcIdx, &oidSz, cert->maxIdx) < 0) if (GetLength(cert->source, &cert->srcIdx, &oidSz, cert->maxIdx) < 0)
@@ -2065,7 +2064,7 @@ static int GetName(DecodedCert* cert, int nameType)
int strLen; int strLen;
cert->srcIdx += 2; cert->srcIdx += 2;
id = cert->source[cert->srcIdx++]; id = cert->source[cert->srcIdx++];
b = cert->source[cert->srcIdx++]; /* encoding */ b = cert->source[cert->srcIdx++]; /* encoding */
if (GetLength(cert->source, &cert->srcIdx, &strLen, if (GetLength(cert->source, &cert->srcIdx, &strLen,
@@ -2456,7 +2455,7 @@ static int DateGreaterThan(const struct tm* a, const struct tm* b)
if (a->tm_year == b->tm_year && a->tm_mon > b->tm_mon) if (a->tm_year == b->tm_year && a->tm_mon > b->tm_mon)
return 1; return 1;
if (a->tm_year == b->tm_year && a->tm_mon == b->tm_mon && if (a->tm_year == b->tm_year && a->tm_mon == b->tm_mon &&
a->tm_mday > b->tm_mday) a->tm_mday > b->tm_mday)
return 1; return 1;
@@ -2597,10 +2596,10 @@ static int GetValidity(DecodedCert* cert, int verify)
if (GetDate(cert, BEFORE) < 0 && verify) if (GetDate(cert, BEFORE) < 0 && verify)
badDate = ASN_BEFORE_DATE_E; /* continue parsing */ badDate = ASN_BEFORE_DATE_E; /* continue parsing */
if (GetDate(cert, AFTER) < 0 && verify) if (GetDate(cert, AFTER) < 0 && verify)
return ASN_AFTER_DATE_E; return ASN_AFTER_DATE_E;
if (badDate != 0) if (badDate != 0)
return badDate; return badDate;
@@ -2679,7 +2678,7 @@ static word32 SetDigest(const byte* digest, word32 digSz, byte* output)
XMEMCPY(&output[2], digest, digSz); XMEMCPY(&output[2], digest, digSz);
return digSz + 2; return digSz + 2;
} }
static word32 BytePrecision(word32 value) static word32 BytePrecision(word32 value)
@@ -2701,7 +2700,7 @@ WOLFSSL_LOCAL word32 SetLength(word32 length, byte* output)
output[i++] = (byte)length; output[i++] = (byte)length;
else { else {
output[i++] = (byte)(BytePrecision(length) | ASN_LONG_LENGTH); output[i++] = (byte)(BytePrecision(length) | ASN_LONG_LENGTH);
for (j = BytePrecision(length); j; --j) { for (j = BytePrecision(length); j; --j) {
output[i] = (byte)(length >> ((j - 1) * WOLFSSL_BIT_SIZE)); output[i] = (byte)(length >> ((j - 1) * WOLFSSL_BIT_SIZE));
i++; i++;
@@ -2846,7 +2845,7 @@ static int SetCurve(ecc_key* key, byte* output)
WOLFSSL_LOCAL word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz) WOLFSSL_LOCAL word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz)
{ {
/* adding TAG_NULL and 0 to end */ /* adding TAG_NULL and 0 to end */
/* hashTypes */ /* hashTypes */
static const byte shaAlgoID[] = { 0x2b, 0x0e, 0x03, 0x02, 0x1a, static const byte shaAlgoID[] = { 0x2b, 0x0e, 0x03, 0x02, 0x1a,
0x05, 0x00 }; 0x05, 0x00 };
@@ -2879,9 +2878,9 @@ WOLFSSL_LOCAL word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz)
static const byte sha512wRSA_AlgoID[] = {0x2a, 0x86, 0x48, 0x86, 0xf7, static const byte sha512wRSA_AlgoID[] = {0x2a, 0x86, 0x48, 0x86, 0xf7,
0x0d, 0x01, 0x01, 0x0d, 0x05, 0x00}; 0x0d, 0x01, 0x01, 0x0d, 0x05, 0x00};
#endif /* NO_RSA */ #endif /* NO_RSA */
/* ECDSA sigTypes */ /* ECDSA sigTypes */
#ifdef HAVE_ECC #ifdef HAVE_ECC
static const byte shawECDSA_AlgoID[] = { 0x2a, 0x86, 0x48, 0xCE, 0x3d, static const byte shawECDSA_AlgoID[] = { 0x2a, 0x86, 0x48, 0xCE, 0x3d,
0x04, 0x01, 0x05, 0x00}; 0x04, 0x01, 0x05, 0x00};
static const byte sha256wECDSA_AlgoID[] = { 0x2a, 0x86, 0x48, 0xCE,0x3d, static const byte sha256wECDSA_AlgoID[] = { 0x2a, 0x86, 0x48, 0xCE,0x3d,
@@ -2891,14 +2890,14 @@ WOLFSSL_LOCAL word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz)
static const byte sha512wECDSA_AlgoID[] = { 0x2a, 0x86, 0x48, 0xCE,0x3d, static const byte sha512wECDSA_AlgoID[] = { 0x2a, 0x86, 0x48, 0xCE,0x3d,
0x04, 0x03, 0x04, 0x05, 0x00}; 0x04, 0x03, 0x04, 0x05, 0x00};
#endif /* HAVE_ECC */ #endif /* HAVE_ECC */
/* RSA keyType */ /* RSA keyType */
#ifndef NO_RSA #ifndef NO_RSA
static const byte RSA_AlgoID[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, static const byte RSA_AlgoID[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
0x01, 0x01, 0x01, 0x05, 0x00}; 0x01, 0x01, 0x01, 0x05, 0x00};
#endif /* NO_RSA */ #endif /* NO_RSA */
#ifdef HAVE_ECC #ifdef HAVE_ECC
/* ECC keyType */ /* ECC keyType */
/* no tags, so set tagSz smaller later */ /* no tags, so set tagSz smaller later */
static const byte ECC_AlgoID[] = { 0x2a, 0x86, 0x48, 0xCE, 0x3d, static const byte ECC_AlgoID[] = { 0x2a, 0x86, 0x48, 0xCE, 0x3d,
@@ -2994,7 +2993,7 @@ WOLFSSL_LOCAL word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz)
algoName = sha512wRSA_AlgoID; algoName = sha512wRSA_AlgoID;
break; break;
#endif /* NO_RSA */ #endif /* NO_RSA */
#ifdef HAVE_ECC #ifdef HAVE_ECC
case CTC_SHAwECDSA: case CTC_SHAwECDSA:
algoSz = sizeof(shawECDSA_AlgoID); algoSz = sizeof(shawECDSA_AlgoID);
algoName = shawECDSA_AlgoID; algoName = shawECDSA_AlgoID;
@@ -3028,7 +3027,7 @@ WOLFSSL_LOCAL word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz)
algoName = RSA_AlgoID; algoName = RSA_AlgoID;
break; break;
#endif /* NO_RSA */ #endif /* NO_RSA */
#ifdef HAVE_ECC #ifdef HAVE_ECC
case ECDSAk: case ECDSAk:
algoSz = sizeof(ECC_AlgoID); algoSz = sizeof(ECC_AlgoID);
algoName = ECC_AlgoID; algoName = ECC_AlgoID;
@@ -3046,7 +3045,7 @@ WOLFSSL_LOCAL word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz)
} }
idSz = SetLength(algoSz - tagSz, ID_Length); /* don't include tags */ idSz = SetLength(algoSz - tagSz, ID_Length); /* don't include tags */
seqSz = SetSequence(idSz + algoSz + 1 + curveSz, seqArray); seqSz = SetSequence(idSz + algoSz + 1 + curveSz, seqArray);
/* +1 for object id, curveID of curveSz follows for ecc */ /* +1 for object id, curveID of curveSz follows for ecc */
seqArray[seqSz++] = ASN_OBJECT_ID; seqArray[seqSz++] = ASN_OBJECT_ID;
@@ -3158,16 +3157,16 @@ static int ConfirmSignature(const byte* buf, word32 bufSz,
case CTC_SHAwRSA: case CTC_SHAwRSA:
case CTC_SHAwDSA: case CTC_SHAwDSA:
case CTC_SHAwECDSA: case CTC_SHAwECDSA:
if (wc_ShaHash(buf, bufSz, digest) == 0) { if (wc_ShaHash(buf, bufSz, digest) == 0) {
typeH = SHAh; typeH = SHAh;
digestSz = SHA_DIGEST_SIZE; digestSz = SHA_DIGEST_SIZE;
} }
break; break;
#endif #endif
#ifndef NO_SHA256 #ifndef NO_SHA256
case CTC_SHA256wRSA: case CTC_SHA256wRSA:
case CTC_SHA256wECDSA: case CTC_SHA256wECDSA:
if (wc_Sha256Hash(buf, bufSz, digest) == 0) { if (wc_Sha256Hash(buf, bufSz, digest) == 0) {
typeH = SHA256h; typeH = SHA256h;
digestSz = SHA256_DIGEST_SIZE; digestSz = SHA256_DIGEST_SIZE;
} }
@@ -3176,7 +3175,7 @@ static int ConfirmSignature(const byte* buf, word32 bufSz,
#ifdef WOLFSSL_SHA512 #ifdef WOLFSSL_SHA512
case CTC_SHA512wRSA: case CTC_SHA512wRSA:
case CTC_SHA512wECDSA: case CTC_SHA512wECDSA:
if (wc_Sha512Hash(buf, bufSz, digest) == 0) { if (wc_Sha512Hash(buf, bufSz, digest) == 0) {
typeH = SHA512h; typeH = SHA512h;
digestSz = SHA512_DIGEST_SIZE; digestSz = SHA512_DIGEST_SIZE;
} }
@@ -3185,16 +3184,16 @@ static int ConfirmSignature(const byte* buf, word32 bufSz,
#ifdef WOLFSSL_SHA384 #ifdef WOLFSSL_SHA384
case CTC_SHA384wRSA: case CTC_SHA384wRSA:
case CTC_SHA384wECDSA: case CTC_SHA384wECDSA:
if (wc_Sha384Hash(buf, bufSz, digest) == 0) { if (wc_Sha384Hash(buf, bufSz, digest) == 0) {
typeH = SHA384h; typeH = SHA384h;
digestSz = SHA384_DIGEST_SIZE; digestSz = SHA384_DIGEST_SIZE;
} }
break; break;
#endif #endif
default: default:
WOLFSSL_MSG("Verify Signautre has unsupported type"); WOLFSSL_MSG("Verify Signautre has unsupported type");
} }
if (typeH == 0) { if (typeH == 0) {
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(digest, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(digest, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -3226,17 +3225,17 @@ static int ConfirmSignature(const byte* buf, word32 bufSz,
DYNAMIC_TYPE_TMP_BUFFER); DYNAMIC_TYPE_TMP_BUFFER);
encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, NULL, encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, NULL,
DYNAMIC_TYPE_TMP_BUFFER); DYNAMIC_TYPE_TMP_BUFFER);
if (pubKey == NULL || plain == NULL || encodedSig == NULL) { if (pubKey == NULL || plain == NULL || encodedSig == NULL) {
WOLFSSL_MSG("Failed to allocate memory at ConfirmSignature"); WOLFSSL_MSG("Failed to allocate memory at ConfirmSignature");
if (pubKey) if (pubKey)
XFREE(pubKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(pubKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (plain) if (plain)
XFREE(plain, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(plain, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (encodedSig) if (encodedSig)
XFREE(encodedSig, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(encodedSig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
break; /* not confirmed */ break; /* not confirmed */
} }
#endif #endif
@@ -3334,7 +3333,7 @@ static int ConfirmSignature(const byte* buf, word32 bufSz,
if (wc_ecc_import_x963(key, keySz, pubKey) < 0) { if (wc_ecc_import_x963(key, keySz, pubKey) < 0) {
WOLFSSL_MSG("ASN Key import error ECC"); WOLFSSL_MSG("ASN Key import error ECC");
} }
else { else {
if (wc_ecc_verify_hash(sig, sigSz, digest, digestSz, &verify, if (wc_ecc_verify_hash(sig, sigSz, digest, digestSz, &verify,
pubKey) != 0) { pubKey) != 0) {
WOLFSSL_MSG("ECC verify hash error"); WOLFSSL_MSG("ECC verify hash error");
@@ -3356,7 +3355,7 @@ static int ConfirmSignature(const byte* buf, word32 bufSz,
default: default:
WOLFSSL_MSG("Verify Key type unknown"); WOLFSSL_MSG("Verify Key type unknown");
} }
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(digest, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(digest, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif #endif
@@ -3420,7 +3419,7 @@ static int MatchBaseName(int type, const char* name, int nameSz,
} }
while (nameSz > 0) { while (nameSz > 0) {
if (XTOLOWER((unsigned char)*name++) != if (XTOLOWER((unsigned char)*name++) !=
XTOLOWER((unsigned char)*base++)) XTOLOWER((unsigned char)*base++))
return 0; return 0;
nameSz--; nameSz--;
@@ -3811,7 +3810,7 @@ static int DecodeCrlDist(byte* input, int sz, DecodedCert* cert)
if (GetLength(input, &idx, &length, sz) < 0) if (GetLength(input, &idx, &length, sz) < 0)
return ASN_PARSE_E; return ASN_PARSE_E;
if (input[idx] == if (input[idx] ==
(ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | CRLDP_FULL_NAME)) (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | CRLDP_FULL_NAME))
{ {
idx++; idx++;
@@ -4236,7 +4235,7 @@ static int DecodeCertExtensions(DecodedCert* cert)
if (GetSequence(input, &idx, &length, sz) < 0) if (GetSequence(input, &idx, &length, sz) < 0)
return ASN_PARSE_E; return ASN_PARSE_E;
while (idx < (word32)sz) { while (idx < (word32)sz) {
if (GetSequence(input, &idx, &length, sz) < 0) { if (GetSequence(input, &idx, &length, sz) < 0) {
WOLFSSL_MSG("\tfail: should be a SEQUENCE"); WOLFSSL_MSG("\tfail: should be a SEQUENCE");
@@ -4425,7 +4424,7 @@ int ParseCert(DecodedCert* cert, int type, int verify, void* cm)
WOLFSSL_LOCAL Signer* GetCAByName(void* signers, byte* hash); WOLFSSL_LOCAL Signer* GetCAByName(void* signers, byte* hash);
#endif #endif
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
@@ -4504,7 +4503,7 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
ca = GetCA(cm, cert->issuerHash); ca = GetCA(cm, cert->issuerHash);
#endif /* NO SKID */ #endif /* NO SKID */
WOLFSSL_MSG("About to verify certificate signature"); WOLFSSL_MSG("About to verify certificate signature");
if (ca) { if (ca) {
#ifdef HAVE_OCSP #ifdef HAVE_OCSP
/* Need the ca's public key hash for OCSP */ /* Need the ca's public key hash for OCSP */
@@ -4863,7 +4862,7 @@ static INLINE void FreeTmpRsas(byte** tmps, void* heap)
(void)heap; (void)heap;
for (i = 0; i < RSA_INTS; i++) for (i = 0; i < RSA_INTS; i++)
XFREE(tmps[i], heap, DYNAMIC_TYPE_RSA); XFREE(tmps[i], heap, DYNAMIC_TYPE_RSA);
} }
@@ -5099,7 +5098,7 @@ static int SetSerial(const byte* serial, byte* output)
} }
#ifdef HAVE_ECC #ifdef HAVE_ECC
/* Write a public ECC key to output */ /* Write a public ECC key to output */
@@ -5367,7 +5366,7 @@ static void SetTime(struct tm* date, byte* output)
output[i++] = itob(date->tm_sec / 10); output[i++] = itob(date->tm_sec / 10);
output[i++] = itob(date->tm_sec % 10); output[i++] = itob(date->tm_sec % 10);
output[i] = 'Z'; /* Zulu profile */ output[i] = 'Z'; /* Zulu profile */
} }
@@ -5614,7 +5613,7 @@ static int SetCa(byte* output)
{ {
static const byte ca[] = { 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, static const byte ca[] = { 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04,
0x05, 0x30, 0x03, 0x01, 0x01, 0xff }; 0x05, 0x30, 0x03, 0x01, 0x01, 0xff };
XMEMCPY(output, ca, sizeof(ca)); XMEMCPY(output, ca, sizeof(ca));
return (int)sizeof(ca); return (int)sizeof(ca);
@@ -5667,7 +5666,7 @@ static int SetName(byte* output, CertName* name)
else { else {
thisLen++; /* str type */ thisLen++; /* str type */
thisLen++; /* id type */ thisLen++; /* id type */
thisLen += JOINT_LEN; thisLen += JOINT_LEN;
firstSz = SetLength(JOINT_LEN + 1, firstLen); firstSz = SetLength(JOINT_LEN + 1, firstLen);
} }
thisLen += firstSz; thisLen += firstSz;
@@ -5711,7 +5710,7 @@ static int SetName(byte* output, CertName* name)
names[i].encoded[idx++] = 0x55; names[i].encoded[idx++] = 0x55;
names[i].encoded[idx++] = 0x04; names[i].encoded[idx++] = 0x04;
/* id type */ /* id type */
names[i].encoded[idx++] = bType; names[i].encoded[idx++] = bType;
/* str type */ /* str type */
names[i].encoded[idx++] = GetNameType(name, i); names[i].encoded[idx++] = GetNameType(name, i);
} }
@@ -5967,7 +5966,7 @@ static int MakeSignature(const byte* buffer, int sz, byte* sig, int sigSz,
case CTC_SHAwECDSA: case CTC_SHAwECDSA:
if ((ret = wc_ShaHash(buffer, sz, digest)) == 0) { if ((ret = wc_ShaHash(buffer, sz, digest)) == 0) {
typeH = SHAh; typeH = SHAh;
digestSz = SHA_DIGEST_SIZE; digestSz = SHA_DIGEST_SIZE;
} }
break; break;
#endif #endif
@@ -5984,19 +5983,19 @@ static int MakeSignature(const byte* buffer, int sz, byte* sig, int sigSz,
WOLFSSL_MSG("MakeSignautre called with unsupported type"); WOLFSSL_MSG("MakeSignautre called with unsupported type");
ret = ALGO_ID_E; ret = ALGO_ID_E;
} }
if (ret != 0) if (ret != 0)
return ret; return ret;
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
encSig = (byte*)XMALLOC(MAX_ENCODED_DIG_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ, encSig = (byte*)XMALLOC(MAX_ENCODED_DIG_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ,
NULL, DYNAMIC_TYPE_TMP_BUFFER); NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (encSig == NULL) if (encSig == NULL)
return MEMORY_E; return MEMORY_E;
#endif #endif
ret = ALGO_ID_E; ret = ALGO_ID_E;
#ifndef NO_RSA #ifndef NO_RSA
if (rsaKey) { if (rsaKey) {
/* signature */ /* signature */
@@ -6004,7 +6003,7 @@ static int MakeSignature(const byte* buffer, int sz, byte* sig, int sigSz,
ret = wc_RsaSSL_Sign(encSig, encSigSz, sig, sigSz, rsaKey, rng); ret = wc_RsaSSL_Sign(encSig, encSigSz, sig, sigSz, rsaKey, rng);
} }
#endif #endif
#ifdef HAVE_ECC #ifdef HAVE_ECC
if (!rsaKey && eccKey) { if (!rsaKey && eccKey) {
word32 outSz = sigSz; word32 outSz = sigSz;
@@ -6342,7 +6341,7 @@ int wc_SignCert(int requestSz, int sType, byte* buffer, word32 buffSz,
else else
sigSz = AddSignature(buffer, requestSz, sig, sigSz, sType); sigSz = AddSignature(buffer, requestSz, sig, sigSz, sType);
} }
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif #endif
@@ -6364,7 +6363,7 @@ int wc_MakeSelfCert(Cert* cert, byte* buffer, word32 buffSz,
} }
#ifdef WOLFSSL_ALT_NAMES #ifdef WOLFSSL_ALT_NAMES
/* Set Alt Names from der cert, return 0 on success */ /* Set Alt Names from der cert, return 0 on success */
static int SetAltNamesFromCert(Cert* cert, const byte* der, int derSz) static int SetAltNamesFromCert(Cert* cert, const byte* der, int derSz)
@@ -6385,7 +6384,7 @@ static int SetAltNamesFromCert(Cert* cert, const byte* der, int derSz)
if (decoded == NULL) if (decoded == NULL)
return MEMORY_E; return MEMORY_E;
#endif #endif
InitDecodedCert(decoded, (byte*)der, derSz, 0); InitDecodedCert(decoded, (byte*)der, derSz, 0);
ret = ParseCertRelative(decoded, CA_TYPE, NO_VERIFY, 0); ret = ParseCertRelative(decoded, CA_TYPE, NO_VERIFY, 0);
@@ -6399,7 +6398,7 @@ static int SetAltNamesFromCert(Cert* cert, const byte* der, int derSz)
decoded->srcIdx = decoded->extensionsIdx; decoded->srcIdx = decoded->extensionsIdx;
b = decoded->source[decoded->srcIdx++]; b = decoded->source[decoded->srcIdx++];
if (b != ASN_EXTENSIONS) { if (b != ASN_EXTENSIONS) {
ret = ASN_PARSE_E; ret = ASN_PARSE_E;
} }
@@ -6474,7 +6473,7 @@ static int SetDatesFromCert(Cert* cert, const byte* der, int derSz)
WOLFSSL_ENTER("SetDatesFromCert"); WOLFSSL_ENTER("SetDatesFromCert");
if (derSz < 0) if (derSz < 0)
return derSz; return derSz;
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
decoded = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, decoded = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
DYNAMIC_TYPE_TMP_BUFFER); DYNAMIC_TYPE_TMP_BUFFER);
@@ -6492,7 +6491,7 @@ static int SetDatesFromCert(Cert* cert, const byte* der, int derSz)
WOLFSSL_MSG("Couldn't extract dates"); WOLFSSL_MSG("Couldn't extract dates");
ret = -1; ret = -1;
} }
else if (decoded->beforeDateLen > MAX_DATE_SIZE || else if (decoded->beforeDateLen > MAX_DATE_SIZE ||
decoded->afterDateLen > MAX_DATE_SIZE) { decoded->afterDateLen > MAX_DATE_SIZE) {
WOLFSSL_MSG("Bad date size"); WOLFSSL_MSG("Bad date size");
ret = -1; ret = -1;
@@ -6811,7 +6810,7 @@ int wc_EccPrivateKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key,
*inOutIdx += 1; *inOutIdx += 1;
/* priv type */ /* priv type */
if (b != 4 && b != 6 && b != 7) if (b != 4 && b != 6 && b != 7)
return ASN_PARSE_E; return ASN_PARSE_E;
if (GetLength(input, inOutIdx, &length, inSz) < 0) if (GetLength(input, inOutIdx, &length, inSz) < 0)
@@ -6824,7 +6823,7 @@ int wc_EccPrivateKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key,
priv = (byte*)XMALLOC(ECC_MAXSIZE+1, NULL, DYNAMIC_TYPE_TMP_BUFFER); priv = (byte*)XMALLOC(ECC_MAXSIZE+1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (priv == NULL) if (priv == NULL)
return MEMORY_E; return MEMORY_E;
pub = (byte*)XMALLOC(2*(ECC_MAXSIZE+1), NULL, DYNAMIC_TYPE_TMP_BUFFER); pub = (byte*)XMALLOC(2*(ECC_MAXSIZE+1), NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (pub == NULL) { if (pub == NULL) {
XFREE(priv, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(priv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -6881,7 +6880,7 @@ int wc_EccPrivateKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key,
/* key header */ /* key header */
b = input[*inOutIdx]; b = input[*inOutIdx];
*inOutIdx += 1; *inOutIdx += 1;
if (b != ASN_BIT_STRING) { if (b != ASN_BIT_STRING) {
ret = ASN_BITSTR_E; ret = ASN_BITSTR_E;
} }
@@ -7137,7 +7136,7 @@ static int DecodeSingleResponse(byte* source,
resp->issuerKeyHash = source + idx; resp->issuerKeyHash = source + idx;
idx += length; idx += length;
/* Read the serial number, it is handled as a string, not as a /* Read the serial number, it is handled as a string, not as a
* proper number. Just XMEMCPY the data over, rather than load it * proper number. Just XMEMCPY the data over, rather than load it
* as an mp_int. */ * as an mp_int. */
if (source[idx++] != ASN_INTEGER) if (source[idx++] != ASN_INTEGER)
@@ -7186,10 +7185,10 @@ static int DecodeSingleResponse(byte* source,
return ASN_PARSE_E; return ASN_PARSE_E;
if (!XVALIDATE_DATE(cs->thisDate, cs->thisDateFormat, BEFORE)) if (!XVALIDATE_DATE(cs->thisDate, cs->thisDateFormat, BEFORE))
return ASN_BEFORE_DATE_E; return ASN_BEFORE_DATE_E;
/* The following items are optional. Only check for them if there is more /* The following items are optional. Only check for them if there is more
* unprocessed data in the singleResponse wrapper. */ * unprocessed data in the singleResponse wrapper. */
if (((int)(idx - prevIndex) < wrapperSz) && if (((int)(idx - prevIndex) < wrapperSz) &&
(source[idx] == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 0))) (source[idx] == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 0)))
{ {
@@ -7230,7 +7229,7 @@ static int DecodeOcspRespExtensions(byte* source,
if (GetLength(source, &idx, &length, sz) < 0) return ASN_PARSE_E; if (GetLength(source, &idx, &length, sz) < 0) return ASN_PARSE_E;
if (GetSequence(source, &idx, &length, sz) < 0) return ASN_PARSE_E; if (GetSequence(source, &idx, &length, sz) < 0) return ASN_PARSE_E;
ext_bound = idx + length; ext_bound = idx + length;
while (idx < (word32)ext_bound) { while (idx < (word32)ext_bound) {
@@ -7296,7 +7295,7 @@ static int DecodeResponseData(byte* source,
* onto the next item. * onto the next item.
*/ */
if (source[idx] == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED)) if (source[idx] == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED))
{ {
idx += 2; /* Eat the value and length */ idx += 2; /* Eat the value and length */
if (GetMyVersion(source, &idx, &version) < 0) if (GetMyVersion(source, &idx, &version) < 0)
return ASN_PARSE_E; return ASN_PARSE_E;
@@ -7313,7 +7312,7 @@ static int DecodeResponseData(byte* source,
} }
else else
return ASN_PARSE_E; return ASN_PARSE_E;
/* save pointer to the producedAt time */ /* save pointer to the producedAt time */
if (GetBasicDate(source, &idx, resp->producedDate, if (GetBasicDate(source, &idx, resp->producedDate,
&resp->producedDateFormat, size) < 0) &resp->producedDateFormat, size) < 0)
@@ -7374,7 +7373,7 @@ static int DecodeBasicOcspResponse(byte* source,
if (DecodeResponseData(source, &idx, resp, size) < 0) if (DecodeResponseData(source, &idx, resp, size) < 0)
return ASN_PARSE_E; return ASN_PARSE_E;
/* Get the signature algorithm */ /* Get the signature algorithm */
if (GetAlgoId(source, &idx, &resp->sigOID, size) < 0) if (GetAlgoId(source, &idx, &resp->sigOID, size) < 0)
return ASN_PARSE_E; return ASN_PARSE_E;
@@ -7459,7 +7458,7 @@ int OcspResponseDecode(OcspResponse* resp)
/* peel the outer SEQUENCE wrapper */ /* peel the outer SEQUENCE wrapper */
if (GetSequence(source, &idx, &length, size) < 0) if (GetSequence(source, &idx, &length, size) < 0)
return ASN_PARSE_E; return ASN_PARSE_E;
/* First get the responseStatus, an ENUMERATED */ /* First get the responseStatus, an ENUMERATED */
if (GetEnumerated(source, &idx, &resp->responseStatus) < 0) if (GetEnumerated(source, &idx, &resp->responseStatus) < 0)
return ASN_PARSE_E; return ASN_PARSE_E;
@@ -7492,7 +7491,7 @@ int OcspResponseDecode(OcspResponse* resp)
if (DecodeBasicOcspResponse(source, &idx, resp, size) < 0) if (DecodeBasicOcspResponse(source, &idx, resp, size) < 0)
return ASN_PARSE_E; return ASN_PARSE_E;
return 0; return 0;
} }
@@ -7508,7 +7507,7 @@ static word32 SetOcspReqExtensions(word32 extSz, byte* output,
WOLFSSL_ENTER("SetOcspReqExtensions"); WOLFSSL_ENTER("SetOcspReqExtensions");
if (nonce == NULL || nonceSz == 0) return 0; if (nonce == NULL || nonceSz == 0) return 0;
seqArray[0][0] = ASN_OCTET_STRING; seqArray[0][0] = ASN_OCTET_STRING;
seqSz[0] = 1 + SetLength(nonceSz, &seqArray[0][1]); seqSz[0] = 1 + SetLength(nonceSz, &seqArray[0][1]);
@@ -7671,7 +7670,7 @@ int CompareOcspReqResp(OcspRequest* req, OcspResponse* resp)
WOLFSSL_MSG("\tnonceSz mismatch"); WOLFSSL_MSG("\tnonceSz mismatch");
return cmp; return cmp;
} }
cmp = XMEMCMP(req->nonce, resp->nonce, req->nonceSz); cmp = XMEMCMP(req->nonce, resp->nonce, req->nonceSz);
if (cmp != 0) if (cmp != 0)
{ {

4
wolfssl/version.h
View File

@@ -26,8 +26,8 @@
extern "C" { extern "C" {
#endif #endif
#define LIBWOLFSSL_VERSION_STRING "3.6.3" #define LIBWOLFSSL_VERSION_STRING "3.6.6"
#define LIBWOLFSSL_VERSION_HEX 0x03006003 #define LIBWOLFSSL_VERSION_HEX 0x03006006
#ifdef __cplusplus #ifdef __cplusplus
} }