Merge pull request #6021 from kareem-wolfssl/zd15544

Fix for building with ASN template and `NO_ASN_TIME`

tests/api.c

@@ -1950,7 +1950,7 @@ static int test_wolfSSL_CertManagerLoadCABuffer(void)
     AssertIntEQ(ret, ASN_UNKNOWN_OID_E);
     res = TEST_RES_CHECK(ret == ASN_UNKNOWN_OID_E);
 #elif !(WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS & WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY) && \
-    !defined(OPENSSL_COMPATIBLE_DEFAULTS)
+    !defined(OPENSSL_COMPATIBLE_DEFAULTS) && !defined(NO_ASN_TIME)
     AssertIntEQ(ret, ASN_AFTER_DATE_E);
     res = TEST_RES_CHECK(ret == ASN_AFTER_DATE_E);
 #else
@@ -3101,7 +3101,7 @@ static int test_wolfSSL_CTX_load_verify_locations_ex(void)
             WOLFSSL_LOAD_FLAG_NONE));
 
     /* test expired CA */
-#ifndef OPENSSL_COMPATIBLE_DEFAULTS
+#if !defined(OPENSSL_COMPATIBLE_DEFAULTS) && !defined(NO_ASN_TIME)
     AssertIntNE(wolfSSL_CTX_load_verify_locations_ex(ctx, ca_expired_cert, NULL,
             WOLFSSL_LOAD_FLAG_NONE), WOLFSSL_SUCCESS);
 #else
@@ -3155,7 +3155,7 @@ static int test_wolfSSL_CTX_load_verify_buffer_ex(void)
     /* test expired CA failure */
 
 
-#ifndef OPENSSL_COMPATIBLE_DEFAULTS
+#if !defined(OPENSSL_COMPATIBLE_DEFAULTS) && !defined(NO_ASN_TIME)
     AssertIntNE(wolfSSL_CTX_load_verify_buffer_ex(ctx, ca_expired_cert,
             sizeof_ca_expired_cert, WOLFSSL_FILETYPE_ASN1, 0,
             WOLFSSL_LOAD_FLAG_NONE), WOLFSSL_SUCCESS);
@@ -10502,7 +10502,8 @@ static int test_wolfSSL_X509_verify(void)
 #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
         !defined(NO_WOLFSSL_CLIENT) && !defined(NO_DH) && !defined(NO_AES) && \
          defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(SINGLE_THREADED) && \
-        defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && !defined(NO_BIO)
+        defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && !defined(NO_BIO) \
+        && !defined(NO_ASN_TIME)
 /* create certificate with version 2 */
 static void test_set_x509_badversion(WOLFSSL_CTX* ctx)
 {
@@ -10591,7 +10592,8 @@ static int test_wolfSSL_X509_TLS_version(void)
 #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
         !defined(NO_WOLFSSL_CLIENT) && !defined(NO_DH) && !defined(NO_AES) && \
          defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(SINGLE_THREADED) && \
-        defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && !defined(NO_BIO)
+        defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && !defined(NO_BIO) \
+        && !defined(NO_ASN_TIME)
     tcp_ready   ready;
     func_args   server_args;
     func_args   client_args;
@@ -37917,8 +37919,8 @@ static int test_wolfSSL_ASN1_TIME_adj(void)
 static int test_wolfSSL_ASN1_TIME_to_tm(void)
 {
     int res = TEST_SKIPPED;
-#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || \
-    defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) \
+#if (defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || \
+    defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) \
     && !defined(NO_ASN_TIME)
     ASN1_TIME asnTime;
     struct tm tm;
@@ -38118,14 +38120,16 @@ static int test_wolfSSL_X509_sign2(void)
     const unsigned char *pt;
     WOLFSSL_EVP_PKEY  *priv;
     WOLFSSL_X509_NAME *name;
-    WOLFSSL_ASN1_TIME *notBefore, *notAfter;
     int derSz;
+#ifndef NO_ASN_TIME
+    WOLFSSL_ASN1_TIME *notBefore, *notAfter;
 
     const int year = 365*24*60*60;
     const int day  = 24*60*60;
     const int hour = 60*60;
     const int mini = 60;
     time_t t;
+#endif
 
     const unsigned char expected[] = {
         0x30, 0x82, 0x05, 0x13, 0x30, 0x82, 0x03, 0xFB, 0xA0, 0x03, 0x02, 0x01,
@@ -38252,6 +38256,7 @@ static int test_wolfSSL_X509_sign2(void)
     AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
     AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
 
+#ifndef NO_ASN_TIME
     t = (time_t)30 * year + 45 * day + 20 * hour + 30 * mini + 7 * day;
     AssertNotNull(notBefore = wolfSSL_ASN1_TIME_adj(NULL, t, 0, 0));
     AssertNotNull(notAfter = wolfSSL_ASN1_TIME_adj(NULL, t, 365, 0));
@@ -38259,6 +38264,7 @@ static int test_wolfSSL_X509_sign2(void)
 
     AssertTrue(wolfSSL_X509_set_notBefore(x509, notBefore));
     AssertTrue(wolfSSL_X509_set_notAfter(x509, notAfter));
+#endif
 
     wolfSSL_X509_sign(x509, priv, EVP_sha256());
     AssertNotNull((der = wolfSSL_X509_get_der(x509, &derSz)));
@@ -53699,6 +53705,9 @@ static int test_wolfSSL_X509_print(void)
       /* Will print IP address subject alt name. */
      AssertIntEQ(BIO_get_mem_data(bio, NULL), 3350);
   #endif
+#elif defined(NO_ASN_TIME)
+    /* With NO_ASN_TIME defined, X509_print skips printing Validity. */
+    AssertIntEQ(BIO_get_mem_data(bio, NULL), 3213);
 #else
     AssertIntEQ(BIO_get_mem_data(bio, NULL), 3328);
 #endif

wolfcrypt/src/asn.c

@@ -27093,6 +27093,7 @@ static int SetValidity(byte* output, int daysValid)
 #else
 static int SetValidity(byte* before, byte* after, int daysValid)
 {
+#ifndef NO_ASN_TIME
     int ret = 0;
     time_t now;
     time_t then;
@@ -27145,6 +27146,12 @@ static int SetValidity(byte* before, byte* after, int daysValid)
     }
 
     return ret;
+#else
+    (void)before;
+    (void)after;
+    (void)daysValid;
+    return NOT_COMPILED_IN;
+#endif
 }
 #endif /* WOLFSSL_ASN_TEMPLATE */
 

wolfcrypt/test/test.c

@@ -13166,13 +13166,15 @@ WOLFSSL_TEST_SUBROUTINE int memory_test(void)
             #ifndef NO_RSA
                 static const char* eccKeyPubFileDer = CERT_ROOT "ecc-keyPub.der";
             #endif
-            static const char* eccCaKeyFile  = CERT_ROOT "ca-ecc-key.der";
-            static const char* eccCaCertFile = CERT_ROOT "ca-ecc-cert.pem";
-            #ifdef ENABLE_ECC384_CERT_GEN_TEST
-                static const char* eccCaKey384File =
-                                               CERT_ROOT "ca-ecc384-key.der";
-                static const char* eccCaCert384File =
-                                               CERT_ROOT "ca-ecc384-cert.pem";
+            #ifndef NO_ASN_TIME
+                static const char* eccCaKeyFile  = CERT_ROOT "ca-ecc-key.der";
+                static const char* eccCaCertFile = CERT_ROOT "ca-ecc-cert.pem";
+                #ifdef ENABLE_ECC384_CERT_GEN_TEST
+                    static const char* eccCaKey384File =
+                                                CERT_ROOT "ca-ecc384-key.der";
+                    static const char* eccCaCert384File =
+                                                CERT_ROOT "ca-ecc384-cert.pem";
+                #endif
             #endif
         #endif
         #if defined(HAVE_PKCS7) && defined(HAVE_ECC)
@@ -13209,7 +13211,7 @@ WOLFSSL_TEST_SUBROUTINE int memory_test(void)
 
 #ifndef NO_WRITE_TEMP_FILES
 #ifdef HAVE_ECC
-    #ifdef WOLFSSL_CERT_GEN
+    #if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME)
          static const char* certEccPemFile =   CERT_WRITE_TEMP_DIR "certecc.pem";
          static const char* certEccDerFile = CERT_WRITE_TEMP_DIR "certecc.der";
     #endif
@@ -13230,7 +13232,7 @@ WOLFSSL_TEST_SUBROUTINE int memory_test(void)
 #endif /* HAVE_ECC */
 
 #ifndef NO_RSA
-    #ifdef WOLFSSL_CERT_GEN
+    #if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME)
         static const char* otherCertDerFile = CERT_WRITE_TEMP_DIR "othercert.der";
         static const char* certDerFile = CERT_WRITE_TEMP_DIR "cert.der";
         static const char* otherCertPemFile = CERT_WRITE_TEMP_DIR "othercert.pem";
@@ -15320,7 +15322,7 @@ exit_rsa_even_mod:
 }
 #endif /* WOLFSSL_HAVE_SP_RSA */
 
-#ifdef WOLFSSL_CERT_GEN
+#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME)
 static int rsa_certgen_test(RsaKey* key, RsaKey* keypub, WC_RNG* rng, byte* tmp)
 {
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
@@ -16805,7 +16807,7 @@ WOLFSSL_TEST_SUBROUTINE int rsa_test(void)
         goto exit_rsa;
 #endif
 
-#ifdef WOLFSSL_CERT_GEN
+#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME)
     /* Make Cert / Sign example for RSA cert and RSA CA */
     ret = rsa_certgen_test(key, keypub, &rng, tmp);
     if (ret != 0)
@@ -25624,7 +25626,7 @@ static int ecc_test_custom_curves(WC_RNG* rng)
 }
 #endif /* WOLFSSL_CUSTOM_CURVES */
 
-#ifdef WOLFSSL_CERT_GEN
+#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME)
 
 /* Make Cert / Sign example for ECC cert and ECC CA */
 static int ecc_test_cert_gen(WC_RNG* rng)
@@ -26515,7 +26517,7 @@ WOLFSSL_TEST_SUBROUTINE int ecc_test(void)
 #elif defined(HAVE_ECC_KEY_IMPORT)
     (void)ecc_test_make_pub; /* for compiler warning */
 #endif
-#ifdef WOLFSSL_CERT_GEN
+#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME)
     ret = ecc_test_cert_gen(&rng);
     if (ret != 0) {
         printf("ecc_test_cert_gen failed!: %d\n", ret);

wolfssl/openssl/ssl.h

@@ -823,17 +823,19 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 
 #define sk_ASN1_OBJECT_free             wolfSSL_sk_ASN1_OBJECT_free
 
+#ifndef NO_ASN_TIME
 #define ASN1_TIME_new                   wolfSSL_ASN1_TIME_new
 #define ASN1_UTCTIME_new                wolfSSL_ASN1_TIME_new
 #define ASN1_TIME_free                  wolfSSL_ASN1_TIME_free
 #define ASN1_UTCTIME_free               wolfSSL_ASN1_TIME_free
 #define ASN1_TIME_adj                   wolfSSL_ASN1_TIME_adj
 #define ASN1_TIME_print                 wolfSSL_ASN1_TIME_print
-#define ASN1_TIME_to_generalizedtime    wolfSSL_ASN1_TIME_to_generalizedtime
-#define ASN1_TIME_set                   wolfSSL_ASN1_TIME_set
-#define ASN1_TIME_set_string            wolfSSL_ASN1_TIME_set_string
 #define ASN1_TIME_to_string             wolfSSL_ASN1_TIME_to_string
 #define ASN1_TIME_to_tm                 wolfSSL_ASN1_TIME_to_tm
+#define ASN1_TIME_to_generalizedtime    wolfSSL_ASN1_TIME_to_generalizedtime
+#endif
+#define ASN1_TIME_set                   wolfSSL_ASN1_TIME_set
+#define ASN1_TIME_set_string            wolfSSL_ASN1_TIME_set_string
 #define ASN1_GENERALIZEDTIME_print      wolfSSL_ASN1_GENERALIZEDTIME_print
 #define ASN1_GENERALIZEDTIME_free       wolfSSL_ASN1_GENERALIZEDTIME_free