wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 10:47:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fixes for building --enable-wpas=small with WPA Supplicant v2.7.

Browse Source
This commit is contained in:
David Garske
2020-09-16 15:41:20 -07:00
parent eb466668ce
commit 780e8a4619
4 changed files with 283 additions and 270 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
configure.ac
View File

@ -645,26 +645,21 @@ then
AM_CFLAGS="$AM_CFLAGS -DTEST_IPV6 -DWOLFSSL_IPV6" AM_CFLAGS="$AM_CFLAGS -DTEST_IPV6 -DWOLFSSL_IPV6"
fi fi
if test "$ENABLED_WPAS" != "no"
if test "$ENABLED_WPAS" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_SECRET_CALLBACK -DWOLFSSL_STATIC_RSA"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PUBLIC_MP -DWOLFSSL_PUBLIC_ECC_ADD_DBL"
AM_CFLAGS="$AM_CFLAGS -DATOMIC_USER -DHAVE_EX_DATA -DWOLFSSL_KEEP_PEER_CERT"
AM_CFLAGS="$AM_CFLAGS -DHAVE_EXT_CACHE"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_VERIFY_CB"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT -DWOLFSSL_DER_LOAD"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN -DWOLFSSL_DES_ECB"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WPAS"
fi
if test "$ENABLED_WPAS" = "small"
then then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WPAS_SMALL"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_VERIFY_CB" AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_VERIFY_CB"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_KEEP_SNI" AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_KEEP_SNI"
AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA" AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA"
AM_CFLAGS="$AM_CFLAGS -DHAVE_EXT_CACHE"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_EITHER_SIDE" AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_EITHER_SIDE"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WPAS_SMALL" AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA_X509_SMALL"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PUBLIC_MP"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DER_LOAD"
AM_CFLAGS="$AM_CFLAGS -DATOMIC_USER"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DES_ECB"
fi fi
if test "$ENABLED_FORTRESS" = "yes" if test "$ENABLED_FORTRESS" = "yes"
@ -2323,7 +2318,7 @@ AC_ARG_ENABLE([des3],
[ ENABLED_DES3=no ] [ ENABLED_DES3=no ]
) )
if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_QT" = "yes" || test "$ENABLED_OPENVPN" = "yes" if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_QT" = "yes" || test "$ENABLED_OPENVPN" = "yes" || test "x$ENABLED_WPAS" != "xno"
then then
ENABLED_DES3="yes" ENABLED_DES3="yes"
fi fi
@ -2411,7 +2406,7 @@ AC_ARG_ENABLE([cmac],
[ ENABLED_CMAC=no ] [ ENABLED_CMAC=no ]
) )
if test "$ENABLED_WPAS" = "yes" if test "$ENABLED_WPAS" != "no"
then then
ENABLED_CMAC=yes ENABLED_CMAC=yes
fi fi
@ -2848,7 +2843,7 @@ AC_ARG_ENABLE([crl],
) )
if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes" || test "x$ENABLED_OPENVPN" = "xyes" if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes" || test "x$ENABLED_OPENVPN" = "xyes" || test "x$ENABLED_WPAS" != "xno"
then then
ENABLED_CRL=yes ENABLED_CRL=yes
fi fi
@ -3871,7 +3866,7 @@ AC_ARG_ENABLE([md4],
if test "$ENABLED_MD4" = "no" if test "$ENABLED_MD4" = "no"
then then
#turn on MD4 if using stunnel #turn on MD4 if using stunnel
if test "x$ENABLED_STUNNEL" = "xyes" if test "x$ENABLED_STUNNEL" = "xyes" || test "x$ENABLED_WPAS" != "xno"
then then
ENABLED_MD4="yes" ENABLED_MD4="yes"
else else
@ -4884,7 +4879,7 @@ AC_ARG_ENABLE([aeskeywrap],
[ ENABLED_AESKEYWRAP=no ] [ ENABLED_AESKEYWRAP=no ]
) )
if test "$ENABLED_WPAS" = "yes" && test "$ENABLED_FIPS" = "no" if test "$ENABLED_WPAS" != "no" && test "$ENABLED_FIPS" = "no"
then then
ENABLED_AESKEYWRAP="yes" ENABLED_AESKEYWRAP="yes"
fi fi

509
src/ssl.c
View File

@ -17658,258 +17658,267 @@ int wolfSSL_X509_NAME_entry_count(WOLFSSL_X509_NAME* name)
} }
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
#if defined(OPENSSL_EXTRA) || \
defined(KEEP_OUR_CERT) || defined(KEEP_PEER_CERT) || defined(SESSION_CERTS)
/* return the next, if any, altname from the peer cert */
WOLFSSL_ABI
char* wolfSSL_X509_get_next_altname(WOLFSSL_X509* cert)
{
char* ret = NULL;
WOLFSSL_ENTER("wolfSSL_X509_get_next_altname");
#if defined(OPENSSL_ALL) || defined(KEEP_OUR_CERT) || defined(KEEP_PEER_CERT) || \ /* don't have any to work with */
defined(SESSION_CERTS) if (cert == NULL || cert->altNames == NULL)
/* return the next, if any, altname from the peer cert */ return NULL;
WOLFSSL_ABI
char* wolfSSL_X509_get_next_altname(WOLFSSL_X509* cert)
{
char* ret = NULL;
WOLFSSL_ENTER("wolfSSL_X509_get_next_altname");
/* don't have any to work with */ /* already went through them */
if (cert == NULL || cert->altNames == NULL) if (cert->altNamesNext == NULL)
return NULL; return NULL;
/* already went through them */ ret = cert->altNamesNext->name;
if (cert->altNamesNext == NULL) cert->altNamesNext = cert->altNamesNext->next;
return NULL;
ret = cert->altNamesNext->name; return ret;
cert->altNamesNext = cert->altNamesNext->next; }
return ret; int wolfSSL_X509_get_signature(WOLFSSL_X509* x509,
}
int wolfSSL_X509_get_signature(WOLFSSL_X509* x509,
unsigned char* buf, int* bufSz)
{
WOLFSSL_ENTER("wolfSSL_X509_get_signature");
if (x509 == NULL || bufSz == NULL || (*bufSz < (int)x509->sig.length &&
buf != NULL))
return WOLFSSL_FATAL_ERROR;
if (buf != NULL)
XMEMCPY(buf, x509->sig.buffer, x509->sig.length);
*bufSz = x509->sig.length;
return WOLFSSL_SUCCESS;
}
/* Getter function that copies over the DER public key buffer to "buf" and
* sets the size in bufSz. If "buf" is NULL then just bufSz is set to needed
* buffer size. "bufSz" passed in should initially be set by the user to be
* the size of "buf". This gets checked to make sure the buffer is large
* enough to hold the public key.
*
* Note: this is the X.509 form of key with "header" info.
* return WOLFSSL_SUCCESS on success
*/
int wolfSSL_X509_get_pubkey_buffer(WOLFSSL_X509* x509,
unsigned char* buf, int* bufSz) unsigned char* buf, int* bufSz)
{ {
#ifdef WOLFSSL_SMALL_STACK WOLFSSL_ENTER("wolfSSL_X509_get_signature");
DecodedCert* cert; if (x509 == NULL || bufSz == NULL || (*bufSz < (int)x509->sig.length &&
#else buf != NULL))
DecodedCert cert[1]; return WOLFSSL_FATAL_ERROR;
#endif
word32 idx;
const byte* der;
int length = 0;
int ret, derSz = 0;
int badDate = 0;
const byte* pubKeyX509 = NULL;
int pubKeyX509Sz = 0;
WOLFSSL_ENTER("wolfSSL_X509_get_pubkey_buffer"); if (buf != NULL)
if (x509 == NULL || bufSz == NULL) { XMEMCPY(buf, x509->sig.buffer, x509->sig.length);
WOLFSSL_LEAVE("wolfSSL_X509_get_pubkey_buffer", BAD_FUNC_ARG); *bufSz = x509->sig.length;
return WOLFSSL_SUCCESS;
}
/* Getter function that copies over the DER public key buffer to "buf" and
* sets the size in bufSz. If "buf" is NULL then just bufSz is set to needed
* buffer size. "bufSz" passed in should initially be set by the user to be
* the size of "buf". This gets checked to make sure the buffer is large
* enough to hold the public key.
*
* Note: this is the X.509 form of key with "header" info.
* return WOLFSSL_SUCCESS on success
*/
int wolfSSL_X509_get_pubkey_buffer(WOLFSSL_X509* x509,
unsigned char* buf, int* bufSz)
{
#ifdef WOLFSSL_SMALL_STACK
DecodedCert* cert;
#else
DecodedCert cert[1];
#endif
word32 idx;
const byte* der;
int length = 0;
int ret, derSz = 0;
int badDate = 0;
const byte* pubKeyX509 = NULL;
int pubKeyX509Sz = 0;
WOLFSSL_ENTER("wolfSSL_X509_get_pubkey_buffer");
if (x509 == NULL || bufSz == NULL) {
WOLFSSL_LEAVE("wolfSSL_X509_get_pubkey_buffer", BAD_FUNC_ARG);
return WOLFSSL_FATAL_ERROR;
}
#ifdef WOLFSSL_SMALL_STACK
cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert),
x509->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (cert == NULL) {
WOLFSSL_LEAVE("wolfSSL_X509_get_pubkey_buffer", MEMORY_E);
return WOLFSSL_FATAL_ERROR;
}
#endif
der = wolfSSL_X509_get_der(x509, &derSz);
InitDecodedCert(cert, der, derSz, NULL);
ret = wc_GetPubX509(cert, 0, &badDate);
if (ret >= 0) {
idx = cert->srcIdx;
pubKeyX509 = cert->source + cert->srcIdx;
ret = GetSequence(cert->source, &cert->srcIdx, &length,
cert->maxIdx);
pubKeyX509Sz = length + (cert->srcIdx - idx);
}
FreeDecodedCert(cert);
#ifdef WOLFSSL_SMALL_STACK
XFREE(cert, x509->heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif
if (ret < 0) {
WOLFSSL_LEAVE("wolfSSL_X509_get_pubkey_buffer", ret);
return WOLFSSL_FATAL_ERROR;
}
if (buf != NULL) {
if (pubKeyX509Sz > *bufSz) {
WOLFSSL_LEAVE("wolfSSL_X509_get_pubkey_buffer", BUFFER_E);
return WOLFSSL_FATAL_ERROR; return WOLFSSL_FATAL_ERROR;
} }
XMEMCPY(buf, pubKeyX509, pubKeyX509Sz);
}
*bufSz = pubKeyX509Sz;
return WOLFSSL_SUCCESS;
}
#ifdef WOLFSSL_SMALL_STACK /* Getter function for the public key OID value
cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), * return public key OID stored in WOLFSSL_X509 structure */
x509->heap, DYNAMIC_TYPE_TMP_BUFFER); int wolfSSL_X509_get_pubkey_type(WOLFSSL_X509* x509)
if (cert == NULL) { {
WOLFSSL_LEAVE("wolfSSL_X509_get_pubkey_buffer", MEMORY_E); if (x509 == NULL)
return WOLFSSL_FATAL_ERROR; return WOLFSSL_FAILURE;
} return x509->pubKeyOID;
#endif }
der = wolfSSL_X509_get_der(x509, &derSz); /* write X509 serial number in unsigned binary to buffer
InitDecodedCert(cert, der, derSz, NULL); buffer needs to be at least EXTERNAL_SERIAL_SIZE (32) for all cases
ret = wc_GetPubX509(cert, 0, &badDate); return WOLFSSL_SUCCESS on success */
if (ret >= 0) { int wolfSSL_X509_get_serial_number(WOLFSSL_X509* x509,
idx = cert->srcIdx; byte* in, int* inOutSz)
pubKeyX509 = cert->source + cert->srcIdx; {
ret = GetSequence(cert->source, &cert->srcIdx, &length, WOLFSSL_ENTER("wolfSSL_X509_get_serial_number");
cert->maxIdx); if (x509 == NULL || inOutSz == NULL) {
pubKeyX509Sz = length + (cert->srcIdx - idx); WOLFSSL_MSG("Null argument passed in");
} return BAD_FUNC_ARG;
FreeDecodedCert(cert);
#ifdef WOLFSSL_SMALL_STACK
XFREE(cert, x509->heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif
if (ret < 0) {
WOLFSSL_LEAVE("wolfSSL_X509_get_pubkey_buffer", ret);
return WOLFSSL_FATAL_ERROR;
}
if (buf != NULL) {
if (pubKeyX509Sz > *bufSz) {
WOLFSSL_LEAVE("wolfSSL_X509_get_pubkey_buffer", BUFFER_E);
return WOLFSSL_FATAL_ERROR;
}
XMEMCPY(buf, pubKeyX509, pubKeyX509Sz);
}
*bufSz = pubKeyX509Sz;
return WOLFSSL_SUCCESS;
} }
if (in != NULL) {
/* Getter function for the public key OID value if (*inOutSz < x509->serialSz) {
* return public key OID stored in WOLFSSL_X509 structure */ WOLFSSL_MSG("Serial buffer too small");
int wolfSSL_X509_get_pubkey_type(WOLFSSL_X509* x509) return BUFFER_E;
{
if (x509 == NULL)
return WOLFSSL_FAILURE;
return x509->pubKeyOID;
}
/* write X509 serial number in unsigned binary to buffer
buffer needs to be at least EXTERNAL_SERIAL_SIZE (32) for all cases
return WOLFSSL_SUCCESS on success */
int wolfSSL_X509_get_serial_number(WOLFSSL_X509* x509,
byte* in, int* inOutSz)
{
WOLFSSL_ENTER("wolfSSL_X509_get_serial_number");
if (x509 == NULL || inOutSz == NULL) {
WOLFSSL_MSG("Null argument passed in");
return BAD_FUNC_ARG;
} }
XMEMCPY(in, x509->serial, x509->serialSz);
if (in != NULL) {
if (*inOutSz < x509->serialSz) {
WOLFSSL_MSG("Serial buffer too small");
return BUFFER_E;
}
XMEMCPY(in, x509->serial, x509->serialSz);
}
*inOutSz = x509->serialSz;
return WOLFSSL_SUCCESS;
} }
*inOutSz = x509->serialSz;
return WOLFSSL_SUCCESS;
}
#endif /* OPENSSL_EXTRA || KEEP_OUR_CERT || KEEP_PEER_CERT || SESSION_CERTS */
/* not an openssl compatibility function - getting for derCert */ #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || \
const byte* wolfSSL_X509_get_der(WOLFSSL_X509* x509, int* outSz) defined(KEEP_OUR_CERT) || defined(KEEP_PEER_CERT) || defined(SESSION_CERTS)
{
WOLFSSL_ENTER("wolfSSL_X509_get_der");
if (x509 == NULL || x509->derCert == NULL || outSz == NULL) /* not an openssl compatibility function - getting for derCert */
return NULL; const byte* wolfSSL_X509_get_der(WOLFSSL_X509* x509, int* outSz)
{
WOLFSSL_ENTER("wolfSSL_X509_get_der");
*outSz = (int)x509->derCert->length; if (x509 == NULL || x509->derCert == NULL || outSz == NULL)
return x509->derCert->buffer; return NULL;
}
/* used by JSSE (not a standard compatibility function) */ *outSz = (int)x509->derCert->length;
/* this is not thread safe */ return x509->derCert->buffer;
WOLFSSL_ABI }
const byte* wolfSSL_X509_notBefore(WOLFSSL_X509* x509)
{
static byte notBeforeData[CTC_DATE_SIZE]; /* temp buffer for date */
WOLFSSL_ENTER("wolfSSL_X509_notBefore");
if (x509 == NULL) #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL || KEEP_OUR_CERT || KEEP_PEER_CERT || SESSION_CERTS */
return NULL;
XMEMSET(notBeforeData, 0, sizeof(notBeforeData)); #ifdef OPENSSL_EXTRA
notBeforeData[0] = (byte)x509->notBefore.type;
notBeforeData[1] = (byte)x509->notBefore.length;
XMEMCPY(&notBeforeData[2], x509->notBefore.data, x509->notBefore.length);
return notBeforeData; /* used by JSSE (not a standard compatibility function) */
} /* this is not thread safe */
/* used by JSSE (not a standard compatibility function) */ WOLFSSL_ABI
/* this is not thread safe */ const byte* wolfSSL_X509_notBefore(WOLFSSL_X509* x509)
WOLFSSL_ABI {
const byte* wolfSSL_X509_notAfter(WOLFSSL_X509* x509) static byte notBeforeData[CTC_DATE_SIZE]; /* temp buffer for date */
{ WOLFSSL_ENTER("wolfSSL_X509_notBefore");
static byte notAfterData[CTC_DATE_SIZE]; /* temp buffer for date */
WOLFSSL_ENTER("wolfSSL_X509_notAfter");
if (x509 == NULL) if (x509 == NULL)
return NULL; return NULL;
XMEMSET(notAfterData, 0, sizeof(notAfterData)); XMEMSET(notBeforeData, 0, sizeof(notBeforeData));
notAfterData[0] = (byte)x509->notAfter.type; notBeforeData[0] = (byte)x509->notBefore.type;
notAfterData[1] = (byte)x509->notAfter.length; notBeforeData[1] = (byte)x509->notBefore.length;
XMEMCPY(&notAfterData[2], x509->notAfter.data, x509->notAfter.length); XMEMCPY(&notBeforeData[2], x509->notBefore.data, x509->notBefore.length);
return notAfterData; return notBeforeData;
} }
#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) && !defined(NO_WOLFSSL_STUB) /* used by JSSE (not a standard compatibility function) */
WOLFSSL_ASN1_TIME* wolfSSL_X509_gmtime_adj(WOLFSSL_ASN1_TIME *s, long adj) /* this is not thread safe */
{ WOLFSSL_ABI
(void) s; const byte* wolfSSL_X509_notAfter(WOLFSSL_X509* x509)
(void) adj; {
WOLFSSL_STUB("wolfSSL_X509_gmtime_adj"); static byte notAfterData[CTC_DATE_SIZE]; /* temp buffer for date */
WOLFSSL_ENTER("wolfSSL_X509_notAfter");
if (x509 == NULL)
return NULL;
XMEMSET(notAfterData, 0, sizeof(notAfterData));
notAfterData[0] = (byte)x509->notAfter.type;
notAfterData[1] = (byte)x509->notAfter.length;
XMEMCPY(&notAfterData[2], x509->notAfter.data, x509->notAfter.length);
return notAfterData;
}
#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) && !defined(NO_WOLFSSL_STUB)
WOLFSSL_ASN1_TIME* wolfSSL_X509_gmtime_adj(WOLFSSL_ASN1_TIME *s, long adj)
{
(void) s;
(void) adj;
WOLFSSL_STUB("wolfSSL_X509_gmtime_adj");
return NULL;
}
#endif
/* get the buffer to be signed (tbs) from the WOLFSSL_X509 certificate
*
* outSz : gets set to the size of the buffer
* returns a pointer to the internal buffer at the location of TBS on
* on success and NULL on failure.
*/
const unsigned char* wolfSSL_X509_get_tbs(WOLFSSL_X509* x509, int* outSz)
{
int sz = 0, len;
unsigned int idx = 0, tmpIdx;
const unsigned char* der = NULL;
const unsigned char* tbs = NULL;
if (x509 == NULL || outSz == NULL) {
return NULL; return NULL;
} }
#endif
/* get the buffer to be signed (tbs) from the WOLFSSL_X509 certificate der = wolfSSL_X509_get_der(x509, &sz);
* if (der == NULL) {
* outSz : gets set to the size of the buffer return NULL;
* returns a pointer to the internal buffer at the location of TBS on
* on success and NULL on failure.
*/
const unsigned char* wolfSSL_X509_get_tbs(WOLFSSL_X509* x509, int* outSz)
{
int sz = 0, len;
unsigned int idx = 0, tmpIdx;
const unsigned char* der = NULL;
const unsigned char* tbs = NULL;
if (x509 == NULL || outSz == NULL) {
return NULL;
}
der = wolfSSL_X509_get_der(x509, &sz);
if (der == NULL) {
return NULL;
}
if (GetSequence(der, &idx, &len, sz) < 0) {
return NULL;
}
tbs = der + idx;
tmpIdx = idx;
if (GetSequence(der, &idx, &len, sz) < 0) {
return NULL;
}
*outSz = len + (idx - tmpIdx);
return tbs;
} }
int wolfSSL_X509_version(WOLFSSL_X509* x509) if (GetSequence(der, &idx, &len, sz) < 0) {
{ return NULL;
WOLFSSL_ENTER("wolfSSL_X509_version");
if (x509 == NULL)
return 0;
return x509->version;
} }
tbs = der + idx;
tmpIdx = idx;
if (GetSequence(der, &idx, &len, sz) < 0) {
return NULL;
}
*outSz = len + (idx - tmpIdx);
return tbs;
}
int wolfSSL_X509_version(WOLFSSL_X509* x509)
{
WOLFSSL_ENTER("wolfSSL_X509_version");
if (x509 == NULL)
return 0;
return x509->version;
}
#ifdef WOLFSSL_SEP #ifdef WOLFSSL_SEP
@ -18001,6 +18010,7 @@ byte* wolfSSL_X509_get_hw_serial_number(WOLFSSL_X509* x509,byte* in,
} }
#endif /* WOLFSSL_SEP */ #endif /* WOLFSSL_SEP */
#endif /* OPENSSL_EXTRA */
/* require OPENSSL_EXTRA since wolfSSL_X509_free is wrapped by OPENSSL_EXTRA */ /* require OPENSSL_EXTRA since wolfSSL_X509_free is wrapped by OPENSSL_EXTRA */
#if !defined(NO_CERTS) && defined(OPENSSL_EXTRA) #if !defined(NO_CERTS) && defined(OPENSSL_EXTRA)
@ -18181,7 +18191,7 @@ void wolfSSL_sk_X509_free(WOLF_STACK_OF(WOLFSSL_X509)* sk)
#endif /* !NO_CERTS && (OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL) */ #endif /* !NO_CERTS && (OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL) */
#if defined(OPENSSL_ALL) || defined (WOLFSSL_QT) #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
/* return 1 on success 0 on fail */ /* return 1 on success 0 on fail */
int wolfSSL_sk_ACCESS_DESCRIPTION_push(WOLF_STACK_OF(ACCESS_DESCRIPTION)* sk, int wolfSSL_sk_ACCESS_DESCRIPTION_push(WOLF_STACK_OF(ACCESS_DESCRIPTION)* sk,
WOLFSSL_ACCESS_DESCRIPTION* access) WOLFSSL_ACCESS_DESCRIPTION* access)
@ -18288,9 +18298,9 @@ void wolfSSL_ACCESS_DESCRIPTION_free(WOLFSSL_ACCESS_DESCRIPTION* access)
/* access = NULL, don't try to access or double free it */ /* access = NULL, don't try to access or double free it */
} }
#endif #endif /* OPENSSL_ALL || WOLFSSL_QT */
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
/* create a generic wolfSSL stack node /* create a generic wolfSSL stack node
* returns a new WOLFSSL_STACK structure on success */ * returns a new WOLFSSL_STACK structure on success */
@ -18376,9 +18386,7 @@ int wolfSSL_sk_push(WOLFSSL_STACK* sk, const void *data)
return ret; return ret;
} }
#endif /* OPENSSL_EXTRA */
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
/* Creates and returns new GENERAL_NAME structure */ /* Creates and returns new GENERAL_NAME structure */
WOLFSSL_GENERAL_NAME* wolfSSL_GENERAL_NAME_new(void) WOLFSSL_GENERAL_NAME* wolfSSL_GENERAL_NAME_new(void)
{ {
@ -19059,9 +19067,7 @@ int wolfSSL_i2d_DHparams(const WOLFSSL_DH *dh, unsigned char **out)
#endif /* OPENSSL_EXTRA */ #endif /* OPENSSL_EXTRA */
#ifndef NO_FILESYSTEM #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
#ifndef NO_STDIO_FILESYSTEM
WOLFSSL_X509* wolfSSL_X509_d2i_fp(WOLFSSL_X509** x509, XFILE file) WOLFSSL_X509* wolfSSL_X509_d2i_fp(WOLFSSL_X509** x509, XFILE file)
{ {
@ -19099,8 +19105,12 @@ WOLFSSL_X509* wolfSSL_X509_d2i_fp(WOLFSSL_X509** x509, XFILE file)
return newX509; return newX509;
} }
#endif /* NO_STDIO_FILESYSTEM */ #endif /* OPENSSL_EXTRA && !NO_FILESYSTEM && !NO_STDIO_FILESYSTEM */
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || \
defined(KEEP_PEER_CERT) || defined(SESSION_CERTS)
#ifndef NO_FILESYSTEM
WOLFSSL_ABI WOLFSSL_ABI
WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format) WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format)
{ {
@ -19165,9 +19175,7 @@ WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format)
return x509; return x509;
} }
#endif /* !NO_FILESYSTEM */
#endif /* NO_FILESYSTEM */
WOLFSSL_X509* wolfSSL_X509_load_certificate_buffer( WOLFSSL_X509* wolfSSL_X509_load_certificate_buffer(
const unsigned char* buf, int sz, int format) const unsigned char* buf, int sz, int format)
@ -19234,7 +19242,7 @@ WOLFSSL_X509* wolfSSL_X509_load_certificate_buffer(
return x509; return x509;
} }
#endif /* KEEP_PEER_CERT || SESSION_CERTS */ #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL || KEEP_PEER_CERT || SESSION_CERTS */
/* OPENSSL_EXTRA is needed for wolfSSL_X509_d21 function /* OPENSSL_EXTRA is needed for wolfSSL_X509_d21 function
KEEP_OUR_CERT is to insure ability for returning ssl certificate */ KEEP_OUR_CERT is to insure ability for returning ssl certificate */
@ -23838,8 +23846,8 @@ int wolfSSL_X509_cmp_time(const WOLFSSL_ASN1_TIME* asnTime, time_t* cmpTime)
} }
#endif /* !NO_ASN_TIME */ #endif /* !NO_ASN_TIME */
#if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) && !defined(USER_TIME) && \ #if (defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)) && \
!defined(TIME_OVERRIDES) !defined(NO_ASN_TIME) && !defined(USER_TIME) && !defined(TIME_OVERRIDES)
WOLFSSL_ASN1_TIME *wolfSSL_X509_time_adj_ex(WOLFSSL_ASN1_TIME *asnTime, WOLFSSL_ASN1_TIME *wolfSSL_X509_time_adj_ex(WOLFSSL_ASN1_TIME *asnTime,
int offset_day, long offset_sec, time_t *in_tm) int offset_day, long offset_sec, time_t *in_tm)
{ {
@ -23884,6 +23892,9 @@ WOLFSSL_X509_REVOKED* wolfSSL_sk_X509_REVOKED_value(
} }
#endif #endif
#endif /* OPENSSL_EXTRA */
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
/* Used to create a new WOLFSSL_ASN1_INTEGER structure. /* Used to create a new WOLFSSL_ASN1_INTEGER structure.
* returns a pointer to new structure on success and NULL on failure * returns a pointer to new structure on success and NULL on failure
*/ */
@ -24058,7 +24069,7 @@ WOLFSSL_ASN1_INTEGER* wolfSSL_X509_get_serialNumber(WOLFSSL_X509* x509)
return a; return a;
} }
#endif /* OPENSSL_EXTRA */ #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || \ #if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || \
defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
@ -27406,9 +27417,6 @@ WOLFSSL_STACK* wolfSSL_sk_new_null(void)
return sk; return sk;
} }
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
#ifdef OPENSSL_EXTRA
WOLFSSL_BASIC_CONSTRAINTS* wolfSSL_BASIC_CONSTRAINTS_new(void) WOLFSSL_BASIC_CONSTRAINTS* wolfSSL_BASIC_CONSTRAINTS_new(void)
{ {
@ -27477,7 +27485,7 @@ int wolfSSL_sk_SSL_COMP_num(WOLF_STACK_OF(WOLFSSL_COMP)* sk)
return (int)sk->num; return (int)sk->num;
} }
#endif /* OPENSSL_EXTRA */ #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
#if !defined(NO_SESSION_CACHE) && (defined(OPENSSL_EXTRA) || \ #if !defined(NO_SESSION_CACHE) && (defined(OPENSSL_EXTRA) || \
defined(HAVE_EXT_CACHE)) defined(HAVE_EXT_CACHE))
@ -44025,7 +44033,7 @@ int wolfSSL_set_ocsp_url(WOLFSSL* ssl, char* url)
return WOLFSSL_SUCCESS; return WOLFSSL_SUCCESS;
} }
#endif /* OCSP */ #endif /* OCSP */
#endif /* OPENSSL_ALL / WOLFSSL_NGINX / WOLFSSL_HAPROXY */ #endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \ #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \
defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
@ -44246,6 +44254,20 @@ int wolfSSL_X509_check_issued(WOLFSSL_X509 *issuer, WOLFSSL_X509 *subject)
return X509_V_OK; return X509_V_OK;
} }
char* wolfSSL_sk_WOLFSSL_STRING_value(WOLF_STACK_OF(WOLFSSL_STRING)* strings,
int idx)
{
for (; idx > 0 && strings != NULL; idx--)
strings = strings->next;
if (strings == NULL)
return NULL;
return strings->data.string;
}
#endif /* WOLFSSL_NGINX || WOLFSSL_HAPROXY || OPENSSL_EXTRA || OPENSSL_ALL */
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509 *x) WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509 *x)
{ {
WOLFSSL_ENTER("wolfSSL_X509_dup"); WOLFSSL_ENTER("wolfSSL_X509_dup");
@ -44258,16 +44280,7 @@ WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509 *x)
return wolfSSL_X509_d2i(NULL, x->derCert->buffer, x->derCert->length); return wolfSSL_X509_d2i(NULL, x->derCert->buffer, x->derCert->length);
} }
char* wolfSSL_sk_WOLFSSL_STRING_value(WOLF_STACK_OF(WOLFSSL_STRING)* strings, #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
int idx)
{
for (; idx > 0 && strings != NULL; idx--)
strings = strings->next;
if (strings == NULL)
return NULL;
return strings->data.string;
}
#endif /* WOLFSSL_NGINX || WOLFSSL_HAPROXY || OPENSSL_EXTRA || OPENSSL_ALL */
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
#ifdef HAVE_ALPN #ifdef HAVE_ALPN

2
wolfssl/internal.h
View File

@ -3659,7 +3659,7 @@ struct WOLFSSL_X509 {
WOLFSSL_STACK* ext_sk; /* Store X509_EXTENSIONS from wolfSSL_X509_get_ext */ WOLFSSL_STACK* ext_sk; /* Store X509_EXTENSIONS from wolfSSL_X509_get_ext */
WOLFSSL_STACK* ext_d2i;/* Store d2i extensions from wolfSSL_X509_get_ext_d2i */ WOLFSSL_STACK* ext_d2i;/* Store d2i extensions from wolfSSL_X509_get_ext_d2i */
#endif /* WOLFSSL_QT || OPENSSL_ALL */ #endif /* WOLFSSL_QT || OPENSSL_ALL */
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
WOLFSSL_ASN1_INTEGER* serialNumber; /* Stores SN from wolfSSL_X509_get_serialNumber */ WOLFSSL_ASN1_INTEGER* serialNumber; /* Stores SN from wolfSSL_X509_get_serialNumber */
#endif #endif
WOLFSSL_ASN1_TIME notBefore; WOLFSSL_ASN1_TIME notBefore;

7
wolfssl/ssl.h
View File

@ -191,7 +191,7 @@ typedef struct WOLFSSL_AUTHORITY_KEYID WOLFSSL_AUTHORITY_KEYID;
typedef struct WOLFSSL_BASIC_CONSTRAINTS WOLFSSL_BASIC_CONSTRAINTS; typedef struct WOLFSSL_BASIC_CONSTRAINTS WOLFSSL_BASIC_CONSTRAINTS;
typedef struct WOLFSSL_ACCESS_DESCRIPTION WOLFSSL_ACCESS_DESCRIPTION; typedef struct WOLFSSL_ACCESS_DESCRIPTION WOLFSSL_ACCESS_DESCRIPTION;
#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
struct WOLFSSL_AUTHORITY_KEYID { struct WOLFSSL_AUTHORITY_KEYID {
WOLFSSL_ASN1_STRING *keyid; WOLFSSL_ASN1_STRING *keyid;
@ -3320,6 +3320,11 @@ WOLFSSL_API int wolfSSL_check_private_key(const WOLFSSL* ssl);
#endif /* !NO_CERTS */ #endif /* !NO_CERTS */
#endif /* OPENSSL_ALL || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ #endif /* OPENSSL_ALL || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
#ifdef WOLFSSL_WPAS_SMALL
/* WPA Supplicant requires GEN_ values */
#include <wolfssl/openssl/x509v3.h>
#endif
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
WOLFSSL_API void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, WOLFSSL_API void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509,
int nid, int* c, int* idx); int nid, int* c, int* idx);