wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-29 18:27:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

add wolfSSL_i2d_X509_PUBKEY, wolfSSL_X509_VERIFY_PARAM_lookup, and wolfSSL_X509_STORE_get0_param, and make wolfSSL_X509_VERIFY_PARAM_inherit a public API; add macros to openssl compat layer: DTLS_client_method, DTLS_server_method, X509_VERIFY_PARAM_lookup, X509_VERIFY_PARAM_inherit, X509_STORE_get0_param; add "const char *name" slot to struct WOLFSSL_X509_VERIFY_PARAM to support wolfSSL_X509_VERIFY_PARAM_lookup.

Browse Source
This commit is contained in:
Daniel Pouzzner
2024-05-06 12:24:51 -05:00
parent 1e7810153f
commit 8468a70b72
4 changed files with 62 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/ssl.c
View File

@ -7338,6 +7338,11 @@ int wolfSSL_i2d_PUBKEY(const WOLFSSL_EVP_PKEY *key, unsigned char **der)
return wolfSSL_i2d_PublicKey(key, der);
}
int wolfSSL_i2d_X509_PUBKEY(WOLFSSL_X509_PUBKEY* x509_PubKey, unsigned char** der)
{
return wolfSSL_i2d_PublicKey(x509_PubKey->pkey, der);
}
#endif /* OPENSSL_EXTRA && !NO_CERTS && !NO_ASN && !NO_PWDBASED */
static WOLFSSL_EVP_PKEY* _d2i_PublicKey(int type, WOLFSSL_EVP_PKEY** out,
@ -10318,7 +10323,6 @@ int wolfSSL_check_domain_name(WOLFSSL* ssl, const char* dn)
#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA)
const char *wolfSSL_get0_peername(WOLFSSL *ssl) {
if (ssl == NULL) {
ssl->error = BAD_FUNC_ARG;
return NULL;
}

42
src/x509.c
View File

@ -8769,6 +8769,46 @@ int wolfSSL_X509_VERIFY_PARAM_clear_flags(WOLFSSL_X509_VERIFY_PARAM *param,
return ret;
}
/* note WOLFSSL_X509_VERIFY_PARAM does not record purpose, trust, depth, or
* auth_level.
*/
static const WOLFSSL_X509_VERIFY_PARAM x509_verify_param_builtins[] = {
{
"ssl_client", /* name */
0, /* check_time */
0, /* inherit_flags */
0, /* flags */
"", /* hostname */
0, /* hostFlags */
"" /* ipasc */
},
{
"ssl_server", /* name */
0, /* check_time */
0, /* inherit_flags */
0, /* flags */
"", /* hostname */
0, /* hostFlags */
"" /* ipasc */
}
};
const WOLFSSL_X509_VERIFY_PARAM *wolfSSL_X509_VERIFY_PARAM_lookup(const char *name)
{
const WOLFSSL_X509_VERIFY_PARAM *param = &x509_verify_param_builtins[0],
*param_end = &x509_verify_param_builtins[XELEM_CNT(x509_verify_param_builtins)];
while (param < param_end) {
if (! XSTRCMP(name, param->name))
return param;
++param;
}
return NULL;
}
const WOLFSSL_X509_VERIFY_PARAM *wolfSSL_X509_STORE_get0_param(const WOLFSSL_X509_STORE *store)
{
return store->param;
}
/* inherits properties of param "to" to param "from"
*
@ -8779,7 +8819,7 @@ int wolfSSL_X509_VERIFY_PARAM_clear_flags(WOLFSSL_X509_VERIFY_PARAM *param,
* WOLFSSL_VPARAM_LOCKED don't copy any values
* WOLFSSL_VPARAM_ONCE the current inherit_flags is zerroed
*/
static int wolfSSL_X509_VERIFY_PARAM_inherit(WOLFSSL_X509_VERIFY_PARAM *to,
int wolfSSL_X509_VERIFY_PARAM_inherit(WOLFSSL_X509_VERIFY_PARAM *to,
const WOLFSSL_X509_VERIFY_PARAM *from)
{
int ret = WOLFSSL_FAILURE;

5
wolfssl/openssl/ssl.h
View File

@ -254,6 +254,8 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define X509_F_X509_CHECK_PRIVATE_KEY 128
#ifdef WOLFSSL_DTLS
#define DTLS_client_method wolfDTLS_client_method
#define DTLS_server_method wolfDTLS_server_method
#define DTLSv1_client_method wolfDTLSv1_client_method
#define DTLSv1_server_method wolfDTLSv1_server_method
#define DTLSv1_2_client_method wolfDTLSv1_2_client_method
@ -712,7 +714,10 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#define X509_VERIFY_PARAM_set1_ip_asc wolfSSL_X509_VERIFY_PARAM_set1_ip_asc
#define X509_VERIFY_PARAM_set1_ip wolfSSL_X509_VERIFY_PARAM_set1_ip
#define X509_VERIFY_PARAM_set1 wolfSSL_X509_VERIFY_PARAM_set1
#define X509_VERIFY_PARAM_lookup wolfSSL_X509_VERIFY_PARAM_lookup
#define X509_VERIFY_PARAM_inherit wolfSSL_X509_VERIFY_PARAM_inherit
#define X509_STORE_load_locations wolfSSL_X509_STORE_load_locations
#define X509_STORE_get0_param wolfSSL_X509_STORE_get0_param
#define X509_LOOKUP_add_dir wolfSSL_X509_LOOKUP_add_dir
#define X509_LOOKUP_load_file wolfSSL_X509_LOOKUP_load_file

13
wolfssl/ssl.h
View File

@ -649,12 +649,13 @@ struct WOLFSSL_X509_STORE {
#endif
struct WOLFSSL_X509_VERIFY_PARAM {
const char *name;
time_t check_time;
unsigned int inherit_flags;
unsigned long flags;
char hostName[WOLFSSL_HOST_NAME_MAX];
unsigned int hostFlags;
char ipasc[WOLFSSL_MAX_IPSTR];
unsigned int hostFlags;
char ipasc[WOLFSSL_MAX_IPSTR];
};
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
@ -2084,6 +2085,8 @@ WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY_bio(WOLFSSL_BIO* bio,
WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** key,
const unsigned char** in, long inSz);
WOLFSSL_API int wolfSSL_i2d_PUBKEY(const WOLFSSL_EVP_PKEY *key, unsigned char **der);
WOLFSSL_API int wolfSSL_i2d_X509_PUBKEY(WOLFSSL_X509_PUBKEY* x509_PubKey,
unsigned char** der);
WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PublicKey(int type, WOLFSSL_EVP_PKEY** pkey,
const unsigned char ** in, long inSz);
WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey(int type,
@ -2136,6 +2139,12 @@ WOLFSSL_API int wolfSSL_X509_VERIFY_PARAM_set1_ip(
WOLFSSL_X509_VERIFY_PARAM* param, const unsigned char* ip, size_t iplen);
WOLFSSL_API int wolfSSL_X509_VERIFY_PARAM_set1(WOLFSSL_X509_VERIFY_PARAM* to,
const WOLFSSL_X509_VERIFY_PARAM* from);
WOLFSSL_API const WOLFSSL_X509_VERIFY_PARAM *wolfSSL_X509_VERIFY_PARAM_lookup(
const char *name);
WOLFSSL_API const WOLFSSL_X509_VERIFY_PARAM *wolfSSL_X509_STORE_get0_param(
const WOLFSSL_X509_STORE *store);
WOLFSSL_API int wolfSSL_X509_VERIFY_PARAM_inherit(WOLFSSL_X509_VERIFY_PARAM *to,
const WOLFSSL_X509_VERIFY_PARAM *from);
WOLFSSL_API int wolfSSL_X509_load_crl_file(WOLFSSL_X509_LOOKUP *ctx,
const char *file, int type);
WOLFSSL_API int wolfSSL_X509_load_cert_crl_file(WOLFSSL_X509_LOOKUP *ctx,