wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-31 11:17:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into openssl_compat201805

Browse Source
This commit is contained in:
Chris Conlon
2018-09-26 11:06:26 -06:00
committed by GitHub
parent 52b5fe569b 3c828c0547
commit 8ccd715f31
6 changed files with 71 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/ssl.c
View File

@ -8183,6 +8183,7 @@ static WC_INLINE int RestoreCertRow(WOLFSSL_CERT_MANAGER* cm, byte* current,
while (listSz) { while (listSz) {
Signer* signer; Signer* signer;
byte* publicKey;
byte* start = current + idx; /* for end checks on this signer */ byte* start = current + idx; /* for end checks on this signer */
int minSz = sizeof(signer->pubKeySize) + sizeof(signer->keyOID) + int minSz = sizeof(signer->pubKeySize) + sizeof(signer->keyOID) +
sizeof(signer->nameLen) + sizeof(signer->subjectNameHash); sizeof(signer->nameLen) + sizeof(signer->subjectNameHash);
@ -8212,14 +8213,15 @@ static WC_INLINE int RestoreCertRow(WOLFSSL_CERT_MANAGER* cm, byte* current,
FreeSigner(signer, cm->heap); FreeSigner(signer, cm->heap);
return BUFFER_E; return BUFFER_E;
} }
signer->publicKey = (byte*)XMALLOC(signer->pubKeySize, cm->heap, publicKey = (byte*)XMALLOC(signer->pubKeySize, cm->heap,
DYNAMIC_TYPE_KEY); DYNAMIC_TYPE_KEY);
if (signer->publicKey == NULL) { if (publicKey == NULL) {
FreeSigner(signer, cm->heap); FreeSigner(signer, cm->heap);
return MEMORY_E; return MEMORY_E;
} }
XMEMCPY(signer->publicKey, current + idx, signer->pubKeySize); XMEMCPY(publicKey, current + idx, signer->pubKeySize);
signer->publicKey = publicKey;
idx += signer->pubKeySize; idx += signer->pubKeySize;
/* nameLen */ /* nameLen */
@ -15525,7 +15527,8 @@ void wolfSSL_ASN1_OBJECT_free(WOLFSSL_ASN1_OBJECT* obj)
if ((obj->obj != NULL) && ((obj->dynamic & WOLFSSL_ASN1_DYNAMIC_DATA) != 0)) { if ((obj->obj != NULL) && ((obj->dynamic & WOLFSSL_ASN1_DYNAMIC_DATA) != 0)) {
WOLFSSL_MSG("Freeing ASN1 data"); WOLFSSL_MSG("Freeing ASN1 data");
XFREE(obj->obj, obj->heap, DYNAMIC_TYPE_ASN1); XFREE((void*)obj->obj, obj->heap, DYNAMIC_TYPE_ASN1);
} }
if ((obj->dynamic & WOLFSSL_ASN1_DYNAMIC) != 0) { if ((obj->dynamic & WOLFSSL_ASN1_DYNAMIC) != 0) {
WOLFSSL_MSG("Freeing ASN1 OBJECT"); WOLFSSL_MSG("Freeing ASN1 OBJECT");
@ -30251,7 +30254,7 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
} else { } else {
obj->dynamic &= ~WOLFSSL_ASN1_DYNAMIC_DATA ; obj->dynamic &= ~WOLFSSL_ASN1_DYNAMIC_DATA ;
} }
XMEMCPY(obj->obj, objBuf, obj->objSz); XMEMCPY((byte*)obj->obj, objBuf, obj->objSz);
(void)type; (void)type;

70
wolfcrypt/src/asn.c
View File

@ -3766,7 +3766,8 @@ int wc_DsaKeyToDer(DsaKey* key, byte* output, word32 inLen)
#endif /* NO_DSA */ #endif /* NO_DSA */
void InitDecodedCert(DecodedCert* cert, byte* source, word32 inSz, void* heap) void InitDecodedCert(DecodedCert* cert,
const byte* source, word32 inSz, void* heap)
{ {
if (cert != NULL) { if (cert != NULL) {
XMEMSET(cert, 0, sizeof(DecodedCert)); XMEMSET(cert, 0, sizeof(DecodedCert));
@ -3826,7 +3827,7 @@ void FreeDecodedCert(DecodedCert* cert)
if (cert->subjectCNStored == 1) if (cert->subjectCNStored == 1)
XFREE(cert->subjectCN, cert->heap, DYNAMIC_TYPE_SUBJECT_CN); XFREE(cert->subjectCN, cert->heap, DYNAMIC_TYPE_SUBJECT_CN);
if (cert->pubKeyStored == 1) if (cert->pubKeyStored == 1)
XFREE(cert->publicKey, cert->heap, DYNAMIC_TYPE_PUBLIC_KEY); XFREE((void*)cert->publicKey, cert->heap, DYNAMIC_TYPE_PUBLIC_KEY);
if (cert->weOwnAltNames && cert->altNames) if (cert->weOwnAltNames && cert->altNames)
FreeAltNames(cert->altNames, cert->heap); FreeAltNames(cert->altNames, cert->heap);
#ifndef IGNORE_NAME_CONSTRAINTS #ifndef IGNORE_NAME_CONSTRAINTS
@ -3954,6 +3955,7 @@ static int GetKey(DecodedCert* cert)
word16 keyLen; word16 keyLen;
word32 rc; word32 rc;
word32 remaining = cert->maxIdx - cert->srcIdx; word32 remaining = cert->maxIdx - cert->srcIdx;
byte* publicKey;
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
byte* keyBlob = NULL; byte* keyBlob = NULL;
#else #else
@ -3991,15 +3993,16 @@ static int GetKey(DecodedCert* cert)
cert->srcIdx = tmpIdx + (int)(next - key); cert->srcIdx = tmpIdx + (int)(next - key);
cert->publicKey = (byte*)XMALLOC(keyLen, cert->heap, publicKey = (byte*)XMALLOC(keyLen, cert->heap,
DYNAMIC_TYPE_PUBLIC_KEY); DYNAMIC_TYPE_PUBLIC_KEY);
if (cert->publicKey == NULL) { if (publicKey == NULL) {
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(keyBlob, cert->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(keyBlob, cert->heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif #endif
return MEMORY_E; return MEMORY_E;
} }
XMEMCPY(cert->publicKey, keyBlob, keyLen); XMEMCPY(publicKey, keyBlob, keyLen);
cert->publicKey = publicKey;
cert->pubKeyStored = 1; cert->pubKeyStored = 1;
cert->pubKeySize = keyLen; cert->pubKeySize = keyLen;
@ -4016,6 +4019,7 @@ static int GetKey(DecodedCert* cert)
int ret; int ret;
byte seq[5]; byte seq[5];
int pubLen = length + 1 + SetLength(length, seq); int pubLen = length + 1 + SetLength(length, seq);
byte* publicKey;
if (cert->source[cert->srcIdx] != if (cert->source[cert->srcIdx] !=
(ASN_SEQUENCE | ASN_CONSTRUCTED)) { (ASN_SEQUENCE | ASN_CONSTRUCTED)) {
@ -4033,11 +4037,12 @@ static int GetKey(DecodedCert* cert)
return ret; return ret;
} }
cert->publicKey = (byte*)XMALLOC(pubLen, cert->heap, publicKey = (byte*)XMALLOC(pubLen, cert->heap,
DYNAMIC_TYPE_PUBLIC_KEY); DYNAMIC_TYPE_PUBLIC_KEY);
if (cert->publicKey == NULL) if (publicKey == NULL)
return MEMORY_E; return MEMORY_E;
XMEMCPY(cert->publicKey, &cert->source[tmpIdx], pubLen); XMEMCPY(publicKey, &cert->source[tmpIdx], pubLen);
cert->publicKey = publicKey;
cert->pubKeyStored = 1; cert->pubKeyStored = 1;
cert->pubKeySize = pubLen; cert->pubKeySize = pubLen;
@ -4049,6 +4054,7 @@ static int GetKey(DecodedCert* cert)
#ifdef HAVE_ED25519 #ifdef HAVE_ED25519
case ED25519k: case ED25519k:
{ {
byte* publicKey;
int ret; int ret;
cert->pkCurveOID = ED25519k; cert->pkCurveOID = ED25519k;
@ -4058,11 +4064,12 @@ static int GetKey(DecodedCert* cert)
if (ret != 0) if (ret != 0)
return ret; return ret;
cert->publicKey = (byte*) XMALLOC(length, cert->heap, publicKey = (byte*) XMALLOC(length, cert->heap,
DYNAMIC_TYPE_PUBLIC_KEY); DYNAMIC_TYPE_PUBLIC_KEY);
if (cert->publicKey == NULL) if (publicKey == NULL)
return MEMORY_E; return MEMORY_E;
XMEMCPY(cert->publicKey, &cert->source[cert->srcIdx], length); XMEMCPY(publicKey, &cert->source[cert->srcIdx], length);
cert->publicKey = publicKey;
cert->pubKeyStored = 1; cert->pubKeyStored = 1;
cert->pubKeySize = length; cert->pubKeySize = length;
@ -5986,7 +5993,7 @@ static int ConfirmNameConstraints(Signer* signer, DecodedCert* cert)
#endif /* IGNORE_NAME_CONSTRAINTS */ #endif /* IGNORE_NAME_CONSTRAINTS */
static int DecodeAltNames(byte* input, int sz, DecodedCert* cert) static int DecodeAltNames(const byte* input, int sz, DecodedCert* cert)
{ {
word32 idx = 0; word32 idx = 0;
int length = 0; int length = 0;
@ -6243,7 +6250,7 @@ static int DecodeAltNames(byte* input, int sz, DecodedCert* cert)
return 0; return 0;
} }
static int DecodeBasicCaConstraint(byte* input, int sz, DecodedCert* cert) static int DecodeBasicCaConstraint(const byte* input, int sz, DecodedCert* cert)
{ {
word32 idx = 0; word32 idx = 0;
int length = 0; int length = 0;
@ -6290,7 +6297,7 @@ static int DecodeBasicCaConstraint(byte* input, int sz, DecodedCert* cert)
#define GENERALNAME_URI 6 #define GENERALNAME_URI 6
/* From RFC3280 SS4.2.1.7, GeneralName */ /* From RFC3280 SS4.2.1.7, GeneralName */
static int DecodeCrlDist(byte* input, int sz, DecodedCert* cert) static int DecodeCrlDist(const byte* input, int sz, DecodedCert* cert)
{ {
word32 idx = 0; word32 idx = 0;
int length = 0; int length = 0;
@ -6371,7 +6378,7 @@ static int DecodeCrlDist(byte* input, int sz, DecodedCert* cert)
} }
static int DecodeAuthInfo(byte* input, int sz, DecodedCert* cert) static int DecodeAuthInfo(const byte* input, int sz, DecodedCert* cert)
/* /*
* Read the first of the Authority Information Access records. If there are * Read the first of the Authority Information Access records. If there are
* any issues, return without saving the record. * any issues, return without saving the record.
@ -6417,7 +6424,7 @@ static int DecodeAuthInfo(byte* input, int sz, DecodedCert* cert)
} }
static int DecodeAuthKeyId(byte* input, int sz, DecodedCert* cert) static int DecodeAuthKeyId(const byte* input, int sz, DecodedCert* cert)
{ {
word32 idx = 0; word32 idx = 0;
int length = 0, ret = 0; int length = 0, ret = 0;
@ -6454,7 +6461,7 @@ static int DecodeAuthKeyId(byte* input, int sz, DecodedCert* cert)
} }
static int DecodeSubjKeyId(byte* input, int sz, DecodedCert* cert) static int DecodeSubjKeyId(const byte* input, int sz, DecodedCert* cert)
{ {
word32 idx = 0; word32 idx = 0;
int length = 0, ret = 0; int length = 0, ret = 0;
@ -6483,7 +6490,7 @@ static int DecodeSubjKeyId(byte* input, int sz, DecodedCert* cert)
} }
static int DecodeKeyUsage(byte* input, int sz, DecodedCert* cert) static int DecodeKeyUsage(const byte* input, int sz, DecodedCert* cert)
{ {
word32 idx = 0; word32 idx = 0;
int length; int length;
@ -6502,7 +6509,7 @@ static int DecodeKeyUsage(byte* input, int sz, DecodedCert* cert)
} }
static int DecodeExtKeyUsage(byte* input, int sz, DecodedCert* cert) static int DecodeExtKeyUsage(const byte* input, int sz, DecodedCert* cert)
{ {
word32 idx = 0, oid; word32 idx = 0, oid;
int length, ret; int length, ret;
@ -6561,7 +6568,8 @@ static int DecodeExtKeyUsage(byte* input, int sz, DecodedCert* cert)
#ifndef IGNORE_NAME_CONSTRAINTS #ifndef IGNORE_NAME_CONSTRAINTS
#define ASN_TYPE_MASK 0xF #define ASN_TYPE_MASK 0xF
static int DecodeSubtree(byte* input, int sz, Base_entry** head, void* heap) static int DecodeSubtree(const byte* input, int sz,
Base_entry** head, void* heap)
{ {
word32 idx = 0; word32 idx = 0;
@ -6628,7 +6636,7 @@ static int DecodeSubtree(byte* input, int sz, Base_entry** head, void* heap)
} }
static int DecodeNameConstraints(byte* input, int sz, DecodedCert* cert) static int DecodeNameConstraints(const byte* input, int sz, DecodedCert* cert)
{ {
word32 idx = 0; word32 idx = 0;
int length = 0; int length = 0;
@ -6703,7 +6711,7 @@ static int Word32ToString(char* d, word32 number)
/* Decode ITU-T X.690 OID format to a string representation /* Decode ITU-T X.690 OID format to a string representation
* return string length */ * return string length */
int DecodePolicyOID(char *out, word32 outSz, byte *in, word32 inSz) int DecodePolicyOID(char *out, word32 outSz, const byte *in, word32 inSz)
{ {
word32 val, idx = 0, nb_bytes; word32 val, idx = 0, nb_bytes;
size_t w_bytes = 0; size_t w_bytes = 0;
@ -6756,7 +6764,7 @@ int DecodePolicyOID(char *out, word32 outSz, byte *in, word32 inSz)
#if defined(WOLFSSL_SEP) || defined(WOLFSSL_CERT_EXT) #if defined(WOLFSSL_SEP) || defined(WOLFSSL_CERT_EXT)
/* Reference: https://tools.ietf.org/html/rfc5280#section-4.2.1.4 */ /* Reference: https://tools.ietf.org/html/rfc5280#section-4.2.1.4 */
static int DecodeCertPolicy(byte* input, int sz, DecodedCert* cert) static int DecodeCertPolicy(const byte* input, int sz, DecodedCert* cert)
{ {
word32 idx = 0; word32 idx = 0;
word32 oldIdx; word32 oldIdx;
@ -6874,7 +6882,7 @@ static int DecodeCertExtensions(DecodedCert* cert)
int ret = 0; int ret = 0;
word32 idx = 0; word32 idx = 0;
int sz = cert->extensionsSz; int sz = cert->extensionsSz;
byte* input = cert->extensions; const byte* input = cert->extensions;
int length; int length;
word32 oid; word32 oid;
byte critical = 0; byte critical = 0;
@ -7650,7 +7658,7 @@ Signer* MakeSigner(void* heap)
void FreeSigner(Signer* signer, void* heap) void FreeSigner(Signer* signer, void* heap)
{ {
XFREE(signer->name, heap, DYNAMIC_TYPE_SUBJECT_CN); XFREE(signer->name, heap, DYNAMIC_TYPE_SUBJECT_CN);
XFREE(signer->publicKey, heap, DYNAMIC_TYPE_PUBLIC_KEY); XFREE((void*)signer->publicKey, heap, DYNAMIC_TYPE_PUBLIC_KEY);
#ifndef IGNORE_NAME_CONSTRAINTS #ifndef IGNORE_NAME_CONSTRAINTS
if (signer->permittedNames) if (signer->permittedNames)
FreeNameSubtrees(signer->permittedNames, heap); FreeNameSubtrees(signer->permittedNames, heap);
@ -11885,7 +11893,7 @@ int wc_SetAuthKeyIdFromCert(Cert *cert, const byte *der, int derSz)
#endif #endif
/* decode certificate and get SKID that will be AKID of current cert */ /* decode certificate and get SKID that will be AKID of current cert */
InitDecodedCert(decoded, (byte*)der, derSz, NULL); InitDecodedCert(decoded, der, derSz, NULL);
ret = ParseCert(decoded, CERT_TYPE, NO_VERIFY, 0); ret = ParseCert(decoded, CERT_TYPE, NO_VERIFY, 0);
if (ret != 0) { if (ret != 0) {
FreeDecodedCert(decoded); FreeDecodedCert(decoded);
@ -12129,7 +12137,7 @@ static int SetAltNamesFromCert(Cert* cert, const byte* der, int derSz)
return MEMORY_E; return MEMORY_E;
#endif #endif
InitDecodedCert(decoded, (byte*)der, derSz, NULL); InitDecodedCert(decoded, der, derSz, NULL);
ret = ParseCertRelative(decoded, CA_TYPE, NO_VERIFY, 0); ret = ParseCertRelative(decoded, CA_TYPE, NO_VERIFY, 0);
if (ret < 0) { if (ret < 0) {
@ -12225,7 +12233,7 @@ static int SetDatesFromCert(Cert* cert, const byte* der, int derSz)
return MEMORY_E; return MEMORY_E;
#endif #endif
InitDecodedCert(decoded, (byte*)der, derSz, NULL); InitDecodedCert(decoded, der, derSz, NULL);
ret = ParseCertRelative(decoded, CA_TYPE, NO_VERIFY, 0); ret = ParseCertRelative(decoded, CA_TYPE, NO_VERIFY, 0);
if (ret < 0) { if (ret < 0) {
@ -12279,7 +12287,7 @@ static int SetNameFromCert(CertName* cn, const byte* der, int derSz)
return MEMORY_E; return MEMORY_E;
#endif #endif
InitDecodedCert(decoded, (byte*)der, derSz, NULL); InitDecodedCert(decoded, der, derSz, NULL);
ret = ParseCertRelative(decoded, CA_TYPE, NO_VERIFY, 0); ret = ParseCertRelative(decoded, CA_TYPE, NO_VERIFY, 0);
if (ret < 0) { if (ret < 0) {
@ -12405,7 +12413,7 @@ static int SetSubjectRawFromCert(byte* sbjRaw, const byte* der, int derSz)
} }
#endif #endif
InitDecodedCert(decoded, (byte*)der, derSz, NULL); InitDecodedCert(decoded, der, derSz, NULL);
ret = ParseCertRelative(decoded, CA_TYPE, NO_VERIFY, 0); ret = ParseCertRelative(decoded, CA_TYPE, NO_VERIFY, 0);
if (ret < 0) { if (ret < 0) {
@ -12457,7 +12465,7 @@ static int SetIssuerRawFromCert(byte* issuerRaw, const byte* der, int derSz)
} }
#endif #endif
InitDecodedCert(decoded, (byte*)der, derSz, NULL); InitDecodedCert(decoded, der, derSz, NULL);
ret = ParseCertRelative(decoded, CA_TYPE, NO_VERIFY, 0); ret = ParseCertRelative(decoded, CA_TYPE, NO_VERIFY, 0);
if (ret < 0) { if (ret < 0) {

2
wolfssl/internal.h
View File

@ -3394,7 +3394,7 @@ struct WOLFSSL_X509 {
byte* authKeyId; byte* authKeyId;
byte* subjKeyId; byte* subjKeyId;
byte* extKeyUsageSrc; byte* extKeyUsageSrc;
byte* CRLInfo; const byte* CRLInfo;
byte* authInfo; byte* authInfo;
word32 pathLength; word32 pathLength;
word16 keyUsage; word16 keyUsage;

2
wolfssl/ssl.h
View File

@ -212,7 +212,7 @@ struct WOLFSSL_ASN1_STRING {
#define WOLFSSL_MAX_SNAME 40 #define WOLFSSL_MAX_SNAME 40
struct WOLFSSL_ASN1_OBJECT { struct WOLFSSL_ASN1_OBJECT {
void* heap; void* heap;
unsigned char* obj; const unsigned char* obj;
/* sName is short name i.e sha256 rather than oid (null terminated) */ /* sName is short name i.e sha256 rather than oid (null terminated) */
char sName[WOLFSSL_MAX_SNAME]; char sName[WOLFSSL_MAX_SNAME];
int type; /* oid */ int type; /* oid */

33
wolfssl/wolfcrypt/asn.h
View File

@ -664,7 +664,7 @@ typedef struct CertSignCtx CertSignCtx;
struct DecodedCert { struct DecodedCert {
byte* publicKey; const byte* publicKey;
word32 pubKeySize; word32 pubKeySize;
int pubKeyStored; int pubKeyStored;
word32 certBegin; /* offset to start of cert */ word32 certBegin; /* offset to start of cert */
@ -684,25 +684,25 @@ struct DecodedCert {
#ifdef HAVE_OCSP #ifdef HAVE_OCSP
byte issuerKeyHash[KEYID_SIZE]; /* hash of the public Key */ byte issuerKeyHash[KEYID_SIZE]; /* hash of the public Key */
#endif /* HAVE_OCSP */ #endif /* HAVE_OCSP */
byte* signature; /* not owned, points into raw cert */ const byte* signature; /* not owned, points into raw cert */
char* subjectCN; /* CommonName */ char* subjectCN; /* CommonName */
int subjectCNLen; /* CommonName Length */ int subjectCNLen; /* CommonName Length */
char subjectCNEnc; /* CommonName Encoding */ char subjectCNEnc; /* CommonName Encoding */
char issuer[ASN_NAME_MAX]; /* full name including common name */ char issuer[ASN_NAME_MAX]; /* full name including common name */
char subject[ASN_NAME_MAX]; /* full name including common name */ char subject[ASN_NAME_MAX]; /* full name including common name */
int verify; /* Default to yes, but could be off */ int verify; /* Default to yes, but could be off */
byte* source; /* byte buffer holder cert, NOT owner */ const byte* source; /* byte buffer holder cert, NOT owner */
word32 srcIdx; /* current offset into buffer */ word32 srcIdx; /* current offset into buffer */
word32 maxIdx; /* max offset based on init size */ word32 maxIdx; /* max offset based on init size */
void* heap; /* for user memory overrides */ void* heap; /* for user memory overrides */
byte serial[EXTERNAL_SERIAL_SIZE]; /* raw serial number */ byte serial[EXTERNAL_SERIAL_SIZE]; /* raw serial number */
int serialSz; /* raw serial bytes stored */ int serialSz; /* raw serial bytes stored */
byte* extensions; /* not owned, points into raw cert */ const byte* extensions; /* not owned, points into raw cert */
int extensionsSz; /* length of cert extensions */ int extensionsSz; /* length of cert extensions */
word32 extensionsIdx; /* if want to go back and parse later */ word32 extensionsIdx; /* if want to go back and parse later */
byte* extAuthInfo; /* Authority Information Access URI */ const byte* extAuthInfo; /* Authority Information Access URI */
int extAuthInfoSz; /* length of the URI */ int extAuthInfoSz; /* length of the URI */
byte* extCrlInfo; /* CRL Distribution Points */ const byte* extCrlInfo; /* CRL Distribution Points */
int extCrlInfoSz; /* length of the URI */ int extCrlInfoSz; /* length of the URI */
byte extSubjKeyId[KEYID_SIZE]; /* Subject Key ID */ byte extSubjKeyId[KEYID_SIZE]; /* Subject Key ID */
byte extAuthKeyId[KEYID_SIZE]; /* Authority Key ID */ byte extAuthKeyId[KEYID_SIZE]; /* Authority Key ID */
@ -711,28 +711,28 @@ struct DecodedCert {
byte extExtKeyUsage; /* Extended Key usage bitfield */ byte extExtKeyUsage; /* Extended Key usage bitfield */
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
byte* extExtKeyUsageSrc; const byte* extExtKeyUsageSrc;
word32 extExtKeyUsageSz; word32 extExtKeyUsageSz;
word32 extExtKeyUsageCount; word32 extExtKeyUsageCount;
byte* extAuthKeyIdSrc; const byte* extAuthKeyIdSrc;
word32 extAuthKeyIdSz; word32 extAuthKeyIdSz;
byte* extSubjKeyIdSrc; const byte* extSubjKeyIdSrc;
word32 extSubjKeyIdSz; word32 extSubjKeyIdSz;
#endif #endif
#if defined(HAVE_ECC) || defined(HAVE_ED25519) #if defined(HAVE_ECC) || defined(HAVE_ED25519)
word32 pkCurveOID; /* Public Key's curve OID */ word32 pkCurveOID; /* Public Key's curve OID */
#endif /* HAVE_ECC */ #endif /* HAVE_ECC */
byte* beforeDate; const byte* beforeDate;
int beforeDateLen; int beforeDateLen;
byte* afterDate; const byte* afterDate;
int afterDateLen; int afterDateLen;
#if defined(HAVE_PKCS7) || defined(WOLFSSL_CERT_EXT) #if defined(HAVE_PKCS7) || defined(WOLFSSL_CERT_EXT)
byte* issuerRaw; /* pointer to issuer inside source */ const byte* issuerRaw; /* pointer to issuer inside source */
int issuerRawLen; int issuerRawLen;
#endif #endif
#ifndef IGNORE_NAME_CONSTRAINT #ifndef IGNORE_NAME_CONSTRAINT
byte* subjectRaw; /* pointer to subject inside source */ const byte* subjectRaw; /* pointer to subject inside source */
int subjectRawLen; int subjectRawLen;
#endif #endif
#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
@ -846,7 +846,7 @@ struct Signer {
word16 keyUsage; word16 keyUsage;
byte pathLength; byte pathLength;
byte pathLengthSet; byte pathLengthSet;
byte* publicKey; const byte* publicKey;
int nameLen; int nameLen;
char* name; /* common name */ char* name; /* common name */
#ifndef IGNORE_NAME_CONSTRAINTS #ifndef IGNORE_NAME_CONSTRAINTS
@ -911,11 +911,12 @@ WOLFSSL_ASN_API void FreeAltNames(DNS_entry*, void*);
#ifndef IGNORE_NAME_CONSTRAINTS #ifndef IGNORE_NAME_CONSTRAINTS
WOLFSSL_ASN_API void FreeNameSubtrees(Base_entry*, void*); WOLFSSL_ASN_API void FreeNameSubtrees(Base_entry*, void*);
#endif /* IGNORE_NAME_CONSTRAINTS */ #endif /* IGNORE_NAME_CONSTRAINTS */
WOLFSSL_ASN_API void InitDecodedCert(DecodedCert*, byte*, word32, void*); WOLFSSL_ASN_API void InitDecodedCert(DecodedCert*, const byte*, word32, void*);
WOLFSSL_ASN_API void FreeDecodedCert(DecodedCert*); WOLFSSL_ASN_API void FreeDecodedCert(DecodedCert*);
WOLFSSL_ASN_API int ParseCert(DecodedCert*, int type, int verify, void* cm); WOLFSSL_ASN_API int ParseCert(DecodedCert*, int type, int verify, void* cm);
WOLFSSL_LOCAL int DecodePolicyOID(char *o, word32 oSz, byte *in, word32 inSz); WOLFSSL_LOCAL int DecodePolicyOID(char *o, word32 oSz,
const byte *in, word32 inSz);
WOLFSSL_API int CheckCertSignature(const byte*,word32,void*,void* cm); WOLFSSL_API int CheckCertSignature(const byte*,word32,void*,void* cm);
WOLFSSL_LOCAL int ParseCertRelative(DecodedCert*,int type,int verify,void* cm); WOLFSSL_LOCAL int ParseCertRelative(DecodedCert*,int type,int verify,void* cm);
WOLFSSL_LOCAL int DecodeToKey(DecodedCert*, int verify); WOLFSSL_LOCAL int DecodeToKey(DecodedCert*, int verify);

2
wolfssl/wolfcrypt/pkcs7.h
View File

@ -103,7 +103,7 @@ typedef struct PKCS7 {
PKCS7Attrib* signedAttribs; PKCS7Attrib* signedAttribs;
byte* content; /* inner content, not owner */ byte* content; /* inner content, not owner */
byte* singleCert; /* recipient cert, DER, not owner */ byte* singleCert; /* recipient cert, DER, not owner */
byte* issuer; /* issuer name of singleCert */ const byte* issuer; /* issuer name of singleCert */
byte* privateKey; /* private key, DER, not owner */ byte* privateKey; /* private key, DER, not owner */
void* heap; /* heap hint for dynamic memory */ void* heap; /* heap hint for dynamic memory */
#ifdef ASN_BER_TO_DER #ifdef ASN_BER_TO_DER