From 777bdb28bc3ad1688aaa1cf66356feec98d13c8d Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Fri, 3 Jul 2020 17:30:16 +0200 Subject: [PATCH] Implement/stub the following: - `NID_pkcs9_challengePassword` - added - `wolfSSL_OPENSSL_cleanse` - implemented - `wolfSSL_X509_REQ_add1_attr_by_NID` - stubbed - `wolfSSL_c2i_ASN1_OBJECT` - stubbed --- configure.ac | 20 +++++++++++++++++++- src/ssl.c | 21 +++++++++++++++++++++ wolfssl/openssl/asn1.h | 6 ++++++ wolfssl/openssl/ssl.h | 4 ++++ wolfssl/openssl/x509.h | 1 + wolfssl/ssl.h | 5 +++++ wolfssl/wolfcrypt/asn.h | 1 + 7 files changed, 57 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index d7db9a933..aa380d78f 100644 --- a/configure.ac +++ b/configure.ac @@ -4258,12 +4258,30 @@ then AM_CFLAGS="-DOPENSSL_EXTRA -DOPENSSL_ALL $AM_CFLAGS" fi - # Requires OCSP make sure on + # Requires OCSP if test "x$ENABLED_OCSP" = "xno" then ENABLED_OCSP="yes" AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP" fi + + # Requires PKCS7 + if test "x$ENABLED_PKCS7" = "xno" + then + ENABLED_PKCS7="yes" + fi + + # Requires Certificate Generation and Request + if test "x$ENABLED_CERTGEN" = "xno" + then + ENABLED_CERTGEN="yes" + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN" + fi + if test "x$ENABLED_CERTREQ" = "xno" + then + ENABLED_CERTREQ="yes" + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_REQ" + fi fi # MD4 diff --git a/src/ssl.c b/src/ssl.c index 82a5feb2d..2b6eafea4 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -45326,6 +45326,12 @@ void *wolfSSL_OPENSSL_memdup(const void *data, size_t siz, const char* file, int return XMEMCPY(ret, data, siz); } +void wolfSSL_OPENSSL_cleanse(void *ptr, size_t len) +{ + if (ptr) + ForceZero(ptr, len); +} + int wolfSSL_CTX_set_alpn_protos(WOLFSSL_CTX *ctx, const unsigned char *p, unsigned int p_len) { @@ -49247,6 +49253,21 @@ int wolfSSL_X509_REQ_add_extensions(WOLFSSL_X509* req, (void)ext; return WOLFSSL_FATAL_ERROR; } + +int wolfSSL_X509_REQ_add1_attr_by_NID(WOLFSSL_X509 *req, + int nid, int type, + const unsigned char *bytes, + int len) +{ + WOLFSSL_ENTER("wolfSSL_X509_REQ_add1_attr_by_NID"); + WOLFSSL_STUB("wolfSSL_X509_REQ_add1_attr_by_NID"); + (void)req; + (void)nid; + (void)type; + (void)bytes; + (void)len; + return WOLFSSL_FAILURE; +} #endif int wolfSSL_X509_REQ_set_subject_name(WOLFSSL_X509 *req, diff --git a/wolfssl/openssl/asn1.h b/wolfssl/openssl/asn1.h index f2a0c21e5..7c6a52824 100644 --- a/wolfssl/openssl/asn1.h +++ b/wolfssl/openssl/asn1.h @@ -33,6 +33,7 @@ #define ASN1_STRING_free wolfSSL_ASN1_STRING_free #define ASN1_get_object wolfSSL_ASN1_get_object +#define c2i_ASN1_OBJECT wolfSSL_c2i_ASN1_OBJECT #define V_ASN1_INTEGER 0x02 #define V_ASN1_OCTET_STRING 0x04 /* tag for ASN1_OCTET_STRING */ @@ -69,6 +70,8 @@ #define ASN1_TIME_set wolfSSL_ASN1_TIME_set #define V_ASN1_OBJECT 6 +#define V_ASN1_SEQUENCE 16 +#define V_ASN1_SET 17 #define V_ASN1_UTCTIME 23 #define V_ASN1_GENERALIZEDTIME 24 #define V_ASN1_PRINTABLESTRING 19 @@ -88,6 +91,9 @@ WOLFSSL_API void wolfSSL_ASN1_TYPE_set(WOLFSSL_ASN1_TYPE *a, int type, void *val WOLFSSL_API int wolfSSL_ASN1_get_object(const unsigned char **in, long *len, int *tag, int *class, long inLen); +WOLFSSL_API WOLFSSL_ASN1_OBJECT *wolfSSL_c2i_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT **a, + const unsigned char **pp, long len); + #ifdef OPENSSL_ALL /* IMPLEMENT_ASN1_FUNCTIONS is strictly for external use only. Internally * we don't use this. Some projects use OpenSSL to implement ASN1 types and diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index e50bf42b9..5384003a5 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -53,6 +53,8 @@ /* all NID_* values are in asn.h */ #include +#include + #ifdef __cplusplus extern "C" { #endif @@ -377,6 +379,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define X509_REQ_free wolfSSL_X509_REQ_free #define X509_REQ_sign wolfSSL_X509_REQ_sign #define X509_REQ_add_extensions wolfSSL_X509_REQ_add_extensions +#define X509_REQ_add1_attr_by_NID wolfSSL_X509_REQ_add1_attr_by_NID #define X509_REQ_set_subject_name wolfSSL_X509_REQ_set_subject_name #define X509_REQ_set_pubkey wolfSSL_X509_REQ_set_pubkey #define PEM_write_bio_X509_REQ wolfSSL_PEM_write_bio_X509_REQ @@ -1182,6 +1185,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define OPENSSL_config wolfSSL_OPENSSL_config #define OPENSSL_memdup wolfSSL_OPENSSL_memdup +#define OPENSSL_cleanse wolfSSL_OPENSSL_cleanse #define SSL_CTX_get_timeout wolfSSL_SSL_CTX_get_timeout #define SSL_CTX_set_tmp_ecdh wolfSSL_SSL_CTX_set_tmp_ecdh #define SSL_CTX_remove_session wolfSSL_SSL_CTX_remove_session diff --git a/wolfssl/openssl/x509.h b/wolfssl/openssl/x509.h index 77a8bca54..349dd089c 100644 --- a/wolfssl/openssl/x509.h +++ b/wolfssl/openssl/x509.h @@ -5,6 +5,7 @@ #include #include #include +#include /* wolfSSL_X509_print_ex flags */ #define X509_FLAG_COMPAT (0UL) diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 1e6e6a31f..660c7b3f5 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -3552,6 +3552,10 @@ WOLFSSL_API int wolfSSL_X509_REQ_set_subject_name(WOLFSSL_X509 *req, WOLFSSL_X509_NAME *name); WOLFSSL_API int wolfSSL_X509_REQ_set_pubkey(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey); +WOLFSSL_API int wolfSSL_X509_REQ_add1_attr_by_NID(WOLFSSL_X509 *req, + int nid, int type, + const unsigned char *bytes, + int len); #endif @@ -3775,6 +3779,7 @@ WOLFSSL_API int wolfSSL_set_alpn_protos(WOLFSSL* ssl, const unsigned char* protos, unsigned int protos_len); WOLFSSL_API void *wolfSSL_OPENSSL_memdup(const void *data, size_t siz, const char* file, int line); +WOLFSSL_API void wolfSSL_OPENSSL_cleanse(void *ptr, size_t len); WOLFSSL_API void wolfSSL_ERR_load_BIO_strings(void); #endif diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 26eeee647..3210f9b19 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -202,6 +202,7 @@ enum NID_sha256 = 672, NID_sha384 = 673, NID_sha512 = 674, + NID_pkcs9_challengePassword = 54, NID_hw_name_oid = 73, NID_id_pkix_OCSP_basic = 74, NID_any_policy = 75,