wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-02 12:14:38 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #4251 from dgarske/openssl_all

Browse Source 
Fixes for edge case builds with openssl all
This commit is contained in:
John Safranek
2021-07-29 08:58:22 -07:00
committed by GitHub
parent 9df4312c4e 2c1fed8262
commit 6f2853ef28
4 changed files with 123 additions and 87 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
configure.ac
View File

@@ -3425,17 +3425,16 @@ fi
# OCSP
if test "x$ENABLED_OPENSSLALL" = "xyes" || test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_LIGHTY" = "xyes"
then
test "$enable_ocsp" = "" && enable_ocsp=yes
fi
AC_ARG_ENABLE([ocsp],
[AS_HELP_STRING([--enable-ocsp],[Enable OCSP (default: disabled)])],
[ ENABLED_OCSP=$enableval ],
[ ENABLED_OCSP=no ],
[ ENABLED_OCSP=no ]
)
if test "x$ENABLED_OPENSSLALL" = "xyes" || test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_LIGHTY" = "xyes"
then
ENABLED_OCSP=yes
fi
if test "$ENABLED_OCSP" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP"

13
src/ssl.c
View File

@@ -50969,7 +50969,7 @@ int wolfSSL_sk_X509_OBJECT_push(WOLFSSL_STACK* sk, WOLFSSL_X509_OBJECT* obj)
return wolfSSL_sk_push(sk, obj);
}
#ifndef NO_BIO
#if !defined(NO_BIO) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8)
int wolfSSL_PEM_write_bio_PKCS8PrivateKey(WOLFSSL_BIO* bio,
WOLFSSL_EVP_PKEY* pkey,
const WOLFSSL_EVP_CIPHER* enc,
@@ -51159,8 +51159,6 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PKCS8PrivateKey_bio(WOLFSSL_BIO* bio,
byte* der;
int len;
byte* p;
char password[NAME_SZ];
int passwordSz;
word32 algId;
WOLFSSL_EVP_PKEY* key;
@@ -51168,7 +51166,8 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PKCS8PrivateKey_bio(WOLFSSL_BIO* bio,
return NULL;
if (cb != NULL) {
passwordSz = cb(password, sizeof(password), PEM_PASS_READ, ctx);
char password[NAME_SZ];
int passwordSz = cb(password, sizeof(password), PEM_PASS_READ, ctx);
if (passwordSz < 0) {
XFREE(der, bio->heap, DYNAMIC_TYPE_OPENSSL);
return NULL;
@@ -51180,7 +51179,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PKCS8PrivateKey_bio(WOLFSSL_BIO* bio,
return NULL;
}
XMEMSET(password, 0, passwordSz);
ForceZero(password, passwordSz);
}
p = der;
@@ -51189,7 +51188,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PKCS8PrivateKey_bio(WOLFSSL_BIO* bio,
return key;
}
#endif /* !NO_BIO */
#endif /* !NO_BIO && !NO_PWDBASED && HAVE_PKCS8 */
/* Detect which type of key it is before decoding. */
WOLFSSL_EVP_PKEY* wolfSSL_d2i_AutoPrivateKey(WOLFSSL_EVP_PKEY** pkey,
@@ -51250,7 +51249,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_AutoPrivateKey(WOLFSSL_EVP_PKEY** pkey,
return key;
}
#endif
#endif /* OPENSSL_ALL */
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
!defined(WOLFCRYPT_ONLY)

148
tests/api.c
View File

@@ -27770,7 +27770,7 @@ static void test_wolfSSL_certs(void)
sizeof_server_cert_der_2048), WOLFSSL_SUCCESS);
#endif
#if !defined(NO_SHA) && !defined(NO_SHA256)
#if !defined(NO_SHA) && !defined(NO_SHA256) && !defined(NO_PWDBASED)
/************* Get Digest of Certificate ******************/
{
byte digest[64]; /* max digest size */
@@ -27785,7 +27785,7 @@ static void test_wolfSSL_certs(void)
AssertIntEQ(X509_digest(NULL, wolfSSL_EVP_sha1(), digest, &digestSz),
WOLFSSL_FAILURE);
}
#endif /* !NO_SHA && !NO_SHA256*/
#endif /* !NO_SHA && !NO_SHA256 && !NO_PWDBASED */
/* test and checkout X509 extensions */
bc = (BASIC_CONSTRAINTS*)X509_get_ext_d2i(x509ext, NID_basic_constraints,
@@ -33618,32 +33618,44 @@ static void test_wolfSSL_PKCS8_Compat(void)
static void test_wolfSSL_PKCS8_d2i(void)
{
#ifndef HAVE_FIPS
#if !defined(HAVE_FIPS) && defined(OPENSSL_EXTRA)
/* This test ends up using HMAC as a part of PBKDF2, and HMAC
* requires a 12 byte password in FIPS mode. This test ends up
* trying to use an 8 byte password. */
#ifdef OPENSSL_ALL
WOLFSSL_EVP_PKEY* pkey = NULL;
#ifndef NO_FILESYSTEM
unsigned char pkcs8_buffer[2048];
const unsigned char* p;
int bytes;
XFILE file;
WOLFSSL_EVP_PKEY* pkey = NULL;
#ifndef NO_BIO
BIO* bio;
#if defined(HAVE_ECC)
#if defined(OPENSSL_ALL) && \
((!defined(NO_RSA) && !defined(NO_DES3)) || \
defined(HAVE_ECC)) && \
!defined(NO_BIO) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8)
WOLFSSL_EVP_PKEY* evpPkey = NULL;
#endif
#endif
#endif
#ifndef NO_RSA
#ifndef NO_FILESYSTEM
#ifndef NO_RSA
const char rsaDerPkcs8File[] = "./certs/server-keyPkcs8.der";
const char rsaPemPkcs8File[] = "./certs/server-keyPkcs8.pem";
#ifndef NO_DES3
#ifndef NO_DES3
const char rsaDerPkcs8EncFile[] = "./certs/server-keyPkcs8Enc.der";
#endif
#endif
#endif /* NO_RSA */
#ifdef HAVE_ECC
const char ecDerPkcs8File[] = "certs/ecc-keyPkcs8.der";
const char ecPemPkcs8File[] = "certs/ecc-keyPkcs8.pem";
#ifndef NO_DES3
const char ecDerPkcs8EncFile[] = "certs/ecc-keyPkcs8Enc.der";
#endif
#endif /* HAVE_ECC */
#endif /* !NO_FILESYSTEM */
#if defined(OPENSSL_ALL) && (!defined(NO_RSA) || defined(HAVE_ECC))
#ifndef NO_RSA
#ifdef USE_CERT_BUFFERS_1024
const unsigned char* rsa = (unsigned char*)server_key_der_1024;
int rsaSz = sizeof_server_key_der_1024;
@@ -33651,18 +33663,13 @@ static void test_wolfSSL_PKCS8_d2i(void)
const unsigned char* rsa = (unsigned char*)server_key_der_2048;
int rsaSz = sizeof_server_key_der_2048;
#endif
#endif
#ifdef HAVE_ECC
#endif
#ifdef HAVE_ECC
const unsigned char* ec = (unsigned char*)ecc_key_der_256;
int ecSz = sizeof_ecc_key_der_256;
#ifndef NO_FILESYSTEM
const char ecDerPkcs8File[] = "certs/ecc-keyPkcs8.der";
const char ecPemPkcs8File[] = "certs/ecc-keyPkcs8.pem";
#ifndef NO_DES3
const char ecDerPkcs8EncFile[] = "certs/ecc-keyPkcs8Enc.der";
#endif
#endif
#endif
#endif /* OPENSSL_ALL && (!NO_RSA || HAVE_ECC) */
#ifndef NO_FILESYSTEM
(void)pkcs8_buffer;
@@ -33674,40 +33681,51 @@ static void test_wolfSSL_PKCS8_d2i(void)
#endif
#endif
#ifndef NO_RSA
#ifdef OPENSSL_ALL
#ifndef NO_RSA
/* Try to auto-detect normal RSA private key */
AssertNotNull(pkey = d2i_AutoPrivateKey(NULL, &rsa, rsaSz));
wolfSSL_EVP_PKEY_free(pkey);
#endif
#ifdef HAVE_ECC
EVP_PKEY_free(pkey);
#endif
#ifdef HAVE_ECC
/* Try to auto-detect normal EC private key */
AssertNotNull(pkey = d2i_AutoPrivateKey(NULL, &ec, ecSz));
wolfSSL_EVP_PKEY_free(pkey);
#endif
#ifndef NO_FILESYSTEM
#ifndef NO_RSA
EVP_PKEY_free(pkey);
#endif
#endif /* OPENSSL_ALL */
#ifndef NO_FILESYSTEM
#ifndef NO_RSA
/* Get DER encoded RSA PKCS#8 data. */
file = XFOPEN(rsaDerPkcs8File, "rb");
AssertTrue(file != XBADFILE);
XMEMSET(pkcs8_buffer, 0, sizeof(pkcs8_buffer));
AssertIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer),
file)), 0);
XFCLOSE(file);
p = pkcs8_buffer;
#ifdef OPENSSL_ALL
/* Try to decode - auto-detect key type. */
AssertNotNull(pkey = d2i_AutoPrivateKey(NULL, &p, bytes));
#else
AssertNotNull(pkey = d2i_PrivateKey(EVP_PKEY_RSA, NULL, &p, bytes));
#endif
/* Get PEM encoded RSA PKCS#8 data. */
file = XFOPEN(rsaPemPkcs8File, "rb");
AssertTrue(file != XBADFILE);
AssertIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer),
file)), 0);
XFCLOSE(file);
#ifndef NO_BIO
#if defined(OPENSSL_ALL) && \
!defined(NO_BIO) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8)
AssertNotNull(bio = BIO_new(BIO_s_mem()));
/* Write PKCS#8 PEM to BIO. */
AssertIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL,
NULL), bytes);
/* Compare file and written data */
AssertIntEQ(wolfSSL_BIO_get_mem_data(bio, &p), bytes);
AssertIntEQ(BIO_get_mem_data(bio, &p), bytes);
AssertIntEQ(XMEMCMP(p, pkcs8_buffer, bytes), 0);
BIO_free(bio);
#ifndef NO_DES3
@@ -33718,51 +33736,63 @@ static void test_wolfSSL_PKCS8_d2i(void)
NULL, 0, PasswordCallBack, (void*)"yassl123"), bytes);
AssertNotNull(evpPkey = PEM_read_bio_PrivateKey(bio, NULL, PasswordCallBack,
(void*)"yassl123"));
wolfSSL_EVP_PKEY_free(evpPkey);
EVP_PKEY_free(evpPkey);
BIO_free(bio);
#endif
#endif /* !NO_BIO */
wolfSSL_EVP_PKEY_free(pkey);
#endif /* !NO_DES3 */
#endif /* !NO_BIO && !NO_PWDBASED && HAVE_PKCS8 */
EVP_PKEY_free(pkey);
/* PKCS#8 encrypted RSA key */
#ifndef NO_DES3
file = XFOPEN(rsaDerPkcs8EncFile, "rb");
AssertTrue(file != XBADFILE);
XMEMSET(pkcs8_buffer, 0, sizeof(pkcs8_buffer));
AssertIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer),
file)), 0);
XFCLOSE(file);
#ifndef NO_BIO
#if defined(OPENSSL_ALL) && \
!defined(NO_BIO) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8)
AssertNotNull(bio = BIO_new_mem_buf((void*)pkcs8_buffer, bytes));
AssertNotNull(pkey = d2i_PKCS8PrivateKey_bio(bio, NULL, PasswordCallBack,
(void*)"yassl123"));
wolfSSL_EVP_PKEY_free(pkey);
EVP_PKEY_free(pkey);
BIO_free(bio);
#endif
#endif
#endif
#ifdef HAVE_ECC
#endif /* OPENSSL_ALL && !NO_BIO && !NO_PWDBASED && HAVE_PKCS8 */
#endif /* !NO_DES3 */
#endif /* NO_RSA */
#ifdef HAVE_ECC
/* PKCS#8 encode EC key */
file = XFOPEN(ecDerPkcs8File, "rb");
AssertTrue(file != XBADFILE);
XMEMSET(pkcs8_buffer, 0, sizeof(pkcs8_buffer));
AssertIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer),
file)), 0);
XFCLOSE(file);
p = pkcs8_buffer;
#ifdef OPENSSL_ALL
/* Try to decode - auto-detect key type. */
AssertNotNull(pkey = d2i_AutoPrivateKey(NULL, &p, bytes));
#else
AssertNotNull(pkey = d2i_PrivateKey(EVP_PKEY_EC, NULL, &p, bytes));
#endif
/* Get PEM encoded RSA PKCS#8 data. */
file = XFOPEN(ecPemPkcs8File, "rb");
AssertTrue(file != XBADFILE);
XMEMSET(pkcs8_buffer, 0, sizeof(pkcs8_buffer));
AssertIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer),
file)), 0);
XFCLOSE(file);
#ifndef NO_BIO
#if defined(OPENSSL_ALL) && \
!defined(NO_BIO) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8)
AssertNotNull(bio = BIO_new(BIO_s_mem()));
/* Write PKCS#8 PEM to BIO. */
AssertIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL,
NULL), bytes);
/* Compare file and written data */
AssertIntEQ(wolfSSL_BIO_get_mem_data(bio, &p), bytes);
AssertIntEQ(BIO_get_mem_data(bio, &p), bytes);
AssertIntEQ(XMEMCMP(p, pkcs8_buffer, bytes), 0);
BIO_free(bio);
AssertNotNull(bio = BIO_new(BIO_s_mem()));
@@ -33772,32 +33802,34 @@ static void test_wolfSSL_PKCS8_d2i(void)
NULL, 0, PasswordCallBack, (void*)"yassl123"), bytes);
AssertNotNull(evpPkey = PEM_read_bio_PrivateKey(bio, NULL, PasswordCallBack,
(void*)"yassl123"));
wolfSSL_EVP_PKEY_free(evpPkey);
EVP_PKEY_free(evpPkey);
BIO_free(bio);
#endif
wolfSSL_EVP_PKEY_free(pkey);
#endif /* OPENSSL_ALL && !NO_BIO && !NO_PWDBASED && HAVE_PKCS8 */
EVP_PKEY_free(pkey);
/* PKCS#8 encrypted EC key */
#ifndef NO_DES3
file = XFOPEN(ecDerPkcs8EncFile, "rb");
AssertTrue(file != XBADFILE);
XMEMSET(pkcs8_buffer, 0, sizeof(pkcs8_buffer));
AssertIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer),
file)), 0);
XFCLOSE(file);
#ifndef NO_BIO
#if defined(OPENSSL_ALL) && \
!defined(NO_BIO) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8)
AssertNotNull(bio = BIO_new_mem_buf((void*)pkcs8_buffer, bytes));
AssertNotNull(pkey = d2i_PKCS8PrivateKey_bio(bio, NULL, PasswordCallBack,
(void*)"yassl123"));
wolfSSL_EVP_PKEY_free(pkey);
EVP_PKEY_free(pkey);
BIO_free(bio);
#endif
#endif
#endif
#endif
#endif /* OPENSSL_ALL && !NO_BIO && !NO_PWDBASED && HAVE_PKCS8 */
#endif /* !NO_DES3 */
#endif /* HAVE_ECC */
#endif /* !NO_FILESYSTEM */
printf(resultFmt, passed);
#endif
#endif /* HAVE_FIPS */
#endif /* HAVE_FIPS && OPENSSL_EXTRA */
}
#if defined(ERROR_QUEUE_PER_THREAD) && !defined(NO_ERROR_QUEUE) && \
@@ -39052,12 +39084,10 @@ static void test_wolfSSL_EVP_PKEY_get0_EC_KEY(void)
#if defined(HAVE_ECC) && defined(OPENSSL_ALL)
WOLFSSL_EVP_PKEY* pkey;
printf(testingFmt, "wolfSSL_EVP_PKEY_get0_EC_KEY");
AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
AssertNull(wolfSSL_EVP_PKEY_get0_EC_KEY(pkey));
AssertNotNull(pkey = EVP_PKEY_new());
AssertNull(EVP_PKEY_get0_EC_KEY(pkey));
EVP_PKEY_free(pkey);
printf(resultFmt, passed);
@@ -39941,7 +39971,11 @@ static void test_wolfSSL_X509V3_EXT(void) {
#endif
AssertNotNull(adObj = ad->method);
/* Make sure nid is OCSP */
#ifdef HAVE_OCSP
AssertIntEQ(wolfSSL_OBJ_obj2nid(adObj), AIA_OCSP_OID);
#else
AssertIntEQ(wolfSSL_OBJ_obj2nid(adObj), -1);
#endif
/* GENERAL_NAME stores URI as an ASN1_STRING */
AssertNotNull(gn = ad->location);

8
wolfssl/wolfcrypt/settings.h
View File

@@ -2245,11 +2245,15 @@ extern void uITRON4_free(void *p) ;
#ifndef OPENSSL_EXTRA
#define OPENSSL_EXTRA
#endif
#ifndef HAVE_SESSION_TICKET
/* Session Tickets will be enabled when --enable-opensslall is used.
* Time is required for ticket expiration checking */
#if !defined(HAVE_SESSION_TICKET) && !defined(NO_ASN_TIME)
#define HAVE_SESSION_TICKET
#endif
/* OCSP will be enabled in configure.ac when --enable-opensslall is used,
* but do not force all users to have it enabled. */
#ifndef HAVE_OCSP
#define HAVE_OCSP
/*#define HAVE_OCSP*/
#endif
#ifndef KEEP_OUR_CERT
#define KEEP_OUR_CERT