wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-31 11:17:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3439 from julek-wolfssl/libest

Browse Source 
Compatibility layer additions for cisco/libest
This commit is contained in:
toddouska
2020-12-18 14:03:34 -08:00
committed by GitHub
parent bdd4799400 6226edb394
commit 814ed3f5a6
51 changed files with 6054 additions and 1021 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
certs/csr.attr.der Normal file
View File

Binary file not shown.

15
certs/csr.dsa.pem Normal file
View File

@ -0,0 +1,15 @@
-----BEGIN CERTIFICATE REQUEST-----
MIICSjCCAgcCAQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCAbcwggEsBgcqhkjO
OAQBMIIBHwKBgQDN3iVogFMN5XfW0pA5P5CiPzOUbuhPK2OrMKsVuhHqil2NzLjU
odXBR51ac2piSdEGB2f2L6M5vU4NtNMiI4TskyZaSe58iUhmTejo2FD7pXGfIhjl
5gtGh2buUo9GT7UDzu3jvuW1gdJZ6cCtTdBNJve6UOjJj/4kGT0up1I8bQIVAPtH
++yBIMgc6Uq6BG8Zm5TugmfTAoGBAJuVu4XFWEoynKpEhdZo3D4U9M5to0k46tZh
SJJaQJVJOKrhOSloWEeKSwHhLo5sY29AylA/jAuZ5HJCuLHCJkjxnIPGNy5arhEJ
2fOtH2+trVDjeDLm3o6qv9EAn7MCEhmiFewUGFwOJs75rsx7tdEm/IX+FJO2nX12
4zWXHt7EA4GEAAKBgHFJ1dk2HPSn5Nh8tybEFs1iP/NE9Pa+2Qmea/Z/uRToZ2Uv
dM1qRagMyJfEco8fLcL1mkFH+U+HYt5Y7/rK5bD1zCYklqvMgckgHv4tRO9FKhpo
3EDe9oMz3325wzakq69O5ZfvCD4PDA3crrZaGc0ahXF7nYnNErdyhYrNkPgJoAAw
CwYJYIZIAWUDBAMCAzAAMC0CFQCLSYH6QBDBF2c0ii0bvXXzM5qJIwIUUlCx5kp7
/DnfWP/hdw9xNrbD4jc=
-----END CERTIFICATE REQUEST-----

BIN
certs/csr.ext.der Normal file
View File

Binary file not shown.

BIN
certs/csr.signed.der Normal file
View File

Binary file not shown.

6
certs/include.am
View File

@ -52,7 +52,11 @@ EXTRA_DIST += \
certs/ecc-privOnlyCert.pem \
certs/dh3072.pem \
certs/dh4096.pem \
certs/client-cert-ext.pem
certs/client-cert-ext.pem \
certs/csr.attr.der \
certs/csr.dsa.pem \
certs/csr.signed.der \
certs/csr.ext.der
EXTRA_DIST += \
certs/ca-key.der \

90
configure.ac
View File

@ -702,6 +702,7 @@ AC_ARG_ENABLE([mcast],
# signal (--enable-signal)
# lighty (--enable-lighty) HAVE_LIGHTY
# stunnel (--enable-stunnel) HAVE_STUNNEL
# libest (--enable-libest) HAVE_LIBEST
# asio (--enable-asio) WOLFSSL_ASIO
# libwebsockets (--enable-libwebsockets) WOLFSSL_LIBWEBSOCKETS
# qt (--enable-qt) WOLFSSL_QT
@ -856,7 +857,7 @@ fi
if test "$ENABLED_OPENSSLALL" = "yes"
then
AM_CFLAGS="-DOPENSSL_ALL -DWOLFSSL_EITHER_SIDE -DWC_RSA_NO_PADDING -DWC_RSA_PSS $AM_CFLAGS"
AM_CFLAGS="-DOPENSSL_ALL -DWOLFSSL_EITHER_SIDE -DWC_RSA_NO_PADDING -DWC_RSA_PSS -DWOLFSSL_PSS_LONG_SALT $AM_CFLAGS"
fi
# OPENSSL Extra Compatibility
@ -4103,7 +4104,7 @@ then
# Requires Secure Renegotiation
if test "x$ENABLED_SECURE_RENEGOTIATION" = "xno"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_SECURE_RENEGOTIATION -DHAVE_SERVER_RENEGOTIATION_INFO"
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SECURE_RENEGOTIATION -DHAVE_SERVER_RENEGOTIATION_INFO"
fi
fi
@ -4240,6 +4241,91 @@ then
ENABLED_PSK=yes
fi
# libest Support
AC_ARG_ENABLE([libest],
[AS_HELP_STRING([--enable-libest],[Enable libest (default: disabled)])],
[ ENABLED_LIBEST=$enableval ],
[ ENABLED_LIBEST=no ]
)
if test "$ENABLED_LIBEST" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA -DHAVE_LIBEST -DWOLFSSL_ALT_NAMES"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PSS_SALT_LEN_DISCOVER"
# Requires opensslextra and opensslall
if test "x$ENABLED_OPENSSLALL" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
then
ENABLED_OPENSSLALL="yes"
ENABLED_OPENSSLEXTRA="yes"
AM_CFLAGS="-DOPENSSL_EXTRA -DOPENSSL_ALL $AM_CFLAGS"
AM_CFLAGS="-DWOLFSSL_EITHER_SIDE -DWC_RSA_NO_PADDING $AM_CFLAGS"
AM_CFLAGS="-DWC_RSA_PSS -DWOLFSSL_PSS_LONG_SALT $AM_CFLAGS"
fi
# Requires OCSP
if test "x$ENABLED_OCSP" = "xno"
then
ENABLED_OCSP="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP"
fi
# Requires PKCS7
if test "x$ENABLED_PKCS7" = "xno"
then
ENABLED_PKCS7="yes"
fi
# Requires Certificate Generation and Request
if test "x$ENABLED_CERTGEN" = "xno"
then
ENABLED_CERTGEN="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN"
fi
if test "x$ENABLED_CERTREQ" = "xno"
then
ENABLED_CERTREQ="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_REQ"
fi
if test "x$ENABLED_CERTEXT" = "xno"
then
ENABLED_CERTEXT="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT"
fi
# Requires CRL
if test "x$ENABLED_CRL" = "xno"
then
ENABLED_CRL="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL"
fi
if test "x$ENABLED_SRP" = "xno"
then
ENABLED_SRP="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_HAVE_SRP"
fi
# Enable prereqs if not already enabled
if test "x$ENABLED_KEYGEN" = "xno"
then
ENABLED_KEYGEN="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"
fi
# Requires sessioncerts make sure on
if test "x$ENABLED_SESSIONCERTS" = "xno"
then
ENABLED_SESSIONCERTS="yes"
AM_CFLAGS="$AM_CFLAGS -DSESSION_CERTS"
fi
if test "x$ENABLED_DSA" = "xno"
then
AC_MSG_WARN([Enabling DSA with --enable-dsa is recommended for libest])
fi
fi
# MD4
AC_ARG_ENABLE([md4],
[AS_HELP_STRING([--enable-md4],[Enable MD4 (default: disabled)])],

66
src/bio.c
View File

@ -229,7 +229,13 @@ int wolfSSL_BIO_read(WOLFSSL_BIO* bio, void* buf, int len)
#ifndef NO_FILESYSTEM
if (bio && bio->type == WOLFSSL_BIO_FILE) {
ret = (int)XFREAD(buf, 1, len, (XFILE)bio->ptr);
if (bio->ptr)
ret = (int)XFREAD(buf, 1, len, (XFILE)bio->ptr);
#if !defined(USE_WINDOWS_API) && !defined(NO_WOLFSSL_DIR)\
&& !defined(WOLFSSL_NUCLEUS) && !defined(WOLFSSL_NUCLEUS_1_2)
else
ret = (int)XREAD(bio->num, buf, len);
#endif
}
#endif
@ -580,8 +586,14 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len)
}
#ifndef NO_FILESYSTEM
if (bio->type == WOLFSSL_BIO_FILE) {
ret = (int)XFWRITE(data, 1, len, (XFILE)bio->ptr);
if (bio && bio->type == WOLFSSL_BIO_FILE) {
if (bio->ptr)
ret = (int)XFWRITE(data, 1, len, (XFILE)bio->ptr);
#if !defined(USE_WINDOWS_API) && !defined(NO_WOLFSSL_DIR)\
&& !defined(WOLFSSL_NUCLEUS) && !defined(WOLFSSL_NUCLEUS_1_2)
else
ret = (int)XWRITE(bio->num, data, len);
#endif
}
#endif
@ -940,11 +952,13 @@ size_t wolfSSL_BIO_ctrl_pending(WOLFSSL_BIO *bio)
return 0;
}
if (bio->type == WOLFSSL_BIO_MD) {
/* MD is a wrapper only get next bio */
if (bio->type == WOLFSSL_BIO_MD ||
bio->type == WOLFSSL_BIO_BASE64) {
/* these are wrappers only, get next bio */
while (bio->next != NULL) {
bio = bio->next;
if (bio->type != WOLFSSL_BIO_MD) {
if (bio->type == WOLFSSL_BIO_MD ||
bio->type == WOLFSSL_BIO_BASE64) {
break;
}
}
@ -1320,6 +1334,31 @@ int wolfSSL_BIO_reset(WOLFSSL_BIO *bio)
}
#ifndef NO_FILESYSTEM
/**
* Creates a new file BIO object
* @param fd file descriptor for to use for the new object
* @param close_flag BIO_NOCLOSE or BIO_CLOSE
* @return New BIO object or NULL on failure
*/
WOLFSSL_BIO *wolfSSL_BIO_new_fd(int fd, int close_flag)
{
WOLFSSL_BIO* bio;
bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file());
if (!bio) {
WOLFSSL_MSG("wolfSSL_BIO_new error");
return NULL;
}
if (wolfSSL_BIO_set_fd(bio, fd, close_flag) != WOLFSSL_SUCCESS) {
wolfSSL_BIO_free(bio);
WOLFSSL_MSG("wolfSSL_BIO_set_fp error");
return NULL;
}
return bio;
}
long wolfSSL_BIO_set_fp(WOLFSSL_BIO *bio, XFILE fp, int c)
{
WOLFSSL_ENTER("wolfSSL_BIO_set_fp");
@ -1679,16 +1718,25 @@ int wolfSSL_BIO_meth_set_destroy(WOLFSSL_BIO_METHOD *biom,
/* this compatibility function can be used for multiple BIO types */
int wolfSSL_BIO_get_mem_data(WOLFSSL_BIO* bio, void* p)
{
WOLFSSL_BIO* mem_bio;
WOLFSSL_ENTER("wolfSSL_BIO_get_mem_data");
if (bio == NULL)
return WOLFSSL_FATAL_ERROR;
if (p) {
*(byte**)p = (byte*)bio->ptr;
mem_bio = bio;
/* Return pointer from last memory BIO in chain */
while (bio->next) {
bio = bio->next;
if (bio->type == WOLFSSL_BIO_MEMORY)
mem_bio = bio;
}
return bio->num;
if (p) {
*(byte**)p = (byte*)mem_bio->ptr;
}
return mem_bio->num;
}
int wolfSSL_BIO_pending(WOLFSSL_BIO* bio)

11
src/crl.c
View File

@ -703,6 +703,11 @@ int wolfSSL_X509_STORE_add_crl(WOLFSSL_X509_STORE *store, WOLFSSL_X509_CRL *newc
return WOLFSSL_FAILURE;
}
store->crl = store->cm->crl = crl;
if (wolfSSL_CertManagerEnableCRL(store->cm, WOLFSSL_CRL_CHECKALL)
!= WOLFSSL_SUCCESS) {
WOLFSSL_MSG("wolfSSL_CertManagerEnableCRL error");
return WOLFSSL_FAILURE;
}
return WOLFSSL_SUCCESS;
}
@ -730,6 +735,12 @@ int wolfSSL_X509_STORE_add_crl(WOLFSSL_X509_STORE *store, WOLFSSL_X509_CRL *newc
wc_UnLockMutex(&crl->crlLock);
}
if (wolfSSL_CertManagerEnableCRL(store->cm, WOLFSSL_CRL_CHECKALL)
!= WOLFSSL_SUCCESS) {
WOLFSSL_MSG("wolfSSL_CertManagerEnableCRL error");
return WOLFSSL_FAILURE;
}
WOLFSSL_LEAVE("wolfSSL_X509_STORE_add_crl", WOLFSSL_SUCCESS);
return WOLFSSL_SUCCESS;

132
src/internal.c
View File

@ -1854,10 +1854,6 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx)
wolfSSL_CertManagerFree(ctx->cm);
ctx->cm = NULL;
#ifdef OPENSSL_EXTRA
/* ctx->cm was free'd so cm of x509 store should now be NULL */
if (ctx->x509_store_pt != NULL) {
ctx->x509_store_pt->cm = NULL;
}
wolfSSL_X509_STORE_free(ctx->x509_store_pt);
while (ctx->ca_names != NULL) {
WOLFSSL_STACK *next = ctx->ca_names->next;
@ -3432,6 +3428,9 @@ void FreeX509(WOLFSSL_X509* x509)
if (x509->ext_sk != NULL) {
wolfSSL_sk_X509_EXTENSION_free(x509->ext_sk);
}
if (x509->ext_sk_full != NULL) {
wolfSSL_sk_X509_EXTENSION_free(x509->ext_sk_full);
}
#endif /* OPENSSL_ALL || WOLFSSL_QT */
#ifdef OPENSSL_EXTRA
/* Free serialNumber that was set by wolfSSL_X509_get_serialNumber */
@ -3458,6 +3457,11 @@ void FreeX509(WOLFSSL_X509* x509)
x509->key.pkey = NULL;
}
#endif /* OPENSSL_ALL */
#if defined(WOLFSSL_CERT_REQ) && defined(OPENSSL_ALL)
if (x509->challengePwAttr) {
wolfSSL_X509_ATTRIBUTE_free(x509->challengePwAttr);
}
#endif /* WOLFSSL_CERT_REQ */
if (x509->altNames) {
FreeAltNames(x509->altNames, x509->heap);
x509->altNames = NULL;
@ -5263,6 +5267,64 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
ssl->ctx = ctx; /* only for passing to calls, options could change */
ssl->version = ctx->method->version;
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
ssl->options.mask = ctx->mask;
#endif
#ifdef OPENSSL_EXTRA
if (ssl->version.minor == TLSv1_3_MINOR &&
(ssl->options.mask & SSL_OP_NO_TLSv1_3) == SSL_OP_NO_TLSv1_3) {
if (!ctx->method->downgrade) {
WOLFSSL_MSG("\tInconsistent protocol options. TLS 1.3 set but not "
"allowed and downgrading disabled.");
return VERSION_ERROR;
}
WOLFSSL_MSG("\tOption set to not allow TLSv1.3, Downgrading");
ssl->version.minor = TLSv1_2_MINOR;
}
if (ssl->version.minor == TLSv1_2_MINOR &&
(ssl->options.mask & SSL_OP_NO_TLSv1_2) == SSL_OP_NO_TLSv1_2) {
if (!ctx->method->downgrade) {
WOLFSSL_MSG("\tInconsistent protocol options. TLS 1.2 set but not "
"allowed and downgrading disabled.");
return VERSION_ERROR;
}
WOLFSSL_MSG("\tOption set to not allow TLSv1.2, Downgrading");
ssl->version.minor = TLSv1_1_MINOR;
}
if (ssl->version.minor == TLSv1_1_MINOR &&
(ssl->options.mask & SSL_OP_NO_TLSv1_1) == SSL_OP_NO_TLSv1_1) {
if (!ctx->method->downgrade) {
WOLFSSL_MSG("\tInconsistent protocol options. TLS 1.1 set but not "
"allowed and downgrading disabled.");
return VERSION_ERROR;
}
WOLFSSL_MSG("\tOption set to not allow TLSv1.1, Downgrading");
ssl->options.tls1_1 = 0;
ssl->version.minor = TLSv1_MINOR;
}
if (ssl->version.minor == TLSv1_MINOR &&
(ssl->options.mask & SSL_OP_NO_TLSv1) == SSL_OP_NO_TLSv1) {
if (!ctx->method->downgrade) {
WOLFSSL_MSG("\tInconsistent protocol options. TLS 1 set but not "
"allowed and downgrading disabled.");
return VERSION_ERROR;
}
WOLFSSL_MSG("\tOption set to not allow TLSv1, Downgrading");
ssl->options.tls = 0;
ssl->options.tls1_1 = 0;
ssl->version.minor = SSLv3_MINOR;
}
if (ssl->version.minor == SSLv3_MINOR &&
(ssl->options.mask & SSL_OP_NO_SSLv3) == SSL_OP_NO_SSLv3) {
WOLFSSL_MSG("\tError, option set to not allow SSLv3");
return VERSION_ERROR;
}
if (ssl->version.minor < ssl->options.minDowngrade) {
WOLFSSL_MSG("\tversion below minimum allowed, fatal error");
return VERSION_ERROR;
}
#endif
#ifdef HAVE_ECC
ssl->eccTempKeySz = ctx->eccTempKeySz;
@ -5271,10 +5333,6 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
ssl->pkCurveOID = ctx->pkCurveOID;
#endif
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
ssl->options.mask = ctx->mask;
#endif
#ifdef OPENSSL_EXTRA
ssl->CBIS = ctx->CBIS;
#endif
@ -9564,6 +9622,40 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
else
x509->subjectCN[0] = '\0';
#ifdef WOLFSSL_CERT_REQ
x509->isCSR = dCert->isCSR;
/* CSR attributes */
if (dCert->cPwd) {
if (dCert->cPwdLen < CTC_NAME_SIZE) {
XMEMCPY(x509->challengePw, dCert->cPwd, dCert->cPwdLen);
x509->challengePw[dCert->cPwdLen] = '\0';
#ifdef OPENSSL_ALL
if (x509->challengePwAttr) {
wolfSSL_X509_ATTRIBUTE_free(x509->challengePwAttr);
}
x509->challengePwAttr = wolfSSL_X509_ATTRIBUTE_new();
if (x509->challengePwAttr) {
x509->challengePwAttr->value->value.asn1_string =
wolfSSL_ASN1_STRING_new();
if (wolfSSL_ASN1_STRING_set(
x509->challengePwAttr->value->value.asn1_string,
dCert->cPwd, dCert->cPwdLen) != WOLFSSL_SUCCESS) {
ret = MEMORY_E;
}
x509->challengePwAttr->value->type = V_ASN1_PRINTABLESTRING;
}
else {
ret = MEMORY_E;
}
#endif
}
else {
WOLFSSL_MSG("Challenge password too long");
ret = MEMORY_E;
}
}
#endif
#ifdef WOLFSSL_SEP
{
int minSz = min(dCert->deviceTypeSz, EXTERNAL_SERIAL_SIZE);
@ -12106,6 +12198,14 @@ int DoFinished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, word32 size,
ssl->secure_renegotiation->verifySet = 1;
}
#endif
#ifdef OPENSSL_ALL
if (ssl->options.side == WOLFSSL_CLIENT_END)
XMEMCPY(ssl->serverFinished,
input + *inOutIdx, TLS_FINISHED_SZ);
else
XMEMCPY(ssl->clientFinished,
input + *inOutIdx, TLS_FINISHED_SZ);
#endif
/* force input exhaustion at ProcessReply consuming padSz */
*inOutIdx += size + ssl->keys.padSz;
@ -15567,7 +15667,11 @@ int ProcessReply(WOLFSSL* ssl)
ssl->buffers.inputBuffer.length);
#endif
}
else if (!IsAtLeastTLSv1_3(ssl->version)) {
else if (!IsAtLeastTLSv1_3(ssl->version)
#if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_NO_TLS12)
|| !TLSv1_3_Capable(ssl)
#endif
) {
#ifndef WOLFSSL_NO_TLS12
ret = DoHandShakeMsg(ssl,
ssl->buffers.inputBuffer.buffer,
@ -16756,6 +16860,14 @@ int SendFinished(WOLFSSL* ssl)
TLS_FINISHED_SZ);
}
#endif
#ifdef OPENSSL_ALL
if (ssl->options.side == WOLFSSL_CLIENT_END)
XMEMCPY(ssl->clientFinished,
hashes, TLS_FINISHED_SZ);
else
XMEMCPY(ssl->serverFinished,
hashes, TLS_FINISHED_SZ);
#endif
#ifdef WOLFSSL_DTLS
if (IsDtlsNotSctpMode(ssl)) {
@ -20416,7 +20528,7 @@ exit_dpk:
#if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_NO_TLS12)
/* returns 1 if able to do TLS 1.3 otherwise 0 */
static int TLSv1_3_Capable(WOLFSSL* ssl)
int TLSv1_3_Capable(WOLFSSL* ssl)
{
#ifndef WOLFSSL_TLS13
return 0;

4156
src/ssl.c
View File

File diff suppressed because it is too large Load Diff

19
tests/NCONF_test.cnf Normal file
View File

@ -0,0 +1,19 @@
#
# This file is a sample configuration file that
# can be loaded with wolfSSL_NCONF_load
#
dir = ./test-dir
port = 1234
[ section1 ]
file1 = ./test-dir/file1 # test comment
file1_copy = $dir/file1
s1_dir = ./section1 # more comments
[section2]
fileName2 = file2
file_list = ${section1::file1}:$dir/file2:${section1::s1_dir}:$fileName2
port = 4321

33
tests/TXT_DB.txt Normal file
View File

@ -0,0 +1,33 @@
# This file was generated by libest unit tests.
V 211015165802Z 12F8 unknown /CN=TestCase9
V 211015165748Z 12F6 unknown /CN=rsa doe
V 211015165732Z 12F4 unknown /CN=rsa doe
V 211015165716Z 12F2 unknown /CN=rsa doe
V 320926161828Z 12F0 unknown /CN=rsa doe
V 211014161800Z 12EE unknown /CN=us4880_test2
V 320926161718Z 12EC unknown /CN=TEST16-CN
V 320926161653Z 12EA unknown /CN=TC4752-13
V 320926161607Z 12E8 unknown /CN=TC4752-8
V 320926161541Z 12E6 unknown /CN=US4752-TC2
V 320926161515Z 12E4 unknown /CN=TCUS3612-3
V 211014161456Z 12E2 unknown /CN=TC2174-4
V 211014161456Z 12E0 unknown /CN=TC2174-4
V 211014161455Z 12DE unknown /CN=TC2174-4
V 320926161440Z 12DC unknown /CN=TC1883-7
V 320926161440Z 12DA unknown /CN=TC1883-6
V 320926161434Z 12D8 unknown /CN=rsa doe
V 320926161421Z 12D6 unknown /CN=TC1005-93
V 320926161410Z 12D4 unknown /CN=TC1005-10
V 320926161359Z 12D2 unknown /CN=TC1005-8
V 320926161349Z 12D0 unknown /CN=TC1005-6
V 320926161343Z 12CE unknown /CN=TC1005-3
V 320926161343Z 12CC unknown /CN=TC1005-1
V 320926161338Z 12CA unknown /CN=TestCase9
V 320926161332Z 12C8 unknown /CN=US903-test7 CN
V 320926161321Z 12C6 unknown /CN=dsa doe
V 320926161321Z 12C4 unknown /CN=rsa doe
V 320926161304Z 12C2 unknown /CN=dsa doe
V 320926161304Z 12C0 unknown /CN=rsa doe
V 320926161208Z 12BE unknown /serialNumber=PID:Widget SN:2/CN=req by client in demo step 2
V 320926161116Z 12BC unknown /serialNumber=PID:Widget SN:2/CN=req by client in demo step 2

554
tests/api.c
View File

@ -307,6 +307,10 @@
#include <wolfssl/openssl/crypto.h>
#include <wolfssl/openssl/hmac.h>
#include <wolfssl/openssl/objects.h>
#ifdef OPENSSL_ALL
#include <wolfssl/openssl/txt_db.h>
#include <wolfssl/openssl/lhash.h>
#endif
#ifndef NO_AES
#include <wolfssl/openssl/aes.h>
#endif
@ -4903,6 +4907,8 @@ static void test_wolfSSL_X509_NAME_get_entry(void)
AssertNotNull(bio = BIO_new(BIO_s_mem()));
AssertIntEQ(X509_NAME_print_ex(bio, name, 4,
(XN_FLAG_RFC2253 & ~XN_FLAG_DN_REV)), WOLFSSL_SUCCESS);
AssertIntEQ(X509_NAME_print_ex_fp(stdout, name, 4,
(XN_FLAG_RFC2253 & ~XN_FLAG_DN_REV)), WOLFSSL_SUCCESS);
BIO_free(bio);
#endif
#endif
@ -25282,6 +25288,21 @@ static int test_wc_HashGetFlags(void)
| Compatibility Tests
*----------------------------------------------------------------------------*/
static void test_wolfSSL_lhash(void)
{
#ifdef OPENSSL_ALL
const char testStr[] = "Like a true nature's child\n"
"We were born\n"
"Born to be wild";
printf(testingFmt, "wolfSSL_LH_strhash()");
AssertIntEQ(lh_strhash(testStr), 0xb1231320);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_NAME(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \
@ -25917,6 +25938,39 @@ static void test_wolfSSL_certs(void)
#endif /* OPENSSL_EXTRA && !NO_CERTS */
}
static void test_wolfSSL_X509_check_private_key(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) && \
defined(USE_CERT_BUFFERS_2048)
X509* x509;
EVP_PKEY* pkey = NULL;
const byte* key;
printf(testingFmt, "wolfSSL_X509_check_private_key()");
/* Check with correct key */
AssertNotNull((x509 = X509_load_certificate_file(cliCertFile,
SSL_FILETYPE_PEM)));
key = client_key_der_2048;
AssertNotNull(d2i_PrivateKey(EVP_PKEY_RSA, &pkey,
&key, (long)sizeof_client_key_der_2048));
AssertIntEQ(X509_check_private_key(x509, pkey), 1);
EVP_PKEY_free(pkey);
pkey = NULL;
/* Check with wrong key */
key = server_key_der_2048;
AssertNotNull(d2i_PrivateKey(EVP_PKEY_RSA, &pkey,
&key, (long)sizeof_server_key_der_2048));
AssertIntEQ(X509_check_private_key(x509, pkey), 0);
EVP_PKEY_free(pkey);
X509_free(x509);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_ASN1_TIME_print(void)
{
@ -26241,6 +26295,7 @@ static void test_wolfSSL_PEM_PrivateKey(void)
const char* fname = "./certs/server-key.pem";
size_t sz;
byte* buf;
EVP_PKEY* pkey2;
file = XFOPEN(fname, "rb");
AssertTrue((file != XBADFILE));
@ -26260,6 +26315,11 @@ static void test_wolfSSL_PEM_PrivateKey(void)
XFREE(buf, NULL, DYNAMIC_TYPE_FILE);
BIO_free(bio);
bio = NULL;
AssertNotNull(pkey2 = EVP_PKEY_new());
pkey2->type = EVP_PKEY_RSA;
/* Test parameter copy */
AssertIntEQ(EVP_PKEY_copy_parameters(pkey2, pkey), 0);
EVP_PKEY_free(pkey2);
EVP_PKEY_free(pkey);
pkey = NULL;
}
@ -26272,6 +26332,8 @@ static void test_wolfSSL_PEM_PrivateKey(void)
const char* fname = "./certs/ecc-key.pem";
size_t sz;
byte* buf;
EVP_PKEY* pkey2;
int nid = 0;
file = XFOPEN(fname, "rb");
AssertTrue((file != XBADFILE));
@ -26289,6 +26351,14 @@ static void test_wolfSSL_PEM_PrivateKey(void)
XFREE(buf, NULL, DYNAMIC_TYPE_FILE);
BIO_free(bio);
bio = NULL;
AssertNotNull(pkey2 = EVP_PKEY_new());
pkey2->type = EVP_PKEY_EC;
/* Test parameter copy */
AssertIntEQ(EVP_PKEY_copy_parameters(pkey2, pkey), 1);
/* Test default digest */
AssertIntEQ(EVP_PKEY_get_default_digest_nid(pkey, &nid), 1);
AssertIntEQ(nid, NID_sha256);
EVP_PKEY_free(pkey2);
EVP_PKEY_free(pkey);
pkey = NULL;
}
@ -26751,6 +26821,9 @@ static void test_wolfSSL_tmp_dh(void)
int bytes;
DSA* dsa;
DH* dh;
#if !defined(NO_DH) && (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH))
DH* dh2;
#endif
BIO* bio;
SSL* ssl;
SSL_CTX* ctx;
@ -26779,6 +26852,9 @@ static void test_wolfSSL_tmp_dh(void)
dh = wolfSSL_DSA_dup_DH(dsa);
AssertNotNull(dh);
#if !defined(NO_DH) && (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH))
AssertNotNull(dh2 = wolfSSL_DH_dup(dh));
#endif
AssertIntEQ((int)SSL_CTX_set_tmp_dh(ctx, dh), WOLFSSL_SUCCESS);
#ifndef NO_WOLFSSL_SERVER
@ -26790,6 +26866,9 @@ static void test_wolfSSL_tmp_dh(void)
BIO_free(bio);
DSA_free(dsa);
DH_free(dh);
#if !defined(NO_DH) && (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH))
DH_free(dh2);
#endif
SSL_free(ssl);
SSL_CTX_free(ctx);
@ -27583,8 +27662,7 @@ static void test_wolfSSL_X509_STORE_CTX_get0_current_issuer(void)
cmp = X509_NAME_cmp(caName, issuerName);
AssertIntEQ(cmp, 0);
#else
/* X509_STORE_CTX_get0_current_issuer() returns empty issuer */
AssertNull(issuerName);
AssertNotNull(issuerName);
#endif
X509_free(issuer);
@ -27597,6 +27675,61 @@ static void test_wolfSSL_X509_STORE_CTX_get0_current_issuer(void)
#endif
}
static void test_wolfSSL_PKCS7_certs(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA) && defined(HAVE_PKCS7)
STACK_OF(X509)* sk = NULL;
STACK_OF(X509_INFO)* info_sk = NULL;
PKCS7 *p7 = NULL;
BIO* bio;
const byte* p = NULL;
int buflen = 0;
int i;
printf(testingFmt, "wolfSSL_PKCS7_certs()");
/* Test twice. Once with d2i and once without to test
* that everything is free'd correctly. */
for (i = 0; i < 2; i++) {
AssertNotNull(p7 = PKCS7_new());
p7->version = 1;
p7->hashOID = SHAh;
AssertNotNull(bio = BIO_new(BIO_s_file()));
AssertIntGT(BIO_read_filename(bio, svrCertFile), 0);
AssertNotNull(info_sk = PEM_X509_INFO_read_bio(bio, NULL, NULL, NULL));
AssertIntEQ(sk_X509_INFO_num(info_sk), 2);
AssertNotNull(sk = sk_X509_new_null());
while (sk_X509_INFO_num(info_sk)) {
X509_INFO* info;
AssertNotNull(info = sk_X509_INFO_shift(info_sk));
AssertIntEQ(sk_X509_push(sk, info->x509), 1);
info->x509 = NULL;
X509_INFO_free(info);
}
sk_X509_INFO_free(info_sk);
BIO_free(bio);
bio = BIO_new(BIO_s_mem());
AssertIntEQ(wolfSSL_PKCS7_encode_certs(p7, sk, bio), 1);
AssertIntGT((buflen = BIO_get_mem_data(bio, &p)), 0);
if (i == 0) {
PKCS7_free(p7);
AssertNotNull(d2i_PKCS7(&p7, &p, buflen));
/* Reset certs to force wolfSSL_PKCS7_to_stack to regenerate them */
((WOLFSSL_PKCS7*)p7)->certs = NULL;
/* PKCS7_free free's the certs */
AssertNotNull(wolfSSL_PKCS7_to_stack(p7));
}
BIO_free(bio);
PKCS7_free(p7);
}
printf(resultFmt, passed);
#endif /* defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA) && defined(HAVE_PKCS7) */
}
static void test_wolfSSL_X509_STORE_CTX(void)
{
@ -27630,6 +27763,9 @@ static void test_wolfSSL_X509_STORE_CTX(void)
X509_STORE_CTX_set_error(NULL, -5);
X509_STORE_CTX_free(ctx);
#ifdef OPENSSL_ALL
sk_X509_free(sk);
#endif
X509_STORE_free(str);
X509_free(x509);
@ -27658,7 +27794,8 @@ static void test_wolfSSL_X509_STORE_CTX(void)
X509_STORE_free(str);
/* CTX certs not freed yet */
X509_free(x5092);
/* sk2 freed as part of X509_STORE_CTX_free(), sk3 is dup so free here */
sk_X509_free(sk);
/* sk3 is dup so free here */
sk_X509_free(sk3);
#endif
@ -27995,6 +28132,7 @@ static void test_wolfSSL_CTX_set_srp_username(void)
#if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) \
&& !defined(NO_SHA256) && !defined(WC_NO_RNG)
WOLFSSL_CTX* ctx;
WOLFSSL* ssl;
const char *username = "TESTUSER";
const char *password = "TESTPASSWORD";
int r;
@ -28013,6 +28151,12 @@ static void test_wolfSSL_CTX_set_srp_username(void)
AssertIntEQ(r,SSL_SUCCESS);
r = wolfSSL_CTX_set_srp_username(ctx, (char *)username);
AssertIntEQ(r,SSL_SUCCESS);
AssertNotNull(ssl = SSL_new(ctx));
AssertNotNull(SSL_get_srp_username(ssl));
AssertStrEQ(SSL_get_srp_username(ssl), username);
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
printf(resultFmt, passed);
@ -29247,9 +29391,7 @@ static void test_wolfSSL_X509_cmp_time(void)
XMEMSET(&asn_time, 0, sizeof(WOLFSSL_ASN1_TIME));
AssertIntEQ(0, wolfSSL_X509_cmp_time(&asn_time, &t));
asn_time.type = ASN_UTC_TIME;
asn_time.length = ASN_UTC_TIME_SIZE;
XMEMCPY(&asn_time.data, "000222211515Z", 13);
AssertIntEQ(ASN1_TIME_set_string(&asn_time, "000222211515Z"), 1);
AssertIntEQ(-1, wolfSSL_X509_cmp_time(&asn_time, NULL));
printf(resultFmt, passed);
@ -29308,7 +29450,9 @@ static void test_wolfSSL_X509(void)
AssertNotNull(bio = BIO_new(BIO_s_mem()));
#ifdef WOLFSSL_CERT_GEN
AssertIntEQ(i2d_X509_bio(bio, x509), SSL_SUCCESS);
#endif
AssertNotNull(ctx = X509_STORE_CTX_new());
@ -29405,6 +29549,7 @@ static void test_wolfSSL_X509_sign(void)
DecodedCert dCert;
EVP_PKEY *pub;
EVP_PKEY *priv;
EVP_MD_CTX *mctx;
#if defined(USE_CERT_BUFFERS_1024)
const unsigned char* rsaPriv = client_key_der_1024;
const unsigned char* rsaPub = client_keypub_der_1024;
@ -29472,6 +29617,11 @@ static void test_wolfSSL_X509_sign(void)
/* test valid sign case */
ret = X509_sign(x509, priv, EVP_sha256());
/* test valid X509_sign_ctx case */
AssertNotNull(mctx = EVP_MD_CTX_new());
AssertIntEQ(EVP_DigestSignInit(mctx, NULL, EVP_sha256(), NULL, priv), 1);
AssertIntGT(X509_sign_ctx(x509, mctx), 0);
#if defined(OPENSSL_ALL) && defined(WOLFSSL_ALT_NAMES)
AssertIntEQ(X509_get_ext_count(x509), 1);
#endif
@ -29539,6 +29689,12 @@ static void test_wolfSSL_X509_sign(void)
AssertIntEQ(X509_sign(x509, NULL, EVP_sha256()), 0);
AssertIntEQ(X509_sign(x509, priv, NULL), 0);
AssertIntEQ(X509_sign_ctx(NULL, mctx), 0);
EVP_MD_CTX_free(mctx);
AssertNotNull(mctx = EVP_MD_CTX_new());
AssertIntEQ(X509_sign_ctx(x509, mctx), 0);
AssertIntEQ(X509_sign_ctx(x509, NULL), 0);
/* test invalid version number */
#if defined(OPENSSL_ALL)
AssertIntNE(X509_set_version(x509, 6L), 0);
@ -29548,7 +29704,7 @@ static void test_wolfSSL_X509_sign(void)
AssertIntEQ(X509_get_ext_count(x509), SSL_FAILURE);
#endif
EVP_MD_CTX_free(mctx);
EVP_PKEY_free(priv);
EVP_PKEY_free(pub);
X509_free(x509);
@ -29705,6 +29861,7 @@ static void test_wolfSSL_X509_PUBKEY(void)
X509_PUBKEY_free(pubKey2);
X509_free(x509);
EVP_PKEY_free(evpKey);
printf(resultFmt, passed);
#endif
@ -30080,7 +30237,8 @@ static void test_wolfSSL_ERR_print_errors(void)
AssertIntEQ(BIO_gets(bio, buf, sizeof(buf)), 57);
AssertIntEQ(XSTRNCMP("error:295:wolfSSL library:unknown error number:asn.c:100",
buf, 56), 0);
AssertIntEQ(BIO_gets(bio, buf, sizeof(buf)), 0);
AssertIntEQ(BIO_gets(bio, buf, sizeof(buf)), 1);
AssertIntEQ(buf[0], '\0');
AssertIntEQ(ERR_get_error_line(NULL, NULL), 0);
BIO_free(bio);
@ -31088,6 +31246,7 @@ static void test_wolfSSL_BIO_write(void)
char msg[] = "conversion test";
char out[40];
char expected[] = "Y29udmVyc2lvbiB0ZXN0AA==\n";
void* bufPtr = NULL;
BUF_MEM* buf = NULL;
printf(testingFmt, "wolfSSL_BIO_write()");
@ -31103,6 +31262,8 @@ static void test_wolfSSL_BIO_write(void)
AssertIntEQ(SSL_SUCCESS, (int)BIO_get_mem_ptr(bio, &buf));
AssertNotNull(buf);
AssertIntEQ(buf->length, 25);
AssertIntEQ(BIO_get_mem_data(bio, &bufPtr), 25);
AssertPtrEq(buf->data, bufPtr);
AssertNotNull(ptr = BIO_find_type(bio, BIO_TYPE_MEM));
sz = sizeof(out);
@ -33168,6 +33329,36 @@ static void test_wolfSSL_ASN1_STRING_to_UTF8(void)
wolfSSL_X509_free(x509);
XFREE(actual_output, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}
static void test_wolfSSL_ASN1_UNIVERSALSTRING_to_string(void)
{
ASN1_STRING* asn1str_test;
ASN1_STRING* asn1str_answer;
/* Each character is encoded using 4 bytes */
char input[] = {
0, 0, 0, 'T',
0, 0, 0, 'e',
0, 0, 0, 's',
0, 0, 0, 't',
};
char output[] = "Test";
printf(testingFmt, "test_wolfSSL_ASN1_UNIVERSALSTRING_to_string()");
AssertNotNull(asn1str_test = ASN1_STRING_type_new(V_ASN1_UNIVERSALSTRING));
AssertIntEQ(ASN1_STRING_set(asn1str_test, input, sizeof(input)), 1);
AssertIntEQ(ASN1_UNIVERSALSTRING_to_string(asn1str_test), 1);
AssertNotNull(asn1str_answer = ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING));
AssertIntEQ(ASN1_STRING_set(asn1str_answer, output, sizeof(output)-1), 1);
AssertIntEQ(ASN1_STRING_cmp(asn1str_test, asn1str_answer), 0);
ASN1_STRING_free(asn1str_test);
ASN1_STRING_free(asn1str_answer);
printf(resultFmt, "passed");
}
#endif /* !defined(NO_ASN) */
static void test_wolfSSL_sk_CIPHER_description(void)
@ -33276,10 +33467,13 @@ static void test_wolfSSL_X509_PUBKEY_get(void)
{
WOLFSSL_X509_PUBKEY pubkey;
WOLFSSL_X509_PUBKEY* key;
WOLFSSL_EVP_PKEY evpkey;
WOLFSSL_EVP_PKEY evpkey ;
WOLFSSL_EVP_PKEY* evpPkey;
WOLFSSL_EVP_PKEY* retEvpPkey;
XMEMSET(&pubkey, 0, sizeof(WOLFSSL_X509_PUBKEY));
XMEMSET(&evpkey, 0, sizeof(WOLFSSL_EVP_PKEY));
key = &pubkey;
evpPkey = &evpkey;
@ -34772,6 +34966,96 @@ static void test_wolfSSL_OBJ_sn(void)
printf(resultFmt, passed);
}
static unsigned long TXT_DB_hash(const WOLFSSL_STRING *s)
{
return lh_strhash(s[3]);
}
static int TXT_DB_cmp(const WOLFSSL_STRING *a, const WOLFSSL_STRING *b)
{
return XSTRCMP(a[3], b[3]);
}
static void test_wolfSSL_TXT_DB(void)
{
#if !defined(NO_FILESYSTEM)
BIO *bio;
TXT_DB *db = NULL;
const int columns = 6;
const char *fields[6] = {
"V",
"320926161116Z",
"",
"12BD",
"unknown",
"/CN=rsa doe",
};
char** fields_copy;
printf(testingFmt, "wolfSSL_TXT_DB");
/* Test read */
AssertNotNull(bio = BIO_new(BIO_s_file()));
AssertIntGT(BIO_read_filename(bio, "./tests/TXT_DB.txt"), 0);
AssertNotNull(db = TXT_DB_read(bio, columns));
AssertNotNull(fields_copy = (char**)XMALLOC(sizeof(fields), NULL,
DYNAMIC_TYPE_OPENSSL));
XMEMCPY(fields_copy, fields, sizeof(fields));
AssertIntEQ(TXT_DB_insert(db, fields_copy), 1);
BIO_free(bio);
/* Test write */
AssertNotNull(bio = BIO_new(BIO_s_mem()));
AssertIntEQ(TXT_DB_write(bio, db), 1484);
BIO_free(bio);
/* Test index */
AssertIntEQ(TXT_DB_create_index(db, 3, NULL, (wolf_sk_hash_cb)TXT_DB_hash,
(wolf_sk_compare_cb)TXT_DB_cmp), 1);
AssertNotNull(TXT_DB_get_by_index(db, 3, (WOLFSSL_STRING*)fields));
fields[3] = "12DA";
AssertNotNull(TXT_DB_get_by_index(db, 3, (WOLFSSL_STRING*)fields));
fields[3] = "FFFF";
AssertNull(TXT_DB_get_by_index(db, 3, (WOLFSSL_STRING*)fields));
fields[3] = "";
AssertNull(TXT_DB_get_by_index(db, 3, (WOLFSSL_STRING*)fields));
TXT_DB_free(db);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_NCONF(void)
{
#if !defined(NO_FILESYSTEM)
const char* confFile = "./tests/NCONF_test.cnf";
CONF* conf = NULL;
long eline = 0;
long num = 0;
printf(testingFmt, "wolfSSL_NCONF");
AssertNotNull(conf = NCONF_new(NULL));
AssertIntEQ(NCONF_load(conf, confFile, &eline), 1);
AssertIntEQ(NCONF_get_number(conf, NULL, "port", &num), 1);
AssertIntEQ(num, 1234);
AssertIntEQ(NCONF_get_number(conf, "section2", "port", &num), 1);
AssertIntEQ(num, 4321);
AssertStrEQ(NCONF_get_string(conf, NULL, "dir"), "./test-dir");
AssertStrEQ(NCONF_get_string(conf, "section1", "file1_copy"),
"./test-dir/file1");
AssertStrEQ(NCONF_get_string(conf, "section2", "file_list"),
"./test-dir/file1:./test-dir/file2:./section1:file2");
NCONF_free(conf);
printf(resultFmt, passed);
#endif
}
#endif /* OPENSSL_ALL */
@ -36406,6 +36690,8 @@ static void test_X509_REQ(void)
unsigned char* der = NULL;
#endif
#ifndef NO_RSA
EVP_MD_CTX *mctx = NULL;
EVP_PKEY_CTX *pkctx = NULL;
#ifdef USE_CERT_BUFFERS_1024
const unsigned char* rsaPriv = (const unsigned char*)client_key_der_1024;
const unsigned char* rsaPub = (unsigned char*)client_keypub_der_1024;
@ -36447,6 +36733,12 @@ static void test_X509_REQ(void)
AssertIntEQ(i2d_X509_REQ(req, &der), 643);
XFREE(der, NULL, DYNAMIC_TYPE_OPENSSL);
der = NULL;
mctx = EVP_MD_CTX_new();
AssertIntEQ(EVP_DigestSignInit(mctx, &pkctx, EVP_sha256(), NULL, priv), WOLFSSL_SUCCESS);
AssertIntEQ(X509_REQ_sign_ctx(req, mctx), WOLFSSL_SUCCESS);
EVP_MD_CTX_free(mctx);
X509_REQ_free(NULL);
X509_REQ_free(req);
EVP_PKEY_free(pub);
@ -36488,6 +36780,11 @@ static void test_wolfssl_PKCS7(void)
word32 len = sizeof(data);
const byte* p = data;
byte content[] = "Test data to encode.";
#if !defined(NO_RSA) & defined(USE_CERT_BUFFERS_2048)
BIO* bio;
byte key[sizeof_client_key_der_2048];
word32 keySz = (word32)sizeof(key);
#endif
AssertIntGT((len = CreatePKCS7SignedData(data, len, content,
(word32)sizeof(content),
@ -36513,6 +36810,18 @@ static void test_wolfssl_PKCS7(void)
AssertIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, NULL, NULL,
PKCS7_NOVERIFY), WOLFSSL_SUCCESS);
#if !defined(NO_RSA) & defined(USE_CERT_BUFFERS_2048)
/* test i2d */
XMEMCPY(key, client_key_der_2048, keySz);
pkcs7->privateKey = key;
pkcs7->privateKeySz = (word32)sizeof(key);
pkcs7->encryptOID = RSAk;
pkcs7->hashOID = SHAh;
AssertNotNull(bio = BIO_new(BIO_s_mem()));
AssertIntEQ(i2d_PKCS7_bio(bio, pkcs7), 1);
BIO_free(bio);
#endif
PKCS7_free(NULL);
PKCS7_free(pkcs7);
@ -37871,6 +38180,147 @@ static void test_wolfSSL_X509_CRL(void)
return;
}
static void test_wolfSSL_d2i_X509_REQ(void)
{
#if defined(WOLFSSL_CERT_REQ) && (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA))
/* ./certs/csr.signed.der, ./certs/csr.ext.der, and ./certs/csr.attr.der were
* generated by libest
* ./certs/csr.attr.der contains sample attributes
* ./certs/csr.ext.der contains sample extensions */
const char* csrFile = "./certs/csr.signed.der";
const char* csrPopFile = "./certs/csr.attr.der";
const char* csrExtFile = "./certs/csr.ext.der";
/* ./certs/csr.dsa.pem is generated using
* openssl req -newkey dsa:certs/dsaparams.pem \
* -keyout certs/csr.dsa.key.pem -keyform PEM -out certs/csr.dsa.pem \
* -outform PEM
* with the passphrase "wolfSSL"
*/
#if !defined(NO_DSA) && !defined(HAVE_SELFTEST)
const char* csrDsaFile = "./certs/csr.dsa.pem";
#endif
BIO* bio = NULL;
X509* req = NULL;
EVP_PKEY *pub_key = NULL;
{
AssertNotNull(bio = BIO_new_file(csrFile, "rb"));
AssertNotNull(d2i_X509_REQ_bio(bio, &req));
/*
* Extract the public key from the CSR
*/
AssertNotNull(pub_key = X509_REQ_get_pubkey(req));
/*
* Verify the signature in the CSR
*/
AssertIntEQ(X509_REQ_verify(req, pub_key), 1);
X509_free(req);
BIO_free(bio);
EVP_PKEY_free(pub_key);
}
{
#ifdef OPENSSL_ALL
X509_ATTRIBUTE* attr;
ASN1_TYPE *at;
#endif
AssertNotNull(bio = BIO_new_file(csrPopFile, "rb"));
AssertNotNull(d2i_X509_REQ_bio(bio, &req));
/*
* Extract the public key from the CSR
*/
AssertNotNull(pub_key = X509_REQ_get_pubkey(req));
/*
* Verify the signature in the CSR
*/
AssertIntEQ(X509_REQ_verify(req, pub_key), 1);
#ifdef OPENSSL_ALL
/*
* Obtain the challenge password from the CSR
*/
AssertIntEQ(X509_REQ_get_attr_by_NID(req, NID_pkcs9_challengePassword, -1),
NID_pkcs9_challengePassword);
AssertNotNull(attr = X509_REQ_get_attr(req, NID_pkcs9_challengePassword));
AssertNotNull(at = X509_ATTRIBUTE_get0_type(attr, 0));
AssertNotNull(at->value.asn1_string);
AssertStrEQ((char*)ASN1_STRING_data(at->value.asn1_string), "2xIE+qqp/rhyTXP+");
AssertIntEQ(X509_get_ext_by_NID(req, NID_subject_alt_name, -1), -1);
#endif
X509_free(req);
BIO_free(bio);
EVP_PKEY_free(pub_key);
}
{
#ifdef OPENSSL_ALL
X509_ATTRIBUTE* attr;
ASN1_TYPE *at;
STACK_OF(X509_EXTENSION) *exts = NULL;
#endif
AssertNotNull(bio = BIO_new_file(csrExtFile, "rb"));
/* This CSR contains an Extension Request attribute so
* we test extension parsing in a CSR attribute here. */
AssertNotNull(d2i_X509_REQ_bio(bio, &req));
/*
* Extract the public key from the CSR
*/
AssertNotNull(pub_key = X509_REQ_get_pubkey(req));
/*
* Verify the signature in the CSR
*/
AssertIntEQ(X509_REQ_verify(req, pub_key), 1);
#ifdef OPENSSL_ALL
AssertNotNull(exts = (STACK_OF(X509_EXTENSION)*)X509_REQ_get_extensions(req));
AssertIntEQ(sk_X509_EXTENSION_num(exts), 2);
sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
/*
* Obtain the challenge password from the CSR
*/
AssertIntEQ(X509_REQ_get_attr_by_NID(req, NID_pkcs9_challengePassword, -1),
NID_pkcs9_challengePassword);
AssertNotNull(attr = X509_REQ_get_attr(req, NID_pkcs9_challengePassword));
AssertNotNull(at = X509_ATTRIBUTE_get0_type(attr, 0));
AssertNotNull(at->value.asn1_string);
AssertStrEQ((char*)ASN1_STRING_data(at->value.asn1_string), "IGCu/xNL4/0/wOgo");
AssertIntGE(X509_get_ext_by_NID(req, NID_key_usage, -1), 0);
AssertIntGE(X509_get_ext_by_NID(req, NID_subject_alt_name, -1), 0);
#endif
X509_free(req);
BIO_free(bio);
EVP_PKEY_free(pub_key);
}
#if !defined(NO_DSA) && !defined(HAVE_SELFTEST)
{
AssertNotNull(bio = BIO_new_file(csrDsaFile, "rb"));
AssertNotNull(PEM_read_bio_X509_REQ(bio, &req, NULL, NULL));
/*
* Extract the public key from the CSR
*/
AssertNotNull(pub_key = X509_REQ_get_pubkey(req));
/*
* Verify the signature in the CSR
*/
AssertIntEQ(X509_REQ_verify(req, pub_key), 1);
X509_free(req);
BIO_free(bio);
EVP_PKEY_free(pub_key);
}
#endif /* !NO_DSA && !HAVE_SELFTEST */
#endif /* WOLFSSL_CERT_REQ && (OPENSSL_ALL || OPENSSL_EXTRA) */
}
static void test_wolfSSL_PEM_read_X509(void)
{
#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) && !defined(NO_FILESYSTEM) && \
@ -38628,6 +39078,9 @@ static void test_wolfSSL_X509_print()
!defined(NO_RSA) && !defined(HAVE_FAST_RSA) && defined(XSNPRINTF)
X509 *x509;
BIO *bio;
#ifdef OPENSSL_ALL
const X509_ALGOR *cert_sig_alg;
#endif
printf(testingFmt, "wolfSSL_X509_print");
x509 = X509_load_certificate_file(svrCertFile, WOLFSSL_FILETYPE_PEM);
@ -38644,13 +39097,21 @@ static void test_wolfSSL_X509_print()
#endif
BIO_free(bio);
AssertNotNull(bio = BIO_new_fd(STDOUT_FILENO, BIO_NOCLOSE));
#ifdef OPENSSL_ALL
/* Print signature */
AssertNotNull(cert_sig_alg = X509_get0_tbs_sigalg(x509));
AssertIntEQ(X509_signature_print(bio, cert_sig_alg, NULL), SSL_SUCCESS);
#endif
/* print to stdout */
AssertNotNull(bio = BIO_new(BIO_s_file()));
wolfSSL_BIO_set_fp(bio, stdout, BIO_NOCLOSE);
AssertIntEQ(X509_print(bio, x509), SSL_SUCCESS);
BIO_free(bio);
/* print again */
AssertIntEQ(X509_print_fp(stdout, x509), SSL_SUCCESS);
X509_free(x509);
BIO_free(bio);
printf(resultFmt, passed);
#endif
}
@ -38665,8 +39126,7 @@ static void test_wolfSSL_RSA_print()
printf(testingFmt, "wolfSSL_RSA_print");
AssertNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file()));
wolfSSL_BIO_set_fp(bio, stdout, BIO_NOCLOSE);
AssertNotNull(bio = BIO_new_fd(STDOUT_FILENO, BIO_NOCLOSE));
AssertIntEQ(RSA_print(bio, rsa, 0), SSL_SUCCESS);
BIO_free(bio);
@ -38750,6 +39210,64 @@ static void test_wolfSSL_ASN1_STRING_print(void){
#endif /* !NO_BIO */
static void test_wolfSSL_ASN1_get_object(void)
{
#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
const unsigned char* derBuf = cliecc_cert_der_256;
int len = sizeof_cliecc_cert_der_256;
long asnLen = 0;
int tag = 0, cls = 0;
ASN1_OBJECT *a;
printf(testingFmt, "wolfSSL_ASN1_get_object()");
/* Read a couple TLV triplets and make sure they match the expected values */
AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls, len) & 0x80, 0);
AssertIntEQ(asnLen, 863);
AssertIntEQ(tag, 0x10);
AssertIntEQ(cls, 0);
AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls,
len - (derBuf - cliecc_cert_der_256)) & 0x80, 0);
AssertIntEQ(asnLen, 772);
AssertIntEQ(tag, 0x10);
AssertIntEQ(cls, 0);
AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls,
len - (derBuf - cliecc_cert_der_256)) & 0x80, 0);
AssertIntEQ(asnLen, 3);
AssertIntEQ(tag, 0);
AssertIntEQ(cls, 0x80);
AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls,
len - (derBuf - cliecc_cert_der_256)) & 0x80, 0);
AssertIntEQ(asnLen, 1);
AssertIntEQ(tag, 0x2);
AssertIntEQ(cls, 0);
derBuf += asnLen;
AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls,
len - (derBuf - cliecc_cert_der_256)) & 0x80, 0);
AssertIntEQ(asnLen, 20);
AssertIntEQ(tag, 0x2);
AssertIntEQ(cls, 0);
derBuf += asnLen;
AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls,
len - (derBuf - cliecc_cert_der_256)) & 0x80, 0);
AssertIntEQ(asnLen, 10);
AssertIntEQ(tag, 0x10);
AssertIntEQ(cls, 0);
/* Read an ASN OBJECT */
AssertNotNull(d2i_ASN1_OBJECT(&a, &derBuf, len));
ASN1_OBJECT_free(a);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && HAVE_ECC && USE_CERT_BUFFERS_256 */
}
static void test_wolfSSL_RSA_verify()
{
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_FAST_RSA) && \
@ -39424,6 +39942,7 @@ void ApiTest(void)
test_wolfSSL_mcast();
/* compatibility tests */
test_wolfSSL_lhash();
test_wolfSSL_X509_NAME();
#ifndef NO_BIO
test_wolfSSL_X509_INFO();
@ -39433,6 +39952,7 @@ void ApiTest(void)
test_wolfSSL_X509_check_host();
test_wolfSSL_DES();
test_wolfSSL_certs();
test_wolfSSL_X509_check_private_key();
test_wolfSSL_ASN1_TIME_print();
test_wolfSSL_ASN1_UTCTIME_print();
test_wolfSSL_ASN1_GENERALIZEDTIME_free();
@ -39467,6 +39987,7 @@ void ApiTest(void)
#endif
test_wolfSSL_set_options();
test_wolfSSL_sk_SSL_CIPHER();
test_wolfSSL_PKCS7_certs();
test_wolfSSL_X509_STORE_CTX();
test_wolfSSL_X509_STORE_CTX_get0_current_issuer();
test_wolfSSL_msgCb();
@ -39551,6 +40072,7 @@ void ApiTest(void)
test_wolfSSL_SHA256();
test_wolfSSL_X509_get_serialNumber();
test_wolfSSL_X509_CRL();
test_wolfSSL_d2i_X509_REQ();
test_wolfSSL_PEM_read_X509();
test_wolfSSL_PEM_read();
#ifndef NO_BIO
@ -39589,6 +40111,7 @@ void ApiTest(void)
test_wolfSSL_d2i_DHparams();
test_wolfSSL_i2d_DHparams();
test_wolfSSL_ASN1_STRING_to_UTF8();
test_wolfSSL_ASN1_UNIVERSALSTRING_to_string();
test_wolfSSL_EC_KEY_dup();
test_wolfSSL_EVP_PKEY_set1_get1_DSA();
test_wolfSSL_EVP_PKEY_set1_get1_EC_KEY();
@ -39627,6 +40150,8 @@ void ApiTest(void)
test_IncCtr();
test_wolfSSL_OBJ_ln();
test_wolfSSL_OBJ_sn();
test_wolfSSL_TXT_DB();
test_wolfSSL_NCONF();
#endif /* OPENSSL_ALL */
@ -39659,6 +40184,7 @@ void ApiTest(void)
test_wolfSSL_RSA_print();
test_wolfSSL_ASN1_STRING_print();
#endif
test_wolfSSL_ASN1_get_object();
test_openssl_generate_key_and_cert();
test_wolfSSL_EC_get_builtin_curves();

4
tests/include.am
View File

@ -50,5 +50,7 @@ EXTRA_DIST += tests/test.conf \
tests/test-trustpeer.conf \
tests/test-dhprime.conf \
tests/test-p521.conf \
tests/test-ecc-cust-curves.conf
tests/test-ecc-cust-curves.conf \
tests/NCONF_test.cnf \
tests/TXT_DB.txt
DISTCLEANFILES+= tests/.libs/unit.test

936
wolfcrypt/src/asn.c
View File

File diff suppressed because it is too large Load Diff

39
wolfcrypt/src/dh.c
View File

@ -2079,6 +2079,45 @@ int wc_DhAgree(DhKey* key, byte* agree, word32* agreeSz, const byte* priv,
}
#ifdef WOLFSSL_DH_EXTRA
WOLFSSL_LOCAL int wc_DhKeyCopy(DhKey* src, DhKey* dst)
{
int ret;
if (!src || !dst || src == dst) {
WOLFSSL_MSG("Parameters not provided or are the same");
return BAD_FUNC_ARG;
}
if ((ret = mp_copy(&src->p, &dst->p)) != MP_OKAY) {
WOLFSSL_MSG("mp_copy error");
return ret;
}
if ((ret = mp_copy(&src->g, &dst->g)) != MP_OKAY) {
WOLFSSL_MSG("mp_copy error");
return ret;
}
if ((ret = mp_copy(&src->q, &dst->q)) != MP_OKAY) {
WOLFSSL_MSG("mp_copy error");
return ret;
}
if ((ret = mp_copy(&src->pub, &dst->pub)) != MP_OKAY) {
WOLFSSL_MSG("mp_copy error");
return ret;
}
if ((ret = mp_copy(&src->priv, &dst->priv)) != MP_OKAY) {
WOLFSSL_MSG("mp_copy error");
return ret;
}
dst->heap = src->heap;
return MP_OKAY;
}
/* Sets private and public key in DhKey if both are available, otherwise sets
either private or public key, depending on which is available. */
int wc_DhImportKeyPair(DhKey* key, const byte* priv, word32 privSz,

239
wolfcrypt/src/evp.c
View File

@ -1330,7 +1330,6 @@ int wolfSSL_EVP_PKEY_CTX_free(WOLFSSL_EVP_PKEY_CTX *ctx)
WOLFSSL_EVP_PKEY_CTX *wolfSSL_EVP_PKEY_CTX_new(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_ENGINE *e)
{
WOLFSSL_EVP_PKEY_CTX* ctx;
int type = NID_undef;
if (pkey == NULL) return 0;
if (e != NULL) return 0;
@ -1344,15 +1343,8 @@ WOLFSSL_EVP_PKEY_CTX *wolfSSL_EVP_PKEY_CTX_new(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_E
#if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
ctx->padding = RSA_PKCS1_PADDING;
#endif
type = wolfSSL_EVP_PKEY_type(pkey->type);
if (type != NID_undef) {
if (wc_LockMutex(&pkey->refMutex) != 0) {
WOLFSSL_MSG("Couldn't lock pkey mutex");
}
pkey->references++;
wc_UnLockMutex(&pkey->refMutex);
if (wolfSSL_EVP_PKEY_up_ref(pkey) != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("Couldn't increase key reference count");
}
return ctx;
}
@ -1385,9 +1377,12 @@ WOLFSSL_EVP_PKEY_CTX *wolfSSL_EVP_PKEY_CTX_new_id(int id, WOLFSSL_ENGINE *e)
if (pkey) {
pkey->type = id;
ctx = wolfSSL_EVP_PKEY_CTX_new(pkey, e);
if (ctx == NULL) {
wolfSSL_EVP_PKEY_free(pkey);
}
/* wolfSSL_EVP_PKEY_CTX_new calls wolfSSL_EVP_PKEY_up_ref so we need
* to always call wolfSSL_EVP_PKEY_free (either to free it if an
* error occured in the previous function or to decrease the reference
* count so that pkey is actually free'd when wolfSSL_EVP_PKEY_CTX_free
* is called) */
wolfSSL_EVP_PKEY_free(pkey);
}
return ctx;
}
@ -1432,7 +1427,19 @@ int wolfSSL_EVP_PKEY_derive_set_peer(WOLFSSL_EVP_PKEY_CTX *ctx, WOLFSSL_EVP_PKEY
return WOLFSSL_SUCCESS;
}
#if !defined(NO_DH) || defined(HAVE_ECC)
#ifndef NO_WOLFSSL_STUB
int wolfSSL_EVP_PKEY_CTX_ctrl_str(WOLFSSL_EVP_PKEY_CTX *ctx,
const char *name, const char *value)
{
WOLFSSL_STUB("wolfSSL_EVP_PKEY_CTX_ctrl_str");
(void)ctx;
(void)name;
(void)value;
return WOLFSSL_FAILURE;
}
#endif /* NO_WOLFSSL_STUB */
#if !defined(NO_DH) && defined(HAVE_ECC)
#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION!=2))
int wolfSSL_EVP_PKEY_derive(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)
{
@ -1873,6 +1880,89 @@ int wolfSSL_EVP_PKEY_size(WOLFSSL_EVP_PKEY *pkey)
return 0;
}
int wolfSSL_EVP_PKEY_copy_parameters(WOLFSSL_EVP_PKEY *to,
const WOLFSSL_EVP_PKEY *from)
{
WOLFSSL_ENTER("wolfSSL_EVP_PKEY_copy_parameters");
if (!to || !from) {
WOLFSSL_MSG("Bad parameter");
return WOLFSSL_FAILURE;
}
if (to->type == EVP_PKEY_NONE) {
to->type = from->type;
}
else if (to->type != from->type) {
WOLFSSL_MSG("Different key types");
return WOLFSSL_FAILURE;
}
switch(from->type) {
#ifdef HAVE_ECC
case EVP_PKEY_EC:
if (from->ecc) {
if (!to->ecc && !(to->ecc = wolfSSL_EC_KEY_new())) {
WOLFSSL_MSG("wolfSSL_EC_KEY_new error");
return WOLFSSL_FAILURE;
}
to->ownEcc = 1;
to->ecc->group->curve_idx = from->ecc->group->curve_idx;
to->ecc->group->curve_nid = from->ecc->group->curve_nid;
to->ecc->group->curve_oid = from->ecc->group->curve_oid;
}
else {
WOLFSSL_MSG("Missing ECC struct");
return WOLFSSL_FAILURE;
}
break;
#endif
#ifndef NO_DSA
case EVP_PKEY_DSA:
if (from->dsa) {
WOLFSSL_BIGNUM* cpy;
if (!to->dsa && !(to->dsa = wolfSSL_DSA_new())) {
WOLFSSL_MSG("wolfSSL_DSA_new error");
return WOLFSSL_FAILURE;
}
if (!(cpy = wolfSSL_BN_dup(from->dsa->p))) {
WOLFSSL_MSG("wolfSSL_BN_dup error");
return WOLFSSL_FAILURE;
}
to->dsa->p = cpy;
if (!(cpy = wolfSSL_BN_dup(from->dsa->q))) {
WOLFSSL_MSG("wolfSSL_BN_dup error");
return WOLFSSL_FAILURE;
}
to->dsa->q = cpy;
if (!(cpy = wolfSSL_BN_dup(from->dsa->g))) {
WOLFSSL_MSG("wolfSSL_BN_dup error");
return WOLFSSL_FAILURE;
}
to->dsa->g = cpy;
}
else {
WOLFSSL_MSG("Missing DSA struct");
return WOLFSSL_FAILURE;
}
break;
#endif
#ifndef NO_RSA
case EVP_PKEY_RSA:
#endif
#ifndef NO_DH
case EVP_PKEY_DH:
#endif
default:
WOLFSSL_MSG("Copy parameters not available for this key type");
return WOLFSSL_FAILURE;
}
#if defined(HAVE_ECC) || !defined(NO_DSA)
return WOLFSSL_SUCCESS;
#endif
}
#ifndef NO_WOLFSSL_STUB
WOLFSSL_API int wolfSSL_EVP_PKEY_missing_parameters(WOLFSSL_EVP_PKEY *pkey)
{
@ -2202,7 +2292,6 @@ const unsigned char* wolfSSL_EVP_PKEY_get0_hmac(const WOLFSSL_EVP_PKEY* pkey,
return (const unsigned char*)pkey->pkey.ptr;
}
/* Initialize an EVP_DigestSign/Verify operation.
* Initialize a digest for RSA and ECC keys, or HMAC for HMAC key.
*/
@ -2212,6 +2301,19 @@ static int wolfSSL_evp_digest_pk_init(WOLFSSL_EVP_MD_CTX *ctx,
WOLFSSL_ENGINE *e,
WOLFSSL_EVP_PKEY *pkey)
{
if (!type) {
int default_digest;
if (wolfSSL_EVP_PKEY_get_default_digest_nid(pkey, &default_digest)
!= WOLFSSL_SUCCESS) {
WOLFSSL_MSG("Could not get default digest");
return WOLFSSL_FAILURE;
}
type = wolfSSL_EVP_get_digestbynid(default_digest);
if (!type) {
return BAD_FUNC_ARG;
}
}
if (pkey->type == EVP_PKEY_HMAC) {
int hashType;
const unsigned char* key;
@ -2282,21 +2384,16 @@ static int wolfSSL_evp_digest_pk_init(WOLFSSL_EVP_MD_CTX *ctx,
ctx->isHMAC = 1;
}
else {
int ret;
else if (wolfSSL_EVP_DigestInit(ctx, type) != 1)
return WOLFSSL_FAILURE;
if (ctx->pctx == NULL) {
ctx->pctx = wolfSSL_EVP_PKEY_CTX_new(pkey, e);
if (ctx->pctx == NULL)
return WOLFSSL_FAILURE;
}
ret = wolfSSL_EVP_DigestInit(ctx, type);
if (ret == WOLFSSL_SUCCESS && pctx != NULL)
*pctx = ctx->pctx;
return ret;
if (ctx->pctx == NULL) {
ctx->pctx = wolfSSL_EVP_PKEY_CTX_new(pkey, e);
if (ctx->pctx == NULL)
return WOLFSSL_FAILURE;
}
if (pctx != NULL)
*pctx = ctx->pctx;
return WOLFSSL_SUCCESS;
}
@ -2306,10 +2403,7 @@ static int wolfSSL_evp_digest_pk_init(WOLFSSL_EVP_MD_CTX *ctx,
static int wolfssl_evp_digest_pk_update(WOLFSSL_EVP_MD_CTX *ctx,
const void *d, unsigned int cnt)
{
if (ctx->pctx == NULL) {
if (!ctx->isHMAC)
return WOLFSSL_FAILURE;
if (ctx->isHMAC) {
if (wc_HmacUpdate(&ctx->hash.hmac, (const byte *)d, cnt) != 0)
return WOLFSSL_FAILURE;
@ -2328,12 +2422,9 @@ static int wolfssl_evp_digest_pk_final(WOLFSSL_EVP_MD_CTX *ctx,
{
int ret;
if (ctx->pctx == NULL) {
if (ctx->isHMAC) {
Hmac hmacCopy;
if (!ctx->isHMAC)
return WOLFSSL_FAILURE;
if (wolfSSL_HmacCopy(&hmacCopy, &ctx->hash.hmac) != WOLFSSL_SUCCESS)
return WOLFSSL_FAILURE;
ret = wc_HmacFinal(&hmacCopy, md) == 0;
@ -2437,7 +2528,7 @@ int wolfSSL_EVP_DigestSignInit(WOLFSSL_EVP_MD_CTX *ctx,
{
WOLFSSL_ENTER("EVP_DigestSignInit");
if (ctx == NULL || type == NULL || pkey == NULL)
if (ctx == NULL || pkey == NULL)
return BAD_FUNC_ARG;
return wolfSSL_evp_digest_pk_init(ctx, pctx, type, e, pkey);
@ -2468,10 +2559,7 @@ int wolfSSL_EVP_DigestSignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sig,
return WOLFSSL_FAILURE;
/* Return the maximum size of the signaure when sig is NULL. */
if (ctx->pctx == NULL) {
if (!ctx->isHMAC)
return WOLFSSL_FAILURE;
if (ctx->isHMAC) {
hashLen = wolfssl_mac_len(ctx->hash.hmac.macType);
if (sig == NULL) {
@ -2501,7 +2589,7 @@ int wolfSSL_EVP_DigestSignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sig,
if (wolfssl_evp_digest_pk_final(ctx, digest, &hashLen) <= 0)
return WOLFSSL_FAILURE;
if (ctx->pctx == NULL) {
if (ctx->isHMAC) {
/* Copy the HMAC result as signature. */
if ((unsigned int)(*siglen) > hashLen)
*siglen = hashLen;
@ -2586,9 +2674,7 @@ int wolfSSL_EVP_DigestVerifyFinal(WOLFSSL_EVP_MD_CTX *ctx,
if (ctx == NULL || sig == NULL)
return WOLFSSL_FAILURE;
if (ctx->pctx == NULL) {
if (!ctx->isHMAC)
return WOLFSSL_FAILURE;
if (ctx->isHMAC) {
hashLen = wolfssl_mac_len(ctx->hash.hmac.macType);
@ -2600,7 +2686,7 @@ int wolfSSL_EVP_DigestVerifyFinal(WOLFSSL_EVP_MD_CTX *ctx,
if (wolfssl_evp_digest_pk_final(ctx, digest, &hashLen) <= 0)
return WOLFSSL_FAILURE;
if (ctx->pctx == NULL) {
if (ctx->isHMAC) {
/* Check HMAC result matches the signature. */
if (XMEMCMP(sig, digest, siglen) == 0)
return WOLFSSL_SUCCESS;
@ -3171,11 +3257,21 @@ const WOLFSSL_EVP_MD *wolfSSL_EVP_get_digestbyname(const char *name)
{"SHA", "SHA1"},
{ NULL, NULL}
};
char nameUpper[15]; /* 15 bytes should be enough for any name */
size_t i;
const struct alias *al;
const struct s_ent *ent;
for (i = 0; i < sizeof(nameUpper) && name[i] != '\0'; i++) {
nameUpper[i] = (char)XTOUPPER(name[i]);
}
if (i < sizeof(nameUpper))
nameUpper[i] = '\0';
else
return NULL;
name = nameUpper;
for (al = alias_tbl; al->name != NULL; al++)
if(XSTRNCMP(name, al->alias, XSTRLEN(al->alias)+1) == 0) {
name = al->name;
@ -5314,7 +5410,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
WOLFSSL_ENTER("EVP_DigestInit");
if (ctx == NULL || md == NULL) {
if (ctx == NULL) {
return BAD_FUNC_ARG;
}
@ -5328,7 +5424,10 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
/* Set to 0 if no match */
ctx->macType = wolfSSL_EVP_md2macType(md);
if (XSTRNCMP(md, "SHA256", 6) == 0) {
if (md == NULL) {
XMEMSET(&ctx->hash.digest, 0, sizeof(WOLFSSL_Hasher));
}
else if (XSTRNCMP(md, "SHA256", 6) == 0) {
ret = wolfSSL_SHA256_Init(&(ctx->hash.digest.sha256));
}
#ifdef WOLFSSL_SHA224
@ -5594,6 +5693,10 @@ const WOLFSSL_EVP_MD* wolfSSL_EVP_get_digestbynid(int id)
#ifndef NO_SHA
case NID_sha1:
return wolfSSL_EVP_sha1();
#endif
#ifndef NO_SHA256
case NID_sha256:
return wolfSSL_EVP_sha256();
#endif
default:
WOLFSSL_MSG("Bad digest id value");
@ -5663,11 +5766,15 @@ int wolfSSL_EVP_PKEY_set1_RSA(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_RSA *key)
if ((pkey == NULL) || (key == NULL))
return WOLFSSL_FAILURE;
if (wolfSSL_RSA_up_ref(key) != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("wolfSSL_RSA_up_ref failed");
return WOLFSSL_FAILURE;
}
if (pkey->rsa != NULL && pkey->ownRsa == 1) {
wolfSSL_RSA_free(pkey->rsa);
}
pkey->rsa = key;
pkey->ownRsa = 0; /* pkey does not own RSA */
pkey->ownRsa = 1; /* pkey does not own RSA but needs to call free on it */
pkey->type = EVP_PKEY_RSA;
if (key->inSet == 0) {
if (SetRsaInternal(key) != WOLFSSL_SUCCESS) {
@ -6482,7 +6589,7 @@ int wolfSSL_EVP_PKEY_type(int type)
}
int wolfSSL_EVP_PKEY_id(const EVP_PKEY *pkey)
int wolfSSL_EVP_PKEY_id(const WOLFSSL_EVP_PKEY *pkey)
{
if (pkey != NULL)
return pkey->type;
@ -6490,13 +6597,39 @@ int wolfSSL_EVP_PKEY_id(const EVP_PKEY *pkey)
}
int wolfSSL_EVP_PKEY_base_id(const EVP_PKEY *pkey)
int wolfSSL_EVP_PKEY_base_id(const WOLFSSL_EVP_PKEY *pkey)
{
if (pkey == NULL)
return NID_undef;
return wolfSSL_EVP_PKEY_type(pkey->type);
}
int wolfSSL_EVP_PKEY_get_default_digest_nid(WOLFSSL_EVP_PKEY *pkey, int *pnid)
{
WOLFSSL_ENTER("wolfSSL_EVP_PKEY_get_default_digest_nid");
if (!pkey || !pnid) {
WOLFSSL_MSG("Bad parameter");
return WOLFSSL_FAILURE;
}
switch (pkey->type) {
case EVP_PKEY_HMAC:
#ifndef NO_DSA
case EVP_PKEY_DSA:
#endif
#ifndef NO_RSA
case EVP_PKEY_RSA:
#endif
#ifdef HAVE_ECC
case EVP_PKEY_EC:
#endif
*pnid = NID_sha256;
return WOLFSSL_SUCCESS;
default:
return WOLFSSL_FAILURE;
}
}
/* increments ref count of WOLFSSL_EVP_PKEY. Return 1 on success, 0 on error */
int wolfSSL_EVP_PKEY_up_ref(WOLFSSL_EVP_PKEY* pkey)
@ -6508,10 +6641,10 @@ int wolfSSL_EVP_PKEY_up_ref(WOLFSSL_EVP_PKEY* pkey)
pkey->references++;
wc_UnLockMutex(&pkey->refMutex);
return 1;
return WOLFSSL_SUCCESS;
}
return 0;
return WOLFSSL_FAILURE;
}
#ifndef NO_RSA

2
wolfcrypt/src/hash.c
View File

@ -625,7 +625,7 @@ int wc_HashUpdate(wc_HashAlg* hash, enum wc_HashType type, const byte* data,
{
int ret = HASH_TYPE_E; /* Default to hash type error */
if (hash == NULL || data == NULL)
if (hash == NULL || (data == NULL && dataSz > 0))
return BAD_FUNC_ARG;
switch (type) {

12
wolfcrypt/src/pkcs12.c
View File

@ -569,7 +569,6 @@ static int wc_PKCS12_create_mac(WC_PKCS12* pkcs12, byte* data, word32 dataSz,
return kLen; /* same as digest size */
}
/* check mac on pkcs12, pkcs12->mac has been sanity checked before entering *
* returns the result of comparison, success is 0 */
static int wc_PKCS12_verify(WC_PKCS12* pkcs12, byte* data, word32 dataSz,
@ -613,6 +612,15 @@ static int wc_PKCS12_verify(WC_PKCS12* pkcs12, byte* data, word32 dataSz,
return XMEMCMP(digest, mac->digest, mac->digestSz);
}
int wc_PKCS12_verify_ex(WC_PKCS12* pkcs12, const byte* psw, word32 pswSz)
{
if (pkcs12 == NULL || pkcs12->safe == NULL) {
return BAD_FUNC_ARG;
}
return wc_PKCS12_verify(pkcs12, pkcs12->safe->data, pkcs12->safe->dataSz,
psw, pswSz);
}
/* Convert DER format stored in der buffer to WC_PKCS12 struct
* Puts the raw contents of Content Info into structure without completely
@ -940,7 +948,7 @@ static void freeDecCertList(WC_DerCertList** list, byte** pkey, word32* pkeySz,
InitDecodedCert(&DeCert, current->buffer, current->bufferSz, heap);
if (ParseCertRelative(&DeCert, CERT_TYPE, NO_VERIFY, NULL) == 0) {
if (wc_CheckPrivateKey(*pkey, *pkeySz, &DeCert) == 1) {
if (wc_CheckPrivateKeyCert(*pkey, *pkeySz, &DeCert) == 1) {
WOLFSSL_MSG("Key Pair found");
*cert = current->buffer;
*certSz = current->bufferSz;

50
wolfcrypt/src/pkcs7.c
View File

@ -1151,6 +1151,7 @@ int wc_PKCS7_AddCertificate(PKCS7* pkcs7, byte* derCert, word32 derCertSz)
DYNAMIC_TYPE_PKCS7);
if (cert == NULL)
return MEMORY_E;
XMEMSET(cert, 0, sizeof(Pkcs7Cert));
cert->der = derCert;
cert->derSz = derCertSz;
@ -1260,18 +1261,24 @@ void wc_PKCS7_Free(PKCS7* pkcs7)
wc_PKCS7_SignerInfoFree(pkcs7);
wc_PKCS7_FreeDecodedAttrib(pkcs7->decodedAttrib, pkcs7->heap);
pkcs7->decodedAttrib = NULL;
wc_PKCS7_FreeCertSet(pkcs7);
#ifdef ASN_BER_TO_DER
if (pkcs7->der != NULL)
if (pkcs7->der != NULL) {
XFREE(pkcs7->der, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
pkcs7->der = NULL;
}
#endif
if (pkcs7->contentDynamic != NULL)
if (pkcs7->contentDynamic != NULL) {
XFREE(pkcs7->contentDynamic, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
pkcs7->contentDynamic = NULL;
}
if (pkcs7->cek != NULL) {
ForceZero(pkcs7->cek, pkcs7->cekSz);
XFREE(pkcs7->cek, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
pkcs7->cek = NULL;
}
pkcs7->contentTypeSz = 0;
@ -2234,6 +2241,7 @@ static int wc_PKCS7_SignedDataBuildSignature(PKCS7* pkcs7,
/* build PKCS#7 signedData content type */
/* To get the output size then set output = 0 and *outputSz = 0 */
static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
const byte* hashBuf, word32 hashSz, byte* output, word32* outputSz,
byte* output2, word32* output2Sz)
@ -2268,9 +2276,8 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
byte signingTime[MAX_TIME_STRING_SZ];
if (pkcs7 == NULL || pkcs7->contentSz == 0 ||
pkcs7->encryptOID == 0 || pkcs7->hashOID == 0 || pkcs7->rng == 0 ||
output == NULL || outputSz == NULL || *outputSz == 0 || hashSz == 0 ||
if (pkcs7 == NULL || pkcs7->hashOID == 0 ||
outputSz == NULL || hashSz == 0 ||
hashBuf == NULL) {
return BAD_FUNC_ARG;
}
@ -2441,7 +2448,7 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
ret = wc_PKCS7_SignedDataBuildSignature(pkcs7, flatSignedAttribs,
flatSignedAttribsSz, esd);
if (ret < 0) {
if (pkcs7->signedAttribsSz != 0)
if (flatSignedAttribs)
XFREE(flatSignedAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
#ifdef WOLFSSL_SMALL_STACK
XFREE(esd, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
@ -2506,11 +2513,16 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
/* if using header/footer, we are not returning the content */
if (output2 && output2Sz) {
if (total2Sz > *output2Sz) {
if (pkcs7->signedAttribsSz != 0)
if (flatSignedAttribs)
XFREE(flatSignedAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
#ifdef WOLFSSL_SMALL_STACK
XFREE(esd, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif
if (*outputSz == 0 && *output2Sz == 0) {
*outputSz = totalSz;
*output2Sz = total2Sz;
return 0;
}
return BUFFER_E;
}
@ -2524,7 +2536,20 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
}
if (totalSz > *outputSz) {
if (pkcs7->signedAttribsSz != 0)
if (flatSignedAttribs)
XFREE(flatSignedAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
#ifdef WOLFSSL_SMALL_STACK
XFREE(esd, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif
if (*outputSz == 0) {
*outputSz = totalSz;
return totalSz;
}
return BUFFER_E;
}
if (output == NULL) {
if (flatSignedAttribs)
XFREE(flatSignedAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
#ifdef WOLFSSL_SMALL_STACK
XFREE(esd, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
@ -2746,7 +2771,7 @@ int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz)
#endif
/* other args checked in wc_PKCS7_EncodeSigned_ex */
if (pkcs7 == NULL || pkcs7->contentSz == 0 || pkcs7->content == NULL) {
if (pkcs7 == NULL || (pkcs7->contentSz > 0 && pkcs7->content == NULL)) {
return BAD_FUNC_ARG;
}
@ -4890,15 +4915,22 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
}
#ifdef ASN_BER_TO_DER
der = pkcs7->der;
pkcs7->der = NULL;
#endif
contentDynamic = pkcs7->contentDynamic;
version = pkcs7->version;
if (ret == 0) {
byte isDynamic = pkcs7->isDynamic;
#ifndef NO_PKCS7_STREAM
PKCS7State* stream = pkcs7->stream;
pkcs7->stream = NULL;
#endif
/* Free pkcs7 resources but not the structure itself */
pkcs7->isDynamic = 0;
wc_PKCS7_Free(pkcs7);
pkcs7->isDynamic = isDynamic;
/* This will reset PKCS7 structure and then set the
* certificate */
ret = wc_PKCS7_InitWithCert(pkcs7, cert, certSz);

4
wolfcrypt/src/srp.c
View File

@ -325,12 +325,14 @@ int wc_SrpSetUsername(Srp* srp, const byte* username, word32 size)
if (!srp || !username)
return BAD_FUNC_ARG;
srp->user = (byte*)XMALLOC(size, srp->heap, DYNAMIC_TYPE_SRP);
/* +1 for NULL char */
srp->user = (byte*)XMALLOC(size + 1, srp->heap, DYNAMIC_TYPE_SRP);
if (srp->user == NULL)
return MEMORY_E;
srp->userSz = size;
XMEMCPY(srp->user, username, srp->userSz);
srp->user[size] = '\0';
return 0;
}

25
wolfssl/internal.h
View File

@ -2031,6 +2031,8 @@ struct WOLFSSL_CERT_MANAGER {
#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
short minEccKeySz; /* minimum allowed ECC key size */
#endif
wolfSSL_Mutex refMutex; /* reference count mutex */
int refCount; /* reference count */
};
WOLFSSL_LOCAL int CM_SaveCertCache(WOLFSSL_CERT_MANAGER*, const char*);
@ -3238,6 +3240,8 @@ struct WOLFSSL_SESSION {
#ifdef HAVE_EX_DATA
WOLFSSL_CRYPTO_EX_DATA ex_data;
#endif
byte side; /* Either WOLFSSL_CLIENT_END or
WOLFSSL_SERVER_END */
};
@ -3622,6 +3626,8 @@ struct WOLFSSL_STACK {
* (safety measure for freeing and shortcut for count) */
#if defined(OPENSSL_ALL)
wolf_sk_compare_cb comp;
wolf_sk_hash_cb hash_fn;
unsigned long hash;
#endif
union {
@ -3633,7 +3639,9 @@ struct WOLFSSL_STACK {
WOLFSSL_CIPHER cipher;
WOLFSSL_ACCESS_DESCRIPTION* access;
WOLFSSL_X509_EXTENSION* ext;
#ifdef OPENSSL_EXTRA
WOLFSSL_CONF_VALUE* conf;
#endif
void* generic;
char* string;
WOLFSSL_GENERAL_NAME* gn;
@ -3687,6 +3695,7 @@ struct WOLFSSL_X509 {
#endif /* (WOLFSSL_SEP || WOLFSSL_QT) && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */
#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
WOLFSSL_STACK* ext_sk; /* Store X509_EXTENSIONS from wolfSSL_X509_get_ext */
WOLFSSL_STACK* ext_sk_full; /* Store X509_EXTENSIONS from wolfSSL_X509_get0_extensions */
WOLFSSL_STACK* ext_d2i;/* Store d2i extensions from wolfSSL_X509_get_ext_d2i */
#endif /* WOLFSSL_QT || OPENSSL_ALL */
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
@ -3758,9 +3767,15 @@ struct WOLFSSL_X509 {
byte authKeyIdCrit:1;
byte issuerSet:1;
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
#ifdef WOLFSSL_CERT_REQ
byte isCSR:1;
#endif
byte serial[EXTERNAL_SERIAL_SIZE];
char subjectCN[ASN_NAME_MAX]; /* common name short cut */
#ifdef WOLFSSL_CERT_REQ
#ifdef OPENSSL_ALL
WOLFSSL_X509_ATTRIBUTE* challengePwAttr;
#endif
char challengePw[CTC_NAME_SIZE]; /* for REQ certs */
#endif
WOLFSSL_X509_NAME issuer;
@ -4292,6 +4307,15 @@ struct WOLFSSL {
#ifdef WOLFSSL_STATIC_EPHEMERAL
StaticKeyExchangeInfo_t staticKE;
#endif
#ifdef OPENSSL_ALL
/* Added in libest port: allow applications to get the 'tls-unique' Channel
* Binding Type (https://tools.ietf.org/html/rfc5929#section-3). This is
* used in the EST protocol to bind an enrollment to a TLS session through
* 'proof-of-possession' (https://tools.ietf.org/html/rfc7030#section-3.4
* and https://tools.ietf.org/html/rfc7030#section-3.5). */
byte clientFinished[TLS_FINISHED_SZ];
byte serverFinished[TLS_FINISHED_SZ];
#endif
};
@ -4451,6 +4475,7 @@ WOLFSSL_LOCAL int StoreKeys(WOLFSSL* ssl, const byte* keyData, int side);
WOLFSSL_LOCAL int IsTLS(const WOLFSSL* ssl);
WOLFSSL_LOCAL int IsAtLeastTLSv1_2(const WOLFSSL* ssl);
WOLFSSL_LOCAL int IsAtLeastTLSv1_3(const ProtocolVersion pv);
WOLFSSL_LOCAL int TLSv1_3_Capable(WOLFSSL* ssl);
WOLFSSL_LOCAL void FreeHandshakeResources(WOLFSSL* ssl);
WOLFSSL_LOCAL void ShrinkInputBuffer(WOLFSSL* ssl, int forcedFree);

23
wolfssl/openssl/asn1.h
View File

@ -32,6 +32,10 @@
#define ASN1_STRING_set wolfSSL_ASN1_STRING_set
#define ASN1_STRING_free wolfSSL_ASN1_STRING_free
#define ASN1_get_object wolfSSL_ASN1_get_object
#define d2i_ASN1_OBJECT wolfSSL_d2i_ASN1_OBJECT
#define c2i_ASN1_OBJECT wolfSSL_c2i_ASN1_OBJECT
#define V_ASN1_INTEGER 0x02
#define V_ASN1_OCTET_STRING 0x04 /* tag for ASN1_OCTET_STRING */
#define V_ASN1_NEG 0x100
@ -66,10 +70,21 @@
#define ASN1_TIME_diff wolfSSL_ASN1_TIME_diff
#define ASN1_TIME_set wolfSSL_ASN1_TIME_set
#define V_ASN1_EOC 0
#define V_ASN1_OBJECT 6
#define V_ASN1_UTF8STRING 12
#define V_ASN1_SEQUENCE 16
#define V_ASN1_SET 17
#define V_ASN1_PRINTABLESTRING 19
#define V_ASN1_T61STRING 20
#define V_ASN1_IA5STRING 22
#define V_ASN1_UTCTIME 23
#define V_ASN1_GENERALIZEDTIME 24
#define V_ASN1_PRINTABLESTRING 19
#define V_ASN1_UNIVERSALSTRING 28
#define V_ASN1_BMPSTRING 30
#define V_ASN1_CONSTRUCTED 0x20
#define ASN1_STRING_FLAG_BITS_LEFT 0x008
#define ASN1_STRING_FLAG_NDEF 0x010
@ -83,6 +98,12 @@ WOLFSSL_API WOLFSSL_ASN1_INTEGER *wolfSSL_BN_to_ASN1_INTEGER(
WOLFSSL_API void wolfSSL_ASN1_TYPE_set(WOLFSSL_ASN1_TYPE *a, int type, void *value);
WOLFSSL_API int wolfSSL_ASN1_get_object(const unsigned char **in, long *len, int *tag,
int *cls, long inLen);
WOLFSSL_API WOLFSSL_ASN1_OBJECT *wolfSSL_c2i_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT **a,
const unsigned char **pp, long len);
#ifdef OPENSSL_ALL
/* IMPLEMENT_ASN1_FUNCTIONS is strictly for external use only. Internally
* we don't use this. Some projects use OpenSSL to implement ASN1 types and

10
wolfssl/openssl/bio.h
View File

@ -40,7 +40,14 @@
#define BIO_FLAGS_SHOULD_RETRY WOLFSSL_BIO_FLAG_RETRY
#define BIO_new_fp wolfSSL_BIO_new_fp
#if defined(OPENSSL_ALL) \
|| defined(HAVE_STUNNEL) \
|| defined(HAVE_LIGHTY) \
|| defined(WOLFSSL_MYSQL_COMPATIBLE) \
|| defined(WOLFSSL_HAPROXY) \
|| defined(OPENSSL_EXTRA)
#define BIO_new_file wolfSSL_BIO_new_file
#endif
#define BIO_new_fp wolfSSL_BIO_new_fp
#define BIO_ctrl wolfSSL_BIO_ctrl
#define BIO_ctrl_pending wolfSSL_BIO_ctrl_pending
@ -57,6 +64,7 @@
#define BIO_set_write_buf_size wolfSSL_BIO_set_write_buf_size
#define BIO_make_bio_pair wolfSSL_BIO_make_bio_pair
#define BIO_new_fd wolfSSL_BIO_new_fd
#define BIO_set_fp wolfSSL_BIO_set_fp
#define BIO_get_fp wolfSSL_BIO_get_fp
#define BIO_seek wolfSSL_BIO_seek
@ -123,6 +131,7 @@
#define BIO_meth_set_create wolfSSL_BIO_meth_set_create
#define BIO_meth_set_destroy wolfSSL_BIO_meth_set_destroy
#define BIO_snprintf XSNPRINTF
/* BIO CTRL */
#define BIO_CTRL_RESET 1
@ -149,6 +158,7 @@
#define BIO_CTRL_DGRAM_QUERY_MTU 40
#define BIO_FP_TEXT 0x00
#define BIO_NOCLOSE 0x00
#define BIO_CLOSE 0x01

6
wolfssl/openssl/buffer.h
View File

@ -34,12 +34,18 @@
WOLFSSL_API WOLFSSL_BUF_MEM* wolfSSL_BUF_MEM_new(void);
WOLFSSL_API int wolfSSL_BUF_MEM_grow(WOLFSSL_BUF_MEM* buf, size_t len);
WOLFSSL_API void wolfSSL_BUF_MEM_free(WOLFSSL_BUF_MEM* buf);
WOLFSSL_API size_t wolfSSL_strlcpy(char *dst, const char *src, size_t dstSize);
WOLFSSL_API size_t wolfSSL_strlcat(char *dst, const char *src, size_t dstSize);
#define BUF_MEM_new wolfSSL_BUF_MEM_new
#define BUF_MEM_grow wolfSSL_BUF_MEM_grow
#define BUF_MEM_free wolfSSL_BUF_MEM_free
#define BUF_strdup strdup
#define BUF_strlcpy wolfSSL_strlcpy
#define BUF_strlcat wolfSSL_strlcat
#ifdef __cplusplus
} /* extern "C" */
#endif

26
wolfssl/openssl/cms.h Normal file
View File

@ -0,0 +1,26 @@
/* cms.h
*
* Copyright (C) 2006-2020 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#ifndef WOLFSSL_CMS_H_
#define WOLFSSL_CMS_H_
#endif /* WOLFSSL_CMS_H_ */

72
wolfssl/openssl/conf.h
View File

@ -28,18 +28,76 @@
extern "C" {
#endif
struct WOLFSSL_CONF_VALUE {
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/version.h>
typedef struct WOLFSSL_CONF_VALUE {
char *section;
char *name;
char *value;
};
} WOLFSSL_CONF_VALUE;
struct WOLFSSL_INIT_SETTINGS {
char* appname;
};
/* ssl.h requires WOLFSSL_CONF_VALUE */
#include <wolfssl/ssl.h>
typedef struct WOLFSSL_CONF_VALUE CONF_VALUE;
typedef struct WOLFSSL_INIT_SETTINGS OPENSSL_INIT_SETTINGS;
typedef struct WOLFSSL_CONF {
void *meth_data;
WOLF_LHASH_OF(WOLFSSL_CONF_VALUE) *data;
} WOLFSSL_CONF;
typedef WOLFSSL_CONF CONF;
typedef WOLFSSL_CONF_VALUE CONF_VALUE;
#ifdef OPENSSL_EXTRA
WOLFSSL_API WOLFSSL_CONF_VALUE *wolfSSL_CONF_VALUE_new(void);
WOLFSSL_API int wolfSSL_CONF_add_string(WOLFSSL_CONF *conf,
WOLFSSL_CONF_VALUE *section, WOLFSSL_CONF_VALUE *value);
WOLFSSL_API void wolfSSL_X509V3_conf_free(WOLFSSL_CONF_VALUE *val);
WOLFSSL_API WOLFSSL_CONF *wolfSSL_NCONF_new(void *meth);
WOLFSSL_API char *wolfSSL_NCONF_get_string(const WOLFSSL_CONF *conf,
const char *group, const char *name);
WOLFSSL_API int wolfSSL_NCONF_get_number(const CONF *conf, const char *group,
const char *name, long *result);
WOLFSSL_API WOLFSSL_STACK *wolfSSL_NCONF_get_section(
const WOLFSSL_CONF *conf, const char *section);
WOLFSSL_API int wolfSSL_NCONF_load(WOLFSSL_CONF *conf, const char *file, long *eline);
WOLFSSL_API void wolfSSL_NCONF_free(WOLFSSL_CONF *conf);
WOLFSSL_API WOLFSSL_CONF_VALUE *wolfSSL_lh_WOLFSSL_CONF_VALUE_retrieve(
WOLF_LHASH_OF(WOLFSSL_CONF_VALUE) *sk, WOLFSSL_CONF_VALUE *data);
WOLFSSL_API int wolfSSL_CONF_modules_load(const WOLFSSL_CONF *cnf, const char *appname,
unsigned long flags);
WOLFSSL_API WOLFSSL_CONF_VALUE *wolfSSL_CONF_new_section(WOLFSSL_CONF *conf,
const char *section);
WOLFSSL_API WOLFSSL_CONF_VALUE *wolfSSL_CONF_get_section(WOLFSSL_CONF *conf,
const char *section);
#define sk_CONF_VALUE_new wolfSSL_sk_CONF_VALUE_new
#define sk_CONF_VALUE_free wolfSSL_sk_CONF_VALUE_free
#define sk_CONF_VALUE_pop_free(a,b) wolfSSL_sk_CONF_VALUE_free(a)
#define sk_CONF_VALUE_num wolfSSL_sk_CONF_VALUE_num
#define sk_CONF_VALUE_value wolfSSL_sk_CONF_VALUE_value
#define lh_CONF_VALUE_retrieve wolfSSL_lh_WOLFSSL_CONF_VALUE_retrieve
#define lh_CONF_VALUE_insert wolfSSL_sk_CONF_VALUE_push
#define NCONF_new wolfSSL_NCONF_new
#define NCONF_free wolfSSL_NCONF_free
#define NCONF_get_string wolfSSL_NCONF_get_string
#define NCONF_get_section wolfSSL_NCONF_get_section
#define NCONF_get_number wolfSSL_NCONF_get_number
#define NCONF_load wolfSSL_NCONF_load
#define CONF_modules_load wolfSSL_CONF_modules_load
#define _CONF_new_section wolfSSL_CONF_new_section
#define _CONF_get_section wolfSSL_CONF_get_section
#define X509V3_conf_free wolfSSL_X509V3_conf_free
#endif /* OPENSSL_EXTRA */
#ifdef __cplusplus
} /* extern "C" */

5
wolfssl/openssl/crypto.h
View File

@ -33,6 +33,11 @@
#include "prefix_crypto.h"
#endif
typedef struct WOLFSSL_INIT_SETTINGS {
char* appname;
} WOLFSSL_INIT_SETTINGS;
typedef WOLFSSL_INIT_SETTINGS OPENSSL_INIT_SETTINGS;
WOLFSSL_API const char* wolfSSLeay_version(int type);
WOLFSSL_API unsigned long wolfSSLeay(void);

2
wolfssl/openssl/dh.h
View File

@ -26,6 +26,7 @@
#define WOLFSSL_DH_H_
#include <wolfssl/openssl/bn.h>
#include <wolfssl/openssl/opensslv.h>
#ifdef __cplusplus
extern "C" {
@ -58,6 +59,7 @@ WOLFSSL_API WOLFSSL_DH *wolfSSL_d2i_DHparams(WOLFSSL_DH **dh,
WOLFSSL_API int wolfSSL_i2d_DHparams(const WOLFSSL_DH *dh, unsigned char **out);
WOLFSSL_API WOLFSSL_DH* wolfSSL_DH_new(void);
WOLFSSL_API void wolfSSL_DH_free(WOLFSSL_DH*);
WOLFSSL_API WOLFSSL_DH* wolfSSL_DH_dup(WOLFSSL_DH* dh);
WOLFSSL_API int wolfSSL_DH_check(const WOLFSSL_DH *dh, int *codes);
WOLFSSL_API int wolfSSL_DH_size(WOLFSSL_DH*);

3
wolfssl/openssl/ec.h
View File

@ -301,6 +301,9 @@ char* wolfSSL_EC_POINT_point2hex(const WOLFSSL_EC_GROUP* group,
#define EC_GROUP_get_order wolfSSL_EC_GROUP_get_order
#define EC_GROUP_order_bits wolfSSL_EC_GROUP_order_bits
#define EC_GROUP_method_of wolfSSL_EC_GROUP_method_of
#ifndef NO_WOLFSSL_STUB
#define EC_GROUP_set_point_conversion_form(...)
#endif
#define EC_METHOD_get_field_type wolfSSL_EC_METHOD_get_field_type

13
wolfssl/openssl/evp.h
View File

@ -557,6 +557,9 @@ WOLFSSL_API int wolfSSL_EVP_PKEY_derive_init(WOLFSSL_EVP_PKEY_CTX *ctx);
WOLFSSL_API int wolfSSL_EVP_PKEY_derive_set_peer(WOLFSSL_EVP_PKEY_CTX *ctx, WOLFSSL_EVP_PKEY *peer);
WOLFSSL_API int wolfSSL_EVP_PKEY_derive(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
WOLFSSL_API int wolfSSL_EVP_PKEY_CTX_ctrl_str(WOLFSSL_EVP_PKEY_CTX *ctx,
const char *name, const char *value);
WOLFSSL_API int wolfSSL_EVP_PKEY_decrypt(WOLFSSL_EVP_PKEY_CTX *ctx,
unsigned char *out, size_t *outlen,
const unsigned char *in, size_t inlen);
@ -569,11 +572,13 @@ WOLFSSL_API WOLFSSL_EVP_PKEY *wolfSSL_EVP_PKEY_new(void);
WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_ex(void* heap);
WOLFSSL_API void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY*);
WOLFSSL_API int wolfSSL_EVP_PKEY_size(WOLFSSL_EVP_PKEY *pkey);
WOLFSSL_API int wolfSSL_EVP_PKEY_copy_parameters(WOLFSSL_EVP_PKEY *to, const WOLFSSL_EVP_PKEY *from);
WOLFSSL_API int wolfSSL_EVP_PKEY_missing_parameters(WOLFSSL_EVP_PKEY *pkey);
WOLFSSL_API int wolfSSL_EVP_PKEY_cmp(const WOLFSSL_EVP_PKEY *a, const WOLFSSL_EVP_PKEY *b);
WOLFSSL_API int wolfSSL_EVP_PKEY_type(int type);
WOLFSSL_API int wolfSSL_EVP_PKEY_id(const EVP_PKEY *pkey);
WOLFSSL_API int wolfSSL_EVP_PKEY_base_id(const EVP_PKEY *pkey);
WOLFSSL_API int wolfSSL_EVP_PKEY_id(const WOLFSSL_EVP_PKEY *pkey);
WOLFSSL_API int wolfSSL_EVP_PKEY_base_id(const WOLFSSL_EVP_PKEY *pkey);
WOLFSSL_API int wolfSSL_EVP_PKEY_get_default_digest_nid(WOLFSSL_EVP_PKEY *pkey, int *pnid);
WOLFSSL_API int wolfSSL_EVP_SignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sigret,
unsigned int *siglen, WOLFSSL_EVP_PKEY *pkey);
WOLFSSL_API int wolfSSL_EVP_SignInit(WOLFSSL_EVP_MD_CTX *ctx, const WOLFSSL_EVP_MD *type);
@ -825,11 +830,14 @@ typedef WOLFSSL_EVP_CIPHER_CTX EVP_CIPHER_CTX;
#define EVP_PKEY_free wolfSSL_EVP_PKEY_free
#define EVP_PKEY_up_ref wolfSSL_EVP_PKEY_up_ref
#define EVP_PKEY_size wolfSSL_EVP_PKEY_size
#define EVP_PKEY_copy_parameters wolfSSL_EVP_PKEY_copy_parameters
#define EVP_PKEY_missing_parameters wolfSSL_EVP_PKEY_missing_parameters
#define EVP_PKEY_cmp wolfSSL_EVP_PKEY_cmp
#define EVP_PKEY_type wolfSSL_EVP_PKEY_type
#define EVP_PKEY_base_id wolfSSL_EVP_PKEY_base_id
#define EVP_PKEY_get_default_digest_nid wolfSSL_EVP_PKEY_get_default_digest_nid
#define EVP_PKEY_id wolfSSL_EVP_PKEY_id
#define EVP_PKEY_CTX_ctrl_str wolfSSL_EVP_PKEY_CTX_ctrl_str
#define EVP_SignFinal wolfSSL_EVP_SignFinal
#define EVP_SignInit wolfSSL_EVP_SignInit
#define EVP_SignInit_ex wolfSSL_EVP_SignInit_ex
@ -917,7 +925,6 @@ typedef WOLFSSL_EVP_CIPHER_CTX EVP_CIPHER_CTX;
#define EVP_R_PRIVATE_KEY_DECODE_ERROR (-MIN_CODE_E + 100 + 4)
#define EVP_PKEY_NONE NID_undef
#define EVP_PKEY_RSA 6
#define EVP_PKEY_RSA2 19
#define EVP_PKEY_DH 28
#define EVP_CIPHER_mode WOLFSSL_CIPHER_mode

3
wolfssl/openssl/include.am
View File

@ -8,6 +8,7 @@ nobase_include_HEADERS+= \
wolfssl/openssl/bio.h \
wolfssl/openssl/bn.h \
wolfssl/openssl/buffer.h \
wolfssl/openssl/cms.h \
wolfssl/openssl/conf.h \
wolfssl/openssl/crypto.h \
wolfssl/openssl/des.h \
@ -41,10 +42,12 @@ nobase_include_HEADERS+= \
wolfssl/openssl/rsa.h \
wolfssl/openssl/sha.h \
wolfssl/openssl/sha3.h \
wolfssl/openssl/srp.h \
wolfssl/openssl/ssl23.h \
wolfssl/openssl/ssl.h \
wolfssl/openssl/stack.h \
wolfssl/openssl/tls1.h \
wolfssl/openssl/txt_db.h \
wolfssl/openssl/ui.h \
wolfssl/openssl/x509.h \
wolfssl/openssl/x509_vfy.h \

62
wolfssl/openssl/lhash.h
View File

@ -1,2 +1,64 @@
/* lhash.h
*
* Copyright (C) 2006-2020 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/* lhash.h for openSSL */
#ifndef WOLFSSL_lhash_H_
#define WOLFSSL_lhash_H_
#ifdef __cplusplus
extern "C" {
#endif
#include <wolfssl/openssl/ssl.h>
#ifdef OPENSSL_ALL
#define IMPLEMENT_LHASH_HASH_FN(name, type) \
unsigned long wolfSSL_##name##_LHASH_HASH(const void *arg) \
{ \
const type *a = arg; \
return name##_hash(a); \
}
#define IMPLEMENT_LHASH_COMP_FN(name, type) \
int wolfSSL_##name##_LHASH_COMP(const void *p1, const void *p2) \
{ \
const type *_p1 = p1; \
const type *_p2 = p2; \
return name##_cmp(_p1, _p2); \
}
#define LHASH_HASH_FN(name) wolfSSL_##name##_LHASH_HASH
#define LHASH_COMP_FN(name) wolfSSL_##name##_LHASH_COMP
WOLFSSL_API unsigned long wolfSSL_LH_strhash(const char *str);
WOLFSSL_API void *wolfSSL_lh_retrieve(WOLFSSL_STACK *sk, void *data);
#define lh_strhash wolfSSL_LH_strhash
#endif
#ifdef __cplusplus
} /* extern "C" */
#endif
#endif /* WOLFSSL_lhash_H_ */

2
wolfssl/openssl/opensslv.h
View File

@ -30,7 +30,7 @@
defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER == 0x10100000L) ||\
defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER == 0x10001040L)
/* valid version */
#elif defined(WOLFSSL_APACHE_HTTPD)
#elif defined(WOLFSSL_APACHE_HTTPD) || defined(HAVE_LIBEST)
/* For Apache httpd, Use 1.1.0 compatibility */
#define OPENSSL_VERSION_NUMBER 0x10100000L
#elif defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY) || \

3
wolfssl/openssl/pem.h
View File

@ -242,6 +242,9 @@ int wolfSSL_PEM_write_DHparams(XFILE fp, WOLFSSL_DH* dh);
#define PEM_write_ECPrivateKey wolfSSL_PEM_write_ECPrivateKey
#define PEM_read_bio_ECPrivateKey wolfSSL_PEM_read_bio_ECPrivateKey
#define PEM_read_bio_EC_PUBKEY wolfSSL_PEM_read_bio_EC_PUBKEY
#ifndef NO_WOLFSSL_STUB
#define PEM_write_bio_ECPKParameters(...) 0
#endif
/* EVP_KEY */
#define PEM_read_bio_PrivateKey wolfSSL_PEM_read_bio_PrivateKey
#define PEM_read_PUBKEY wolfSSL_PEM_read_PUBKEY

1
wolfssl/openssl/pkcs12.h
View File

@ -42,6 +42,7 @@
/* wolfSSL level using structs from ssl.h and calls down to wolfCrypt */
#define d2i_PKCS12_bio wolfSSL_d2i_PKCS12_bio
#define PKCS12_parse wolfSSL_PKCS12_parse
#define PKCS12_verify_mac wolfSSL_PKCS12_verify_mac
#define PKCS12_create wolfSSL_PKCS12_create
#define PKCS12_PBE_add wolfSSL_PKCS12_PBE_add

6
wolfssl/openssl/pkcs7.h
View File

@ -43,6 +43,7 @@ typedef struct WOLFSSL_PKCS7
PKCS7 pkcs7;
unsigned char* data;
int len;
WOLFSSL_STACK* certs;
} WOLFSSL_PKCS7;
@ -53,8 +54,12 @@ WOLFSSL_API void wolfSSL_PKCS7_SIGNED_free(PKCS7_SIGNED* p7);
WOLFSSL_API PKCS7* wolfSSL_d2i_PKCS7(PKCS7** p7, const unsigned char** in,
int len);
WOLFSSL_API PKCS7* wolfSSL_d2i_PKCS7_bio(WOLFSSL_BIO* bio, PKCS7** p7);
WOLFSSL_API int wolfSSL_i2d_PKCS7_bio(WOLFSSL_BIO *bio, PKCS7 *p7);
WOLFSSL_API int wolfSSL_PKCS7_verify(PKCS7* p7, WOLFSSL_STACK* certs,
WOLFSSL_X509_STORE* store, WOLFSSL_BIO* in, WOLFSSL_BIO* out, int flags);
WOLFSSL_API int wolfSSL_PKCS7_encode_certs(PKCS7* p7, WOLFSSL_STACK* certs,
WOLFSSL_BIO* out);
WOLFSSL_API WOLFSSL_STACK* wolfSSL_PKCS7_to_stack(PKCS7* pkcs7);
WOLFSSL_API WOLFSSL_STACK* wolfSSL_PKCS7_get0_signers(PKCS7* p7,
WOLFSSL_STACK* certs, int flags);
WOLFSSL_API int wolfSSL_PEM_write_bio_PKCS7(WOLFSSL_BIO* bio, PKCS7* p7);
@ -65,6 +70,7 @@ WOLFSSL_API int wolfSSL_PEM_write_bio_PKCS7(WOLFSSL_BIO* bio, PKCS7* p7);
#define PKCS7_SIGNED_free wolfSSL_PKCS7_SIGNED_free
#define d2i_PKCS7 wolfSSL_d2i_PKCS7
#define d2i_PKCS7_bio wolfSSL_d2i_PKCS7_bio
#define i2d_PKCS7_bio wolfSSL_i2d_PKCS7_bio
#define PKCS7_verify wolfSSL_PKCS7_verify
#define PKCS7_get0_signers wolfSSL_PKCS7_get0_signers
#define PEM_write_bio_PKCS7 wolfSSL_PEM_write_bio_PKCS7

29
wolfssl/openssl/srp.h Normal file
View File

@ -0,0 +1,29 @@
/* srp.h
*
* Copyright (C) 2006-2020 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#ifndef WOLFSSL_SRP_H_
#define WOLFSSL_SRP_H_
#include <wolfssl/wolfcrypt/srp.h>
#define SRP_MINIMAL_N SRP_MODULUS_MIN_BITS
#endif /* WOLFSSL_SRP_H_ */

82
wolfssl/openssl/ssl.h
View File

@ -53,6 +53,8 @@
/* all NID_* values are in asn.h */
#include <wolfssl/wolfcrypt/asn.h>
#include <wolfssl/openssl/x509.h>
#ifdef __cplusplus
extern "C" {
#endif
@ -104,6 +106,7 @@ typedef WOLFSSL_ASN1_INTEGER ASN1_INTEGER;
typedef WOLFSSL_ASN1_OBJECT ASN1_OBJECT;
typedef WOLFSSL_ASN1_STRING ASN1_STRING;
typedef WOLFSSL_ASN1_TYPE ASN1_TYPE;
typedef WOLFSSL_X509_ATTRIBUTE X509_ATTRIBUTE;
typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING;
typedef WOLFSSL_dynlock_value CRYPTO_dynlock_value;
typedef WOLFSSL_BUF_MEM BUF_MEM;
@ -305,6 +308,8 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define SSL_set_ex_data wolfSSL_set_ex_data
#define SSL_get_shutdown wolfSSL_get_shutdown
#define SSL_get_finished wolfSSL_get_finished
#define SSL_get_peer_finished wolfSSL_get_peer_finished
#define SSL_set_rfd wolfSSL_set_rfd
#define SSL_set_wfd wolfSSL_set_wfd
#define SSL_set_shutdown wolfSSL_set_shutdown
@ -341,6 +346,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define SSL_MODE_RELEASE_BUFFERS 0x00000010U
#define ASN1_BOOLEAN WOLFSSL_ASN1_BOOLEAN
#define X509_get_ext wolfSSL_X509_get_ext
#define X509_get_ext_by_OBJ wolfSSL_X509_get_ext_by_OBJ
#define X509_cmp wolfSSL_X509_cmp
#define X509_EXTENSION_get_object wolfSSL_X509_EXTENSION_get_object
#define X509_EXTENSION_get_critical wolfSSL_X509_EXTENSION_get_critical
@ -356,11 +362,14 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define DSA_bits wolfSSL_DSA_bits
#define i2d_X509_bio wolfSSL_i2d_X509_bio
#define i2d_X509_REQ_bio wolfSSL_i2d_X509_REQ_bio
#define d2i_X509_bio wolfSSL_d2i_X509_bio
#define d2i_X509_REQ_bio wolfSSL_d2i_X509_REQ_bio
#define d2i_X509_fp wolfSSL_d2i_X509_fp
#define i2d_X509 wolfSSL_i2d_X509
#define d2i_X509 wolfSSL_d2i_X509
#define PEM_read_bio_X509 wolfSSL_PEM_read_bio_X509
#define PEM_read_bio_X509_REQ wolfSSL_PEM_read_bio_X509_REQ
#define PEM_read_bio_X509_CRL wolfSSL_PEM_read_bio_X509_CRL
#define PEM_read_bio_X509_AUX wolfSSL_PEM_read_bio_X509_AUX
#define PEM_read_X509 wolfSSL_PEM_read_X509
@ -371,10 +380,18 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define i2d_PrivateKey wolfSSL_i2d_PrivateKey
#define i2d_X509_REQ wolfSSL_i2d_X509_REQ
#define d2i_X509_REQ wolfSSL_d2i_X509_REQ
#define X509_REQ_new wolfSSL_X509_REQ_new
#define X509_REQ_free wolfSSL_X509_REQ_free
#define X509_REQ_sign wolfSSL_X509_REQ_sign
#define X509_REQ_sign_ctx wolfSSL_X509_REQ_sign_ctx
#define X509_REQ_add_extensions wolfSSL_X509_REQ_add_extensions
#define X509_REQ_add1_attr_by_NID wolfSSL_X509_REQ_add1_attr_by_NID
#define X509_REQ_add1_attr_by_txt wolfSSL_X509_REQ_add1_attr_by_txt
#define X509_REQ_get_attr_by_NID wolfSSL_X509_REQ_get_attr_by_NID
#define X509_REQ_get_attr wolfSSL_X509_REQ_get_attr
#define X509_ATTRIBUTE_get0_type wolfSSL_X509_ATTRIBUTE_get0_type
#define X509_to_X509_REQ wolfSSL_X509_to_X509_REQ
#define X509_REQ_set_subject_name wolfSSL_X509_REQ_set_subject_name
#define X509_REQ_set_pubkey wolfSSL_X509_REQ_set_pubkey
#define PEM_write_bio_X509_REQ wolfSSL_PEM_write_bio_X509_REQ
@ -387,14 +404,19 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define X509_get_ext_count wolfSSL_X509_get_ext_count
#define X509_get_ext_d2i wolfSSL_X509_get_ext_d2i
#define X509V3_EXT_i2d wolfSSL_X509V3_EXT_i2d
#define X509_get0_extensions wolfSSL_X509_get0_extensions
#define X509_get_extensions wolfSSL_X509_get0_extensions
#define X509_REQ_get_extensions wolfSSL_X509_REQ_get_extensions
#define X509_get_ext wolfSSL_X509_get_ext
#define X509_get_ext_by_NID wolfSSL_X509_get_ext_by_NID
#define X509_get_issuer_name wolfSSL_X509_get_issuer_name
#define X509_issuer_name_hash wolfSSL_X509_issuer_name_hash
#define X509_get_subject_name wolfSSL_X509_get_subject_name
#define X509_subject_name_hash wolfSSL_X509_subject_name_hash
#define X509_get_subject_name wolfSSL_X509_get_subject_name
#define X509_REQ_get_subject_name wolfSSL_X509_get_subject_name
#define X509_get_pubkey wolfSSL_X509_get_pubkey
#define X509_get0_pubkey wolfSSL_X509_get_pubkey
#define X509_REQ_get_pubkey wolfSSL_X509_get_pubkey
#define X509_get_notBefore wolfSSL_X509_get_notBefore
#define X509_get0_notBefore wolfSSL_X509_get_notBefore
#define X509_get_notAfter wolfSSL_X509_get_notAfter
@ -416,12 +438,22 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define X509_set_notBefore wolfSSL_X509_set_notBefore
#define X509_set_serialNumber wolfSSL_X509_set_serialNumber
#define X509_set_version wolfSSL_X509_set_version
#define X509_REQ_set_version wolfSSL_X509_set_version
#define X509_sign wolfSSL_X509_sign
#define X509_sign_ctx wolfSSL_X509_sign_ctx
#define X509_print wolfSSL_X509_print
#define X509_REQ_print wolfSSL_X509_print
#define X509_print_ex wolfSSL_X509_print_ex
#define X509_print_fp wolfSSL_X509_print_fp
#define X509_REQ_print_fp wolfSSL_X509_print_fp
#define X509_signature_print wolfSSL_X509_signature_print
#define X509_get0_signature wolfSSL_X509_get0_signature
#define X509_verify_cert_error_string wolfSSL_X509_verify_cert_error_string
#define X509_verify_cert wolfSSL_X509_verify_cert
#define X509_verify wolfSSL_X509_verify
#define X509_REQ_verify wolfSSL_X509_REQ_verify
#define X509_check_private_key wolfSSL_X509_check_private_key
#define X509_REQ_check_private_key wolfSSL_X509_check_private_key
#define X509_check_ca wolfSSL_X509_check_ca
#define X509_check_host wolfSSL_X509_check_host
#define X509_check_ip_asc wolfSSL_X509_check_ip_asc
@ -429,6 +461,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define X509_check_issued wolfSSL_X509_check_issued
#define X509_dup wolfSSL_X509_dup
#define X509_add_ext wolfSSL_X509_add_ext
#define X509_delete_ext wolfSSL_X509_delete_ext
#define X509_EXTENSION_get_object wolfSSL_X509_EXTENSION_get_object
#define X509_EXTENSION_get_data wolfSSL_X509_EXTENSION_get_data
@ -460,6 +493,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define sk_X509_INFO_pop wolfSSL_sk_X509_INFO_pop
#define sk_X509_INFO_pop_free wolfSSL_sk_X509_INFO_pop_free
#define sk_X509_INFO_free wolfSSL_sk_X509_INFO_free
#define sk_X509_INFO_shift wolfSSL_sk_X509_INFO_pop
#define i2d_X509_NAME wolfSSL_i2d_X509_NAME
#define d2i_X509_NAME wolfSSL_d2i_X509_NAME
@ -476,9 +510,11 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define X509_NAME_add_entry wolfSSL_X509_NAME_add_entry
#define X509_NAME_add_entry_by_txt wolfSSL_X509_NAME_add_entry_by_txt
#define X509_NAME_add_entry_by_NID wolfSSL_X509_NAME_add_entry_by_NID
#define X509_NAME_delete_entry wolfSSL_X509_NAME_delete_entry
#define X509_NAME_oneline wolfSSL_X509_NAME_oneline
#define X509_NAME_get_index_by_NID wolfSSL_X509_NAME_get_index_by_NID
#define X509_NAME_print_ex wolfSSL_X509_NAME_print_ex
#define X509_NAME_print_ex_fp wolfSSL_X509_NAME_print_ex_fp
#define X509_NAME_digest wolfSSL_X509_NAME_digest
#define X509_cmp_current_time wolfSSL_X509_cmp_current_time
#define X509_cmp_time wolfSSL_X509_cmp_time
@ -519,6 +555,7 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY;
#define X509_STORE_CTX_free wolfSSL_X509_STORE_CTX_free
#define X509_STORE_CTX_get_chain wolfSSL_X509_STORE_CTX_get_chain
#define X509_STORE_CTX_get1_chain wolfSSL_X509_STORE_CTX_get1_chain
#define X509_STORE_CTX_get0_parent_ctx wolfSSL_X509_STORE_CTX_get0_parent_ctx
#define X509_STORE_CTX_get_error wolfSSL_X509_STORE_CTX_get_error
#define X509_STORE_CTX_get_error_depth wolfSSL_X509_STORE_CTX_get_error_depth
#define X509_STORE_CTX_init wolfSSL_X509_STORE_CTX_init
@ -571,6 +608,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#define X509_CRL_get_REVOKED wolfSSL_X509_CRL_get_REVOKED
#define X509_get_X509_PUBKEY wolfSSL_X509_get_X509_PUBKEY
#define X509_REQ_get_X509_PUBKEY wolfSSL_X509_get_X509_PUBKEY
#define X509_get0_tbs_sigalg wolfSSL_X509_get0_tbs_sigalg
#define X509_PUBKEY_get0_param wolfSSL_X509_PUBKEY_get0_param
#define X509_PUBKEY_get wolfSSL_X509_PUBKEY_get
@ -618,6 +656,11 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#define BIO_set_write_buffer_size wolfSSL_BIO_set_write_buffer_size
#define BIO_f_ssl wolfSSL_BIO_f_ssl
#define BIO_new_socket wolfSSL_BIO_new_socket
#ifndef NO_WOLFSSL_STUB
#define BIO_new_connect wolfSSL_BIO_new_connect
#define BIO_set_conn_port wolfSSL_BIO_set_conn_port
#define BIO_do_connect wolfSSL_BIO_do_connect
#endif
#define SSL_set_bio wolfSSL_set_bio
#define BIO_set_ssl wolfSSL_BIO_set_ssl
#define BIO_eof wolfSSL_BIO_eof
@ -660,15 +703,22 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#define sk_ASN1_OBJECT_free wolfSSL_sk_ASN1_OBJECT_free
#define ASN1_TIME_new wolfSSL_ASN1_TIME_new
#define ASN1_UTCTIME_new wolfSSL_ASN1_TIME_new
#define ASN1_TIME_free wolfSSL_ASN1_TIME_free
#define ASN1_UTCTIME_free wolfSSL_ASN1_TIME_free
#define ASN1_TIME_adj wolfSSL_ASN1_TIME_adj
#define ASN1_TIME_print wolfSSL_ASN1_TIME_print
#define ASN1_TIME_to_generalizedtime wolfSSL_ASN1_TIME_to_generalizedtime
#define ASN1_TIME_set wolfSSL_ASN1_TIME_set
#define ASN1_TIME_set_string wolfSSL_ASN1_TIME_set_string
#define ASN1_TIME_to_string wolfSSL_ASN1_TIME_to_string
#define ASN1_GENERALIZEDTIME_print wolfSSL_ASN1_GENERALIZEDTIME_print
#define ASN1_GENERALIZEDTIME_free wolfSSL_ASN1_GENERALIZEDTIME_free
#define ASN1_tag2str wolfSSL_ASN1_tag2str
#define a2i_ASN1_INTEGER wolfSSL_a2i_ASN1_INTEGER
#define i2a_ASN1_INTEGER wolfSSL_i2a_ASN1_INTEGER
#define i2c_ASN1_INTEGER wolfSSL_i2c_ASN1_INTEGER
#define ASN1_INTEGER_new wolfSSL_ASN1_INTEGER_new
@ -681,13 +731,22 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#define i2a_ASN1_OBJECT wolfSSL_i2a_ASN1_OBJECT
#define i2d_ASN1_OBJECT wolfSSL_i2d_ASN1_OBJECT
#define ASN1_STRING_new wolfSSL_ASN1_STRING_new
#define ASN1_STRING_free wolfSSL_ASN1_STRING_free
#define ASN1_STRING_cmp wolfSSL_ASN1_STRING_cmp
#define ASN1_STRING_data wolfSSL_ASN1_STRING_data
#define ASN1_STRING_get0_data wolfSSL_ASN1_STRING_data
#define ASN1_STRING_length wolfSSL_ASN1_STRING_length
#define ASN1_STRING_to_UTF8 wolfSSL_ASN1_STRING_to_UTF8
#define ASN1_UNIVERSALSTRING_to_string wolfSSL_ASN1_UNIVERSALSTRING_to_string
#define ASN1_STRING_print_ex wolfSSL_ASN1_STRING_print_ex
#define ASN1_STRING_print(x, y) wolfSSL_ASN1_STRING_print ((WOLFSSL_BIO*)(x), (WOLFSSL_ASN1_STRING*)(y))
#define d2i_DISPLAYTEXT wolfSSL_d2i_DISPLAYTEXT
#ifndef NO_WOLFSSL_STUB
#define ASN1_STRING_set_default_mask_asc(...) 1
#endif
#define ASN1_PRINTABLE_type(...) V_ASN1_PRINTABLESTRING
#define ASN1_UTCTIME_pr wolfSSL_ASN1_UTCTIME_pr
@ -912,6 +971,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#define sk_X509_NAME_find wolfSSL_sk_X509_NAME_find
#define DHparams_dup wolfSSL_DH_dup
#define PEM_read_bio_DHparams wolfSSL_PEM_read_bio_DHparams
#define PEM_read_bio_DSAparams wolfSSL_PEM_read_bio_DSAparams
@ -939,8 +999,6 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#define ERR_LIB_SSL 20
#define SSL_R_SHORT_READ 10
#define ERR_R_PEM_LIB 9
#define V_ASN1_IA5STRING 22
#define V_ASN1_UTF8STRING 12
#define SSL_CTRL_MODE 33
#define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83
@ -1106,6 +1164,12 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#endif /* HAVE_STUNNEL || WOLFSSL_NGINX */
#ifndef NO_WOLFSSL_STUB
#define b2i_PrivateKey_bio(...) NULL
#define b2i_PVK_bio(...) NULL
#endif
#define SSL_CTX_get_default_passwd_cb wolfSSL_CTX_get_default_passwd_cb
#define SSL_CTX_get_default_passwd_cb_userdata wolfSSL_CTX_get_default_passwd_cb_userdata
@ -1143,6 +1207,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#include <wolfssl/error-ssl.h>
#define OPENSSL_STRING WOLFSSL_STRING
#define OPENSSL_CSTRING WOLFSSL_STRING
#define TLSEXT_TYPE_application_layer_protocol_negotiation 16
@ -1179,6 +1244,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#define OPENSSL_config wolfSSL_OPENSSL_config
#define OPENSSL_memdup wolfSSL_OPENSSL_memdup
#define OPENSSL_cleanse wolfSSL_OPENSSL_cleanse
#define SSL_CTX_get_timeout wolfSSL_SSL_CTX_get_timeout
#define SSL_CTX_set_tmp_ecdh wolfSSL_SSL_CTX_set_tmp_ecdh
#define SSL_CTX_remove_session wolfSSL_SSL_CTX_remove_session
@ -1191,7 +1257,11 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#define SSL_CTX_set_tlsext_ticket_key_cb wolfSSL_CTX_set_tlsext_ticket_key_cb
#define SSL_CTX_set_tlsext_status_cb wolfSSL_CTX_set_tlsext_status_cb
#define SSL_CTX_get_extra_chain_certs wolfSSL_CTX_get_extra_chain_certs
#define sk_OPENSSL_STRING_num wolfSSL_sk_WOLFSSL_STRING_num
#define sk_OPENSSL_STRING_value wolfSSL_sk_WOLFSSL_STRING_value
#define sk_OPENSSL_PSTRING_num wolfSSL_sk_WOLFSSL_STRING_num
#define sk_OPENSSL_PSTRING_value (WOLFSSL_STRING*)wolfSSL_sk_WOLFSSL_STRING_value
#define sk_OPENSSL_STRING_free wolfSSL_sk_free
#define SSL_get0_alpn_selected wolfSSL_get0_alpn_selected
#define SSL_select_next_proto wolfSSL_select_next_proto
#define SSL_CTX_set_alpn_select_cb wolfSSL_CTX_set_alpn_select_cb
@ -1213,8 +1283,10 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#define SSL_CTX_add_client_CA wolfSSL_CTX_add_client_CA
#define SSL_CTX_set_srp_password wolfSSL_CTX_set_srp_password
#define SSL_CTX_set_srp_username wolfSSL_CTX_set_srp_username
#define SSL_CTX_set_srp_strength wolfSSL_CTX_set_srp_strength
#define SSL_get_SSL_CTX wolfSSL_get_SSL_CTX
#define SSL_get0_param wolfSSL_get0_param
#define SSL_get_srp_username wolfSSL_get_srp_username
#define ERR_NUM_ERRORS 16
#define SN_pkcs9_emailAddress "Email"
@ -1246,6 +1318,10 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#define OpenSSL_version(x) wolfSSL_OpenSSL_version()
#ifndef NO_WOLFSSL_STUB
#define OBJ_create_objects(...)
#endif
#ifdef __cplusplus
} /* extern "C" */
#endif

3
wolfssl/openssl/stack.h
View File

@ -28,15 +28,12 @@
extern "C" {
#endif
#include <wolfssl/openssl/conf.h>
typedef void (*wolfSSL_sk_freefunc)(void *);
WOLFSSL_API void wolfSSL_sk_GENERIC_pop_free(WOLFSSL_STACK* sk, wolfSSL_sk_freefunc);
WOLFSSL_API void wolfSSL_sk_GENERIC_free(WOLFSSL_STACK *);
WOLFSSL_API int wolfSSL_sk_GENERIC_push(WOLFSSL_STACK *sk, void *data);
WOLFSSL_API void wolfSSL_sk_pop_free(WOLFSSL_STACK *st, void (*func) (void *));
WOLFSSL_API void wolfSSL_sk_CONF_VALUE_free(WOLF_STACK_OF(WOLFSSL_CONF_VALUE)* sk);
WOLFSSL_API WOLFSSL_STACK *wolfSSL_sk_new_null(void);
WOLFSSL_API int wolfSSL_sk_CIPHER_push(WOLFSSL_STACK *st,WOLFSSL_CIPHER *cipher);

59
wolfssl/openssl/txt_db.h Normal file
View File

@ -0,0 +1,59 @@
/* txt_db.h
*
* Copyright (C) 2006-2020 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#ifndef WOLFSSL_TXT_DB_H_
#define WOLFSSL_TXT_DB_H_
#include <wolfssl/openssl/ssl.h>
#define WOLFSSL_TXT_DB_MAX_FIELDS 10
struct WOLFSSL_TXT_DB {
int num_fields;
WOLF_STACK_OF(WOLFSSL_STRING) *data;
long error;
long arg1;
long arg2;
wolf_sk_compare_cb comp[WOLFSSL_TXT_DB_MAX_FIELDS];
wolf_sk_hash_cb hash_fn[WOLFSSL_TXT_DB_MAX_FIELDS];
};
typedef struct WOLFSSL_TXT_DB WOLFSSL_TXT_DB;
WOLFSSL_API WOLFSSL_TXT_DB *wolfSSL_TXT_DB_read(WOLFSSL_BIO *in, int num);
WOLFSSL_API long wolfSSL_TXT_DB_write(WOLFSSL_BIO *out, WOLFSSL_TXT_DB *db);
WOLFSSL_API int wolfSSL_TXT_DB_insert(WOLFSSL_TXT_DB *db, WOLFSSL_STRING *row);
WOLFSSL_API void wolfSSL_TXT_DB_free(WOLFSSL_TXT_DB *db);
WOLFSSL_API int wolfSSL_TXT_DB_create_index(WOLFSSL_TXT_DB *db, int field,
void* qual, wolf_sk_hash_cb hash, wolf_sk_compare_cb cmp);
WOLFSSL_API WOLFSSL_STRING *wolfSSL_TXT_DB_get_by_index(WOLFSSL_TXT_DB *db,
int idx, WOLFSSL_STRING *value);
#define TXT_DB WOLFSSL_TXT_DB
#define TXT_DB_read wolfSSL_TXT_DB_read
#define TXT_DB_write wolfSSL_TXT_DB_write
#define TXT_DB_insert wolfSSL_TXT_DB_insert
#define TXT_DB_free wolfSSL_TXT_DB_free
#define TXT_DB_create_index wolfSSL_TXT_DB_create_index
#define TXT_DB_get_by_index wolfSSL_TXT_DB_get_by_index
#endif /* WOLFSSL_TXT_DB_H_ */

20
wolfssl/openssl/x509.h
View File

@ -5,6 +5,7 @@
#include <wolfssl/openssl/dh.h>
#include <wolfssl/openssl/ec.h>
#include <wolfssl/openssl/ecdsa.h>
#include <wolfssl/openssl/pkcs7.h>
/* wolfSSL_X509_print_ex flags */
#define X509_FLAG_COMPAT (0UL)
@ -23,4 +24,21 @@
#define X509_FLAG_NO_IDS (1UL << 12)
#define XN_FLAG_FN_SN 0
#define XN_FLAG_SEP_CPLUS_SPC 2
#define XN_FLAG_ONELINE 0
#define XN_FLAG_COMPAT 0
#define XN_FLAG_RFC2253 1
#define XN_FLAG_SEP_COMMA_PLUS (1 << 16)
#define XN_FLAG_SEP_CPLUS_SPC (2 << 16)
#define XN_FLAG_SEP_SPLUS_SPC (3 << 16)
#define XN_FLAG_SEP_MULTILINE (4 << 16)
#define XN_FLAG_SEP_MASK (0xF << 16)
#define XN_FLAG_DN_REV (1 << 20)
#define XN_FLAG_FN_LN (1 << 21)
#define XN_FLAG_FN_OID (2 << 21)
#define XN_FLAG_FN_NONE (3 << 21)
#define XN_FLAG_FN_MASK (3 << 21)
#define XN_FLAG_SPC_EQ (1 << 23)
#define XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24)
#define XN_FLAG_FN_ALIGN (1 << 25)
#define XN_FLAG_MULTILINE 0xFFFF

19
wolfssl/openssl/x509v3.h
View File

@ -83,6 +83,8 @@ struct WOLFSSL_X509_EXTENSION {
#define X509V3_CTX WOLFSSL_X509V3_CTX
#define CTX_TEST 0x1
typedef struct WOLFSSL_AUTHORITY_KEYID AUTHORITY_KEYID;
typedef struct WOLFSSL_BASIC_CONSTRAINTS BASIC_CONSTRAINTS;
typedef struct WOLFSSL_ACCESS_DESCRIPTION ACCESS_DESCRIPTION;
@ -99,6 +101,8 @@ WOLFSSL_API char* wolfSSL_i2s_ASN1_STRING(WOLFSSL_v3_ext_method *method,
const WOLFSSL_ASN1_STRING *s);
WOLFSSL_API int wolfSSL_X509V3_EXT_print(WOLFSSL_BIO *out,
WOLFSSL_X509_EXTENSION *ext, unsigned long flag, int indent);
WOLFSSL_API int wolfSSL_X509V3_EXT_add_nconf(WOLFSSL_CONF *conf, WOLFSSL_X509V3_CTX *ctx,
const char *section, WOLFSSL_X509 *cert);
#define BASIC_CONSTRAINTS_free wolfSSL_BASIC_CONSTRAINTS_free
#define AUTHORITY_KEYID_free wolfSSL_AUTHORITY_KEYID_free
@ -107,11 +111,20 @@ WOLFSSL_API int wolfSSL_X509V3_EXT_print(WOLFSSL_BIO *out,
#define ASN1_OCTET_STRING WOLFSSL_ASN1_STRING
#define X509V3_EXT_get wolfSSL_X509V3_EXT_get
#define X509V3_EXT_d2i wolfSSL_X509V3_EXT_d2i
#define X509V3_EXT_add_nconf wolfSSL_X509V3_EXT_add_nconf
#ifndef NO_WOLFSSL_STUB
#define X509V3_parse_list(...) NULL
#endif
#define i2s_ASN1_OCTET_STRING wolfSSL_i2s_ASN1_STRING
#define X509V3_EXT_print wolfSSL_X509V3_EXT_print
#define X509V3_EXT_conf_nid wolfSSL_X509V3_EXT_conf_nid
#define X509V3_set_ctx wolfSSL_X509V3_set_ctx
#define X509V3_set_ctx_nodb wolfSSL_X509V3_set_ctx_nodb
#define X509V3_EXT_conf_nid wolfSSL_X509V3_EXT_conf_nid
#define X509V3_set_ctx wolfSSL_X509V3_set_ctx
#ifndef NO_WOLFSSL_STUB
#define X509V3_set_nconf(...)
#endif
#define X509V3_set_ctx_test(ctx) wolfSSL_X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST)
#define X509V3_set_ctx_nodb wolfSSL_X509V3_set_ctx_nodb
#define X509v3_get_ext_count wolfSSL_sk_num
#ifdef __cplusplus
}

156
wolfssl/ssl.h
View File

@ -102,6 +102,19 @@
extern "C" {
#endif
/* LHASH is implemented as a stack */
typedef struct WOLFSSL_STACK WOLFSSL_LHASH;
#ifndef WOLF_LHASH_OF
#define WOLF_LHASH_OF(x) WOLFSSL_LHASH
#endif
#ifndef WOLF_STACK_OF
#define WOLF_STACK_OF(x) WOLFSSL_STACK
#endif
#ifndef DECLARE_STACK_OF
#define DECLARE_STACK_OF(x) WOLF_STACK_OF(x);
#endif
#ifndef WOLFSSL_WOLFSSL_TYPE_DEFINED
#define WOLFSSL_WOLFSSL_TYPE_DEFINED
typedef struct WOLFSSL WOLFSSL;
@ -175,7 +188,6 @@ typedef struct WOLFSSL_X509_VERIFY_PARAM WOLFSSL_X509_VERIFY_PARAM;
typedef struct WOLFSSL_BIO WOLFSSL_BIO;
typedef struct WOLFSSL_BIO_METHOD WOLFSSL_BIO_METHOD;
typedef struct WOLFSSL_X509_EXTENSION WOLFSSL_X509_EXTENSION;
typedef struct WOLFSSL_CONF_VALUE WOLFSSL_CONF_VALUE;
typedef struct WOLFSSL_ASN1_OBJECT WOLFSSL_ASN1_OBJECT;
typedef struct WOLFSSL_ASN1_OTHERNAME WOLFSSL_ASN1_OTHERNAME;
typedef struct WOLFSSL_X509V3_CTX WOLFSSL_X509V3_CTX;
@ -189,6 +201,7 @@ typedef struct WOLFSSL_DH WOLFSSL_DH;
#endif
typedef struct WOLFSSL_ASN1_BIT_STRING WOLFSSL_ASN1_BIT_STRING;
typedef struct WOLFSSL_ASN1_TYPE WOLFSSL_ASN1_TYPE;
typedef struct WOLFSSL_X509_ATTRIBUTE WOLFSSL_X509_ATTRIBUTE;
typedef struct WOLFSSL_GENERAL_NAME WOLFSSL_GENERAL_NAME;
typedef struct WOLFSSL_AUTHORITY_KEYID WOLFSSL_AUTHORITY_KEYID;
@ -318,6 +331,12 @@ struct WOLFSSL_ASN1_TYPE {
} value;
};
struct WOLFSSL_X509_ATTRIBUTE {
WOLFSSL_ASN1_OBJECT *object;
WOLFSSL_ASN1_TYPE *value;
WOLF_STACK_OF(WOLFSSL_ASN1_TYPE) *set;
};
struct WOLFSSL_EVP_PKEY {
void* heap;
int type; /* openssh dereference */
@ -472,6 +491,8 @@ struct WOLFSSL_BIO {
void* heap; /* user heap hint */
void* ptr; /* WOLFSSL, file descriptor, MD, or mem buf */
void* usrCtx; /* user set pointer */
const char* ip; /* IP address for wolfIO_TcpConnect */
word16 port; /* Port for wolfIO_TcpConnect */
char* infoArg; /* BIO callback argument */
wolf_bio_info_cb infoCb; /* BIO callback */
int wrSz; /* write buffer size (mem) */
@ -1088,20 +1109,6 @@ WOLFSSL_API const char* wolfSSL_ERR_reason_error_string(unsigned long);
/* extras */
/* for now LHASH is not implemented */
typedef int WOLFSSL_LHASH;
#ifndef WOLF_LHASH_OF
#define WOLF_LHASH_OF(x) WOLFSSL_LHASH
#endif
#ifndef WOLF_STACK_OF
#define WOLF_STACK_OF(x) WOLFSSL_STACK
#endif
#ifndef DECLARE_STACK_OF
#define DECLARE_STACK_OF(x) WOLF_STACK_OF(x);
#endif
WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_new_node(void* heap);
WOLFSSL_API void wolfSSL_sk_free(WOLFSSL_STACK* sk);
WOLFSSL_API void wolfSSL_sk_free_node(WOLFSSL_STACK* in);
@ -1166,6 +1173,7 @@ WOLFSSL_API void wolfSSL_sk_ASN1_OBJECT_pop_free(
WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk,
void (*f)(WOLFSSL_ASN1_OBJECT*));
WOLFSSL_API int wolfSSL_ASN1_STRING_to_UTF8(unsigned char **out, WOLFSSL_ASN1_STRING *in);
WOLFSSL_API int wolfSSL_ASN1_UNIVERSALSTRING_to_string(WOLFSSL_ASN1_STRING *s);
WOLFSSL_API int wolfSSL_sk_X509_EXTENSION_num(WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk);
WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_sk_X509_EXTENSION_value(
WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk, int idx);
@ -1281,11 +1289,16 @@ WOLFSSL_API void wolfSSL_set_bio(WOLFSSL*, WOLFSSL_BIO* rd, WOLFSSL_BIO* wr);
#ifndef NO_FILESYSTEM
WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_file(void);
WOLFSSL_API WOLFSSL_BIO *wolfSSL_BIO_new_fd(int fd, int close_flag);
#endif
WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_bio(void);
WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_socket(void);
WOLFSSL_API WOLFSSL_BIO *wolfSSL_BIO_new_connect(const char *str);
WOLFSSL_API long wolfSSL_BIO_set_conn_port(WOLFSSL_BIO *b, char* port);
WOLFSSL_API long wolfSSL_BIO_do_connect(WOLFSSL_BIO *b);
WOLFSSL_API long wolfSSL_BIO_ctrl(WOLFSSL_BIO *bp, int cmd, long larg, void *parg);
WOLFSSL_API long wolfSSL_BIO_int_ctrl(WOLFSSL_BIO *bp, int cmd, long larg, int iarg);
@ -1347,6 +1360,13 @@ WOLFSSL_API int wolfSSL_RSA_print(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa, int offset
#endif
WOLFSSL_API int wolfSSL_X509_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509* x509,
unsigned long nmflags, unsigned long cflag);
#ifndef NO_FILESYSTEM
WOLFSSL_API int wolfSSL_X509_print_fp(XFILE fp, WOLFSSL_X509 *x509);
#endif
WOLFSSL_API int wolfSSL_X509_signature_print(WOLFSSL_BIO *bp,
const WOLFSSL_X509_ALGOR *sigalg, const WOLFSSL_ASN1_STRING *sig);
WOLFSSL_API void wolfSSL_X509_get0_signature(const WOLFSSL_ASN1_BIT_STRING **psig,
const WOLFSSL_X509_ALGOR **palg, const WOLFSSL_X509 *x509);
WOLFSSL_API int wolfSSL_X509_print(WOLFSSL_BIO* bio, WOLFSSL_X509* x509);
WOLFSSL_ABI WOLFSSL_API char* wolfSSL_X509_NAME_oneline(WOLFSSL_X509_NAME*,
char*, int);
@ -1371,6 +1391,9 @@ WOLFSSL_API unsigned char* wolfSSL_X509_get_subjectKeyID(
WOLFSSL_X509*, unsigned char*, int*);
WOLFSSL_API int wolfSSL_X509_verify(WOLFSSL_X509* x509, WOLFSSL_EVP_PKEY* pkey);
#ifdef WOLFSSL_CERT_REQ
WOLFSSL_API int wolfSSL_X509_REQ_verify(WOLFSSL_X509* x509, WOLFSSL_EVP_PKEY* pkey);
#endif
WOLFSSL_API int wolfSSL_X509_set_subject_name(WOLFSSL_X509*,
WOLFSSL_X509_NAME*);
WOLFSSL_API int wolfSSL_X509_set_issuer_name(WOLFSSL_X509*,
@ -1387,6 +1410,7 @@ WOLFSSL_API int wolfSSL_X509_set_serialNumber(WOLFSSL_X509* x509,
WOLFSSL_API int wolfSSL_X509_set_version(WOLFSSL_X509* x509, long v);
WOLFSSL_API int wolfSSL_X509_sign(WOLFSSL_X509* x509, WOLFSSL_EVP_PKEY* pkey,
const WOLFSSL_EVP_MD* md);
WOLFSSL_API int wolfSSL_X509_sign_ctx(WOLFSSL_X509 *x509, WOLFSSL_EVP_MD_CTX *ctx);
WOLFSSL_API int wolfSSL_X509_NAME_entry_count(WOLFSSL_X509_NAME*);
@ -1401,6 +1425,7 @@ WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_ASN1_STRING_dup(WOLFSSL_ASN1_STRING* as
WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_ASN1_STRING_type_new(int type);
WOLFSSL_API int wolfSSL_ASN1_STRING_type(const WOLFSSL_ASN1_STRING* asn1);
WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_d2i_DISPLAYTEXT(WOLFSSL_ASN1_STRING **asn, const unsigned char **in, long len);
WOLFSSL_API int wolfSSL_ASN1_STRING_cmp(const WOLFSSL_ASN1_STRING *a, const WOLFSSL_ASN1_STRING *b);
WOLFSSL_API void wolfSSL_ASN1_STRING_free(WOLFSSL_ASN1_STRING* asn1);
WOLFSSL_API int wolfSSL_ASN1_STRING_set(WOLFSSL_ASN1_STRING* asn1,
const void* data, int dataSz);
@ -1430,6 +1455,8 @@ WOLFSSL_API WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get_chain(
WOLFSSL_X509_STORE_CTX* ctx);
WOLFSSL_API WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get1_chain(
WOLFSSL_X509_STORE_CTX* ctx);
WOLFSSL_API WOLFSSL_X509_STORE_CTX *wolfSSL_X509_STORE_CTX_get0_parent_ctx(
WOLFSSL_X509_STORE_CTX *ctx);
WOLFSSL_API int wolfSSL_X509_STORE_set_flags(WOLFSSL_X509_STORE* store,
unsigned long flag);
WOLFSSL_API int wolfSSL_X509_STORE_set_default_paths(WOLFSSL_X509_STORE*);
@ -1443,7 +1470,7 @@ WOLFSSL_API void wolfSSL_X509_STORE_CTX_cleanup(WOLFSSL_X509_STORE_CTX*);
WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_lastUpdate(WOLFSSL_X509_CRL*);
WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_nextUpdate(WOLFSSL_X509_CRL*);
WOLFSSL_ASN1_TIME* wolfSSL_X509_gmtime_adj(WOLFSSL_ASN1_TIME *s, long adj);
WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_X509_gmtime_adj(WOLFSSL_ASN1_TIME *s, long adj);
WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509*);
WOLFSSL_API int wolfSSL_X509_CRL_verify(WOLFSSL_X509_CRL*, WOLFSSL_EVP_PKEY*);
@ -1598,6 +1625,9 @@ WOLFSSL_API long wolfSSL_CTX_set_tlsext_opaque_prf_input_callback_arg(
WOLFSSL_API int wolfSSL_CTX_add_client_CA(WOLFSSL_CTX*, WOLFSSL_X509*);
WOLFSSL_API int wolfSSL_CTX_set_srp_password(WOLFSSL_CTX*, char*);
WOLFSSL_API int wolfSSL_CTX_set_srp_username(WOLFSSL_CTX*, char*);
WOLFSSL_API int wolfSSL_CTX_set_srp_strength(WOLFSSL_CTX *ctx, int strength);
WOLFSSL_API char* wolfSSL_get_srp_username(WOLFSSL *ssl);
WOLFSSL_API long wolfSSL_set_options(WOLFSSL *s, long op);
WOLFSSL_API long wolfSSL_get_options(const WOLFSSL *s);
@ -1805,12 +1835,6 @@ enum {
X509_R_CERT_ALREADY_IN_HASH_TABLE,
XN_FLAG_SPC_EQ = (1 << 23),
XN_FLAG_SEP_CPLUS_SPC = (2 << 16),
XN_FLAG_ONELINE = 0,
XN_FLAG_RFC2253 = 1,
XN_FLAG_DN_REV = (1 << 20),
CRYPTO_LOCK = 1,
CRYPTO_NUM_LOCKS = 10,
@ -2078,10 +2102,11 @@ WOLFSSL_API int wolfSSL_ASN1_TIME_diff(int *pday, int *psec,
const WOLFSSL_ASN1_TIME *from, const WOLFSSL_ASN1_TIME *to);
#ifdef OPENSSL_EXTRA
WOLFSSL_API WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_set(WOLFSSL_ASN1_TIME *s, time_t t);
WOLFSSL_API int wolfSSL_ASN1_TIME_set_string(WOLFSSL_ASN1_TIME *s, const char *str);
#endif
WOLFSSL_API int wolfSSL_sk_num(WOLFSSL_STACK* sk);
WOLFSSL_API void* wolfSSL_sk_value(WOLFSSL_STACK* sk, int i);
WOLFSSL_API int wolfSSL_sk_num(const WOLFSSL_STACK* sk);
WOLFSSL_API void* wolfSSL_sk_value(const WOLFSSL_STACK* sk, int i);
#if (defined(HAVE_EX_DATA) || defined(FORTRESS)) && \
(defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || defined(WOLFSSL_WPAS_SMALL))
@ -2181,6 +2206,10 @@ WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509(WOLFSSL_X509** x509,
const unsigned char** in, int len);
WOLFSSL_API WOLFSSL_X509*
wolfSSL_X509_d2i(WOLFSSL_X509** x509, const unsigned char* in, int len);
#ifdef WOLFSSL_CERT_REQ
WOLFSSL_API WOLFSSL_X509*
wolfSSL_X509_REQ_d2i(WOLFSSL_X509** x509, const unsigned char* in, int len);
#endif
WOLFSSL_API int wolfSSL_i2d_X509(WOLFSSL_X509* x509, unsigned char** out);
WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL(WOLFSSL_X509_CRL **crl,
const unsigned char *in, int len);
@ -2199,6 +2228,10 @@ WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509*
#endif
WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_load_certificate_buffer(
const unsigned char* buf, int sz, int format);
#ifdef WOLFSSL_CERT_REQ
WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_REQ_load_certificate_buffer(
const unsigned char* buf, int sz, int format);
#endif
#ifdef WOLFSSL_SEP
WOLFSSL_API unsigned char*
@ -2226,6 +2259,8 @@ WOLFSSL_API WOLFSSL_X509_PKCS12* wolfSSL_d2i_PKCS12_fp(XFILE fp,
WOLFSSL_API int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
WOLFSSL_EVP_PKEY** pkey, WOLFSSL_X509** cert,
WOLF_STACK_OF(WOLFSSL_X509)** ca);
WOLFSSL_API int wolfSSL_PKCS12_verify_mac(WC_PKCS12 *pkcs12, const char *psw,
int pswLen);
WOLFSSL_API WC_PKCS12* wolfSSL_PKCS12_create(char* pass, char* name,
WOLFSSL_EVP_PKEY* pkey, WOLFSSL_X509* cert,
WOLF_STACK_OF(WOLFSSL_X509)* ca,
@ -2748,6 +2783,7 @@ WOLFSSL_API void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl);
WOLFSSL_API WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew_ex(void* heap);
WOLFSSL_API WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew(void);
WOLFSSL_API void wolfSSL_CertManagerFree(WOLFSSL_CERT_MANAGER*);
WOLFSSL_API int wolfSSL_CertManager_up_ref(WOLFSSL_CERT_MANAGER*);
WOLFSSL_API int wolfSSL_CertManagerLoadCA(WOLFSSL_CERT_MANAGER*, const char* f,
const char* d);
@ -3341,6 +3377,8 @@ WOLFSSL_API int wolfSSL_X509_NAME_add_entry_by_txt(WOLFSSL_X509_NAME *name,
WOLFSSL_API int wolfSSL_X509_NAME_add_entry_by_NID(WOLFSSL_X509_NAME *name, int nid,
int type, const unsigned char *bytes,
int len, int loc, int set);
WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_delete_entry(
WOLFSSL_X509_NAME *name, int loc);
WOLFSSL_API int wolfSSL_X509_NAME_cmp(const WOLFSSL_X509_NAME* x,
const WOLFSSL_X509_NAME* y);
WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_NAME_new(void);
@ -3373,6 +3411,7 @@ WOLFSSL_API int wolfSSL_X509_get_ext_by_NID(const WOLFSSL_X509 *x, int nid, int
WOLFSSL_API int wolfSSL_X509_add_ext(WOLFSSL_X509 *x, WOLFSSL_X509_EXTENSION *ex, int loc);
WOLFSSL_API WOLFSSL_X509_EXTENSION *wolfSSL_X509V3_EXT_i2d(int nid, int crit,
void *data);
WOLFSSL_API WOLFSSL_X509_EXTENSION *wolfSSL_X509_delete_ext(WOLFSSL_X509 *x509, int loc);
WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509V3_EXT_conf_nid(
WOLF_LHASH_OF(CONF_VALUE)* conf, WOLFSSL_X509V3_CTX* ctx, int nid,
char* value);
@ -3396,7 +3435,11 @@ WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_ASN1(int pri, WOLFSSL_CTX* ctx,
#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
WOLFSSL_API int wolfSSL_X509_cmp(const WOLFSSL_X509* a, const WOLFSSL_X509* b);
WOLFSSL_API const WOLFSSL_STACK *wolfSSL_X509_get0_extensions(const WOLFSSL_X509 *x);
WOLFSSL_API const WOLFSSL_STACK *wolfSSL_X509_REQ_get_extensions(const WOLFSSL_X509 *x);
WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509_get_ext(const WOLFSSL_X509* x, int loc);
WOLFSSL_API int wolfSSL_X509_get_ext_by_OBJ(const WOLFSSL_X509 *x,
const WOLFSSL_ASN1_OBJECT *obj, int lastpos);
WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x, int loc);
WOLFSSL_API int wolfSSL_X509_EXTENSION_get_critical(const WOLFSSL_X509_EXTENSION* ex);
WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509_EXTENSION_new(void);
@ -3418,6 +3461,9 @@ WOLFSSL_API int wolfSSL_SESSION_get_master_key(const WOLFSSL_SESSION* ses,
WOLFSSL_API int wolfSSL_SESSION_get_master_key_length(const WOLFSSL_SESSION* ses);
WOLFSSL_API int wolfSSL_i2d_X509_bio(WOLFSSL_BIO* bio, WOLFSSL_X509* x509);
#ifdef WOLFSSL_CERT_REQ
WOLFSSL_API int wolfSSL_i2d_X509_REQ_bio(WOLFSSL_BIO* bio, WOLFSSL_X509* x509);
#endif
#if !defined(NO_FILESYSTEM)
WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509_fp(XFILE fp,
WOLFSSL_X509** x509);
@ -3425,6 +3471,10 @@ WOLFSSL_API WOLFSSL_STACK* wolfSSL_X509_STORE_GetCerts(WOLFSSL_X509_STORE_CTX* s
#endif
WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509_bio(WOLFSSL_BIO* bio,
WOLFSSL_X509** x509);
#ifdef WOLFSSL_CERT_REQ
WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509_REQ_bio(WOLFSSL_BIO* bio,
WOLFSSL_X509** x509);
#endif
#endif /* OPENSSL_EXTRA || OPENSSL_ALL */
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
@ -3448,6 +3498,9 @@ WOLFSSL_API int wolfSSL_CTX_set_max_proto_version(WOLFSSL_CTX*, int);
WOLFSSL_API int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey);
WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u);
#ifdef WOLFSSL_CERT_REQ
WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_REQ(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u);
#endif
WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_PEM_read_bio_X509_CRL(WOLFSSL_BIO *bp,
WOLFSSL_X509_CRL **x, pem_password_cb *cb, void *u);
WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_AUX
@ -3527,6 +3580,7 @@ WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_fp(XFILE fp, int c);
|| defined(WOLFSSL_MYSQL_COMPATIBLE) \
|| defined(WOLFSSL_HAPROXY) \
|| defined(OPENSSL_EXTRA)
#define X509_BUFFER_SZ 8192
WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_file(const char *filename, const char *mode);
WOLFSSL_API long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX*, WOLFSSL_DH*);
@ -3546,12 +3600,31 @@ WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_REQ_new(void);
WOLFSSL_API void wolfSSL_X509_REQ_free(WOLFSSL_X509* req);
WOLFSSL_API int wolfSSL_X509_REQ_sign(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey,
const WOLFSSL_EVP_MD *md);
WOLFSSL_API int wolfSSL_X509_REQ_sign_ctx(WOLFSSL_X509 *req,
WOLFSSL_EVP_MD_CTX* md_ctx);
WOLFSSL_API int wolfSSL_X509_REQ_add_extensions(WOLFSSL_X509* req,
WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* ext);
WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* ext_sk);
WOLFSSL_API int wolfSSL_X509_REQ_set_subject_name(WOLFSSL_X509 *req,
WOLFSSL_X509_NAME *name);
WOLFSSL_API int wolfSSL_X509_REQ_set_pubkey(WOLFSSL_X509 *req,
WOLFSSL_EVP_PKEY *pkey);
WOLFSSL_API int wolfSSL_X509_REQ_add1_attr_by_NID(WOLFSSL_X509 *req,
int nid, int type,
const unsigned char *bytes,
int len);
WOLFSSL_API int wolfSSL_X509_REQ_get_attr_by_NID(const WOLFSSL_X509 *req,
int nid, int lastpos);
WOLFSSL_API int wolfSSL_X509_REQ_add1_attr_by_txt(WOLFSSL_X509 *req,
const char *attrname, int type,
const unsigned char *bytes, int len);
WOLFSSL_API WOLFSSL_X509_ATTRIBUTE *wolfSSL_X509_REQ_get_attr(
const WOLFSSL_X509 *req, int loc);
WOLFSSL_API WOLFSSL_X509_ATTRIBUTE* wolfSSL_X509_ATTRIBUTE_new(void);
WOLFSSL_API void wolfSSL_X509_ATTRIBUTE_free(WOLFSSL_X509_ATTRIBUTE* attr);
WOLFSSL_API WOLFSSL_ASN1_TYPE *wolfSSL_X509_ATTRIBUTE_get0_type(
WOLFSSL_X509_ATTRIBUTE *attr, int idx);
WOLFSSL_API WOLFSSL_X509 *wolfSSL_X509_to_X509_REQ(WOLFSSL_X509 *x,
WOLFSSL_EVP_PKEY *pkey, const WOLFSSL_EVP_MD *md);
#endif
@ -3611,8 +3684,9 @@ WOLFSSL_API void wolfSSL_sk_X509_INFO_pop_free(WOLF_STACK_OF(WOLFSSL_X509_INFO)*
void (*f) (WOLFSSL_X509_INFO*));
WOLFSSL_API void wolfSSL_sk_X509_INFO_free(WOLF_STACK_OF(WOLFSSL_X509_INFO)*);
typedef int (*wolf_sk_compare_cb)(const void* const *a,
const void* const *b);
typedef int (*wolf_sk_compare_cb)(const void* a,
const void* b);
typedef unsigned long (*wolf_sk_hash_cb) (const void *v);
WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_sk_X509_NAME_new(
wolf_sk_compare_cb);
WOLFSSL_API int wolfSSL_sk_X509_NAME_push(WOLF_STACK_OF(WOLFSSL_X509_NAME)*,
@ -3632,6 +3706,18 @@ WOLFSSL_API int wolfSSL_sk_X509_OBJECT_num(const WOLF_STACK_OF(WOLFSSL_X509_OBJE
WOLFSSL_API int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO*,WOLFSSL_X509_NAME*,int,
unsigned long);
#ifndef NO_FILESYSTEM
WOLFSSL_API int wolfSSL_X509_NAME_print_ex_fp(XFILE,WOLFSSL_X509_NAME*,int,
unsigned long);
#endif
WOLFSSL_API WOLFSSL_STACK *wolfSSL_sk_CONF_VALUE_new(wolf_sk_compare_cb compFunc);
WOLFSSL_API void wolfSSL_sk_CONF_VALUE_free(struct WOLFSSL_STACK *sk);
WOLFSSL_API int wolfSSL_sk_CONF_VALUE_num(const WOLFSSL_STACK *sk);
WOLFSSL_API WOLFSSL_CONF_VALUE *wolfSSL_sk_CONF_VALUE_value(
const struct WOLFSSL_STACK *sk, int i);
WOLFSSL_API int wolfSSL_sk_CONF_VALUE_push(WOLF_STACK_OF(WOLFSSL_CONF_VALUE)* sk,
WOLFSSL_CONF_VALUE* val);
#endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || OPENSSL_EXTRA || HAVE_LIGHTY */
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
@ -3775,6 +3861,7 @@ WOLFSSL_API int wolfSSL_set_alpn_protos(WOLFSSL* ssl,
const unsigned char* protos, unsigned int protos_len);
WOLFSSL_API void *wolfSSL_OPENSSL_memdup(const void *data,
size_t siz, const char* file, int line);
WOLFSSL_API void wolfSSL_OPENSSL_cleanse(void *ptr, size_t len);
WOLFSSL_API void wolfSSL_ERR_load_BIO_strings(void);
#endif
@ -3861,8 +3948,12 @@ WOLFSSL_API WOLF_STACK_OF(WOLFSSL_STRING) *wolfSSL_X509_get1_ocsp(WOLFSSL_X509 *
WOLFSSL_API int wolfSSL_X509_check_issued(WOLFSSL_X509 *issuer,
WOLFSSL_X509 *subject);
WOLFSSL_API char* wolfSSL_sk_WOLFSSL_STRING_value(
WOLFSSL_API WOLF_STACK_OF(WOLFSSL_STRING)* wolfSSL_sk_WOLFSSL_STRING_new(void);
WOLFSSL_API void wolfSSL_sk_WOLFSSL_STRING_free(WOLF_STACK_OF(WOLFSSL_STRING)* sk);
WOLFSSL_API WOLFSSL_STRING wolfSSL_sk_WOLFSSL_STRING_value(
WOLF_STACK_OF(WOLFSSL_STRING)* strings, int idx);
WOLFSSL_API int wolfSSL_sk_WOLFSSL_STRING_num(
WOLF_STACK_OF(WOLFSSL_STRING)* strings);
#endif /* HAVE_OCSP || OPENSSL_EXTRA || OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
WOLFSSL_API int PEM_write_bio_WOLFSSL_X509(WOLFSSL_BIO *bio,
@ -3911,8 +4002,8 @@ WOLFSSL_API int wolfSSL_X509_check_ip_asc(WOLFSSL_X509 *x, const char *ipasc,
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
WOLFSSL_API const unsigned char *SSL_SESSION_get0_id_context(
const WOLFSSL_SESSION *sess, unsigned int *sid_ctx_length);
WOLFSSL_API size_t SSL_get_finished(const WOLFSSL *s, void *buf, size_t count);
WOLFSSL_API size_t SSL_get_peer_finished(const WOLFSSL *s, void *buf, size_t count);
WOLFSSL_API size_t wolfSSL_get_finished(const WOLFSSL *ssl, void *buf, size_t count);
WOLFSSL_API size_t wolfSSL_get_peer_finished(const WOLFSSL *ssl, void *buf, size_t count);
#endif
WOLFSSL_API int SSL_SESSION_set1_id(WOLFSSL_SESSION *s, const unsigned char *sid, unsigned int sid_len);
@ -3931,6 +4022,9 @@ WOLFSSL_API int wolfSSL_X509_PUBKEY_get0_param(WOLFSSL_ASN1_OBJECT **ppkalg, con
WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_X509_PUBKEY_get(WOLFSSL_X509_PUBKEY* key);
WOLFSSL_API int wolfSSL_X509_PUBKEY_set(WOLFSSL_X509_PUBKEY **x, WOLFSSL_EVP_PKEY *key);
WOLFSSL_API int i2t_ASN1_OBJECT(char *buf, int buf_len, WOLFSSL_ASN1_OBJECT *a);
WOLFSSL_API WOLFSSL_ASN1_OBJECT *wolfSSL_d2i_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT **a,
const unsigned char **der,
long length);
WOLFSSL_API int wolfSSL_i2a_ASN1_OBJECT(WOLFSSL_BIO *bp, WOLFSSL_ASN1_OBJECT *a);
WOLFSSL_API int wolfSSL_i2d_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT *a, unsigned char **pp);
WOLFSSL_API void SSL_CTX_set_tmp_dh_callback(WOLFSSL_CTX *ctx, WOLFSSL_DH *(*dh) (WOLFSSL *ssl, int is_export, int keylength));
@ -3955,6 +4049,8 @@ WOLFSSL_API unsigned char* wolfSSL_ASN1_TIME_get_data(WOLFSSL_ASN1_TIME *t);
WOLFSSL_API WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_to_generalizedtime(WOLFSSL_ASN1_TIME *t,
WOLFSSL_ASN1_TIME **out);
WOLFSSL_API int wolfSSL_i2c_ASN1_INTEGER(WOLFSSL_ASN1_INTEGER *a, unsigned char **pp);
WOLFSSL_API int wolfSSL_a2i_ASN1_INTEGER(WOLFSSL_BIO *bio, WOLFSSL_ASN1_INTEGER *asn1,
char *buf, int size);
WOLFSSL_API int wolfSSL_X509_CA_num(WOLFSSL_X509_STORE *store);
WOLFSSL_API long wolfSSL_X509_get_version(const WOLFSSL_X509 *x);
WOLFSSL_API int wolfSSL_X509_get_signature_nid(const WOLFSSL_X509* x);

52
wolfssl/wolfcrypt/asn.h
View File

@ -100,6 +100,7 @@ enum ASN_Tags {
ASN_SEQUENCE = 0x10,
ASN_SET = 0x11,
ASN_PRINTABLE_STRING = 0x13,
ASN_IA5_STRING = 0x16,
ASN_UTC_TIME = 0x17,
ASN_OTHER_TYPE = 0x00,
ASN_RFC822_TYPE = 0x01,
@ -142,6 +143,9 @@ enum DN_Tags {
ASN_DOMAIN_COMPONENT = 0x19 /* DC */
};
/* This is the size of the smallest possible PEM header and footer */
extern const int pem_struct_min_sz;
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
typedef struct WOLFSSL_ObjectInfo {
int nid;
@ -202,6 +206,7 @@ enum
NID_sha256 = 672,
NID_sha384 = 673,
NID_sha512 = 674,
NID_pkcs9_challengePassword = 54,
NID_hw_name_oid = 73,
NID_id_pkix_OCSP_basic = 74,
NID_any_policy = 75,
@ -228,6 +233,7 @@ enum
NID_inhibit_any_policy = 168, /* 2.5.29.54 */
NID_tlsfeature = 1020, /* id-pe 24 */
NID_commonName = 0x03, /* matches ASN_COMMON_NAME in asn.h */
NID_buildingName = 1494,
NID_surname = 0x04, /* SN */
@ -300,7 +306,7 @@ enum Misc_ASN {
#endif
RSA_INTS = 8, /* RSA ints in private key */
DSA_INTS = 5, /* DSA ints in private key */
MIN_DATE_SIZE = 13,
MIN_DATE_SIZE = 12,
MAX_DATE_SIZE = 32,
ASN_GEN_TIME_SZ = 15, /* 7 numbers * 2 + Zulu tag */
#ifndef NO_RSA
@ -425,6 +431,7 @@ enum Oid_Types {
oidCertNameType = 17,
oidTlsExtType = 18,
oidCrlExtType = 19,
oidCsrAttrType = 20,
oidIgnoreType
};
@ -591,6 +598,14 @@ enum KeyIdType {
};
#endif
#ifdef WOLFSSL_CERT_REQ
enum CsrAttrType {
CHALLENGE_PASSWORD_OID = 659,
SERIAL_NUMBER_OID = 94,
EXTENSION_REQUEST_OID = 666,
};
#endif
/* Key usage extension bits (based on RFC 5280) */
#define KEYUSE_DIGITAL_SIG 0x0080
#define KEYUSE_CONTENT_COMMIT 0x0040
@ -663,7 +678,9 @@ struct SignatureCtx {
byte* digest;
#ifndef NO_RSA
byte* out;
byte* plain;
#endif
#if !(defined(NO_RSA) && defined(NO_DSA))
byte* sigCpy;
#endif
#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
int verify;
@ -672,6 +689,9 @@ struct SignatureCtx {
#ifndef NO_RSA
struct RsaKey* rsa;
#endif
#ifndef NO_DSA
struct DsaKey* dsa;
#endif
#ifdef HAVE_ECC
struct ecc_key* ecc;
#endif
@ -892,6 +912,14 @@ struct DecodedCert {
int extCertPoliciesNb;
#endif /* defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) */
#ifdef WOLFSSL_CERT_REQ
/* CSR attributes */
char* cPwd; /* challengePassword */
int cPwdLen;
char* sNum; /* Serial Number */
int sNumLen;
#endif /* WOLFSSL_CERT_REQ */
Signer* ca;
#ifndef NO_CERTS
SignatureCtx sigCtx;
@ -943,7 +971,9 @@ struct DecodedCert {
#if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT)
byte extCertPolicyCrit : 1;
#endif
#ifdef WOLFSSL_CERT_REQ
byte isCSR : 1; /* Do we intend on parsing a CSR? */
#endif
};
@ -1040,6 +1070,12 @@ WOLFSSL_LOCAL int EncodePolicyOID(byte *out, word32 *outSz,
WOLFSSL_API int CheckCertSignature(const byte*,word32,void*,void* cm);
WOLFSSL_LOCAL int CheckCertSignaturePubKey(const byte* cert, word32 certSz,
void* heap, const byte* pubKey, word32 pubKeySz, int pubKeyOID);
#ifdef WOLFSSL_CERT_REQ
WOLFSSL_LOCAL int CheckCSRSignaturePubKey(const byte* cert, word32 certSz, void* heap,
const byte* pubKey, word32 pubKeySz, int pubKeyOID);
#endif /* WOLFSSL_CERT_REQ */
WOLFSSL_LOCAL int AddSignature(byte* buf, int bodySz, const byte* sig, int sigSz,
int sigAlgoType);
WOLFSSL_LOCAL int ParseCertRelative(DecodedCert*,int type,int verify,void* cm);
WOLFSSL_LOCAL int DecodeToKey(DecodedCert*, int verify);
WOLFSSL_LOCAL int wc_GetPubX509(DecodedCert* cert, int verify, int* badDate);
@ -1112,6 +1148,8 @@ WOLFSSL_LOCAL int GetSequence_ex(const byte* input, word32* inOutIdx, int* len,
word32 maxIdx, int check);
WOLFSSL_LOCAL int GetOctetString(const byte* input, word32* inOutIdx, int* len,
word32 maxIdx);
WOLFSSL_LOCAL int CheckBitString(const byte* input, word32* inOutIdx, int* len,
word32 maxIdx, int zeroBits, byte* unusedBits);
WOLFSSL_LOCAL int GetSet(const byte* input, word32* inOutIdx, int* len,
word32 maxIdx);
WOLFSSL_LOCAL int GetSet_ex(const byte* input, word32* inOutIdx, int* len,
@ -1146,6 +1184,7 @@ WOLFSSL_LOCAL int wc_DhParamsToDer(DhKey* key, byte* out, word32* outSz);
WOLFSSL_LOCAL int wc_DhPubKeyToDer(DhKey* key, byte* out, word32* outSz);
WOLFSSL_LOCAL int wc_DhPrivKeyToDer(DhKey* key, byte* out, word32* outSz);
#endif
WOLFSSL_LOCAL int SetASNInt(int len, byte firstByte, byte* output);
WOLFSSL_LOCAL word32 SetBitString(word32 len, byte unusedBits, byte* output);
WOLFSSL_LOCAL word32 SetImplicit(byte tag,byte number,word32 len,byte* output);
WOLFSSL_LOCAL word32 SetExplicit(byte number, word32 len, byte* output);
@ -1158,7 +1197,9 @@ WOLFSSL_LOCAL int GetSerialNumber(const byte* input, word32* inOutIdx,
byte* serial, int* serialSz, word32 maxIdx);
WOLFSSL_LOCAL int GetNameHash(const byte* source, word32* idx, byte* hash,
int maxIdx);
WOLFSSL_LOCAL int wc_CheckPrivateKey(byte* key, word32 keySz, DecodedCert* der);
WOLFSSL_LOCAL int wc_CheckPrivateKeyCert(const byte* key, word32 keySz, DecodedCert* der);
WOLFSSL_LOCAL int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
const byte* pubKey, word32 pubKeySz, enum Key_Sum ks);
WOLFSSL_LOCAL int StoreDHparams(byte* out, word32* outLen, mp_int* p, mp_int* g);
WOLFSSL_LOCAL int FlattenAltNames( byte*, word32, const DNS_entry*);
@ -1208,7 +1249,8 @@ enum cert_enums {
NTRU_KEY = 11,
ECC_KEY = 12,
ED25519_KEY = 13,
ED448_KEY = 14
ED448_KEY = 14,
DSA_KEY = 15
};
#endif /* WOLFSSL_CERT_GEN */

1
wolfssl/wolfcrypt/asn_public.h
View File

@ -126,6 +126,7 @@ enum CertType {
/* Signature type, by OID sum */
enum Ctc_SigType {
CTC_SHAwDSA = 517,
CTC_SHA256wDSA = 416,
CTC_MD2wRSA = 646,
CTC_MD5wRSA = 648,
CTC_SHAwRSA = 649,

4
wolfssl/wolfcrypt/dh.h
View File

@ -121,8 +121,8 @@ WOLFSSL_API int wc_DhImportKeyPair(DhKey* key, const byte* priv, word32 privSz,
const byte* pub, word32 pubSz);
WOLFSSL_API int wc_DhExportKeyPair(DhKey* key, byte* priv, word32* pPrivSz,
byte* pub, word32* pPubSz);
#endif /* WOLFSSL_DH_EXTRA */
WOLFSSL_LOCAL int wc_DhKeyCopy(DhKey* src, DhKey* dst);
#endif
WOLFSSL_API int wc_DhSetCheckKey(DhKey* key, const byte* p, word32 pSz,
const byte* g, word32 gSz, const byte* q, word32 qSz,
int trusted, WC_RNG* rng);

2
wolfssl/wolfcrypt/pkcs12.h
View File

@ -53,6 +53,8 @@ WOLFSSL_API int wc_i2d_PKCS12(WC_PKCS12* pkcs12, byte** der, int* derSz);
WOLFSSL_API int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
byte** pkey, word32* pkeySz, byte** cert, word32* certSz,
WC_DerCertList** ca);
WOLFSSL_LOCAL int wc_PKCS12_verify_ex(WC_PKCS12* pkcs12,
const byte* psw, word32 pswSz);
WOLFSSL_API WC_PKCS12* wc_PKCS12_create(char* pass, word32 passSz,
char* name, byte* key, word32 keySz, byte* cert, word32 certSz,
WC_DerCertList* ca, int nidKey, int nidCert, int iter, int macIter,

4
wolfssl/wolfcrypt/pkcs7.h
View File

@ -48,8 +48,12 @@
/* Max number of certificates that PKCS7 structure can parse */
#ifndef MAX_PKCS7_CERTS
#ifdef OPENSSL_ALL
#define MAX_PKCS7_CERTS 15
#else
#define MAX_PKCS7_CERTS 4
#endif
#endif
#ifndef MAX_ORI_TYPE_SZ
#define MAX_ORI_TYPE_SZ MAX_OID_SZ

10
wolfssl/wolfcrypt/types.h
View File

@ -495,11 +495,12 @@ decouple library dependencies with standard string, memory and so on.
#define XSTRLEN(s1) strlen((s1))
#define XSTRNCPY(s1,s2,n) strncpy((s1),(s2),(n))
/* strstr, strncmp, and strncat only used by wolfSSL proper,
/* strstr, strncmp, strcmp, and strncat only used by wolfSSL proper,
* not required for wolfCrypt only */
#define XSTRSTR(s1,s2) strstr((s1),(s2))
#define XSTRNSTR(s1,s2,n) mystrnstr((s1),(s2),(n))
#define XSTRNCMP(s1,s2,n) strncmp((s1),(s2),(n))
#define XSTRCMP(s1,s2) strcmp((s1),(s2))
#define XSTRNCAT(s1,s2,n) strncat((s1),(s2),(n))
#ifdef USE_WOLF_STRSEP
@ -649,9 +650,12 @@ decouple library dependencies with standard string, memory and so on.
#include <ctype.h>
#endif
#if defined(HAVE_ECC) || defined(HAVE_OCSP) || \
defined(WOLFSSL_KEY_GEN) || !defined(NO_DSA)
defined(WOLFSSL_KEY_GEN) || !defined(NO_DSA) || \
defined(OPENSSL_EXTRA)
#define XTOUPPER(c) toupper((c))
#define XISALPHA(c) isalpha((c))
#endif
#ifdef OPENSSL_ALL
#define XISALNUM(c) isalnum((c))
#endif
/* needed by wolfSSL_check_domain_name() */
#define XTOLOWER(c) tolower((c))

4
wolfssl/wolfcrypt/wc_port.h
View File

@ -604,6 +604,7 @@ WOLFSSL_API int wolfCrypt_Cleanup(void);
#else
#define XFOPEN fopen
#endif
#define XFDOPEN fdopen
#define XFSEEK fseek
#define XFTELL ftell
#define XREWIND rewind
@ -619,6 +620,9 @@ WOLFSSL_API int wolfCrypt_Cleanup(void);
#include <dirent.h>
#include <unistd.h>
#include <sys/stat.h>
#define XWRITE write
#define XREAD read
#define XCLOSE close
#endif
#endif