wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-02-03 22:45:08 +01:00
Code Issues Packages Projects Releases Wiki Activity

init sssd support

Browse Source 
- Refactor OCSP to separate IO callback
- wolfSSL_BIO_reset: fix return
- CheckCertCRL_ex: return CRL_CERT_DATE_ERR instead of ASN_AFTER_DATE_E
- CheckCertCRL_ex: return most relevant error code
- i2d/d2i APIs: correct parameters handling and return codes
- Custom ASN1 structures: major refactor to make it much more versatile
- Use WOLFSSL_ASSERT_SIZEOF_GE where applicable
- wolfSSL_EVP_SignFinal: implement ecc
- wolfSSL_EVP_VerifyFinal: implement ecc
- OBJ_NAME_do_all: bring closer to OpenSSL functionality
- Correct return of *_push api
- Implement:
  - OCSP_REQ_CTX API
  - d2i_ECPKParameters
  - wolfSSL_sk_insert
  - OCSP_parse_url
  - X509_STORE_set1_param
  - X509_get0_subject_key_id
  - X509_OBJECT_retrieve_by_subject
  - OCSP_sendreq_nbio
This commit is contained in:
Juliusz Sosinowicz
2024-08-07 14:16:31 +02:00
parent 1190d1bafe
commit a6a40de249
35 changed files with 2981 additions and 817 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/bio.c
View File

@@ -1702,13 +1702,13 @@ int wolfSSL_BIO_reset(WOLFSSL_BIO *bio)
if (XFSEEK(bio->ptr.fh, 0, XSEEK_SET) != 0)
return WOLFSSL_BIO_ERROR;
else
return 0;
return WOLFSSL_SUCCESS;
#endif
case WOLFSSL_BIO_BIO:
bio->rdIdx = 0;
bio->wrIdx = 0;
return 0;
return WOLFSSL_SUCCESS;
case WOLFSSL_BIO_MEMORY:
bio->rdIdx = 0;
@@ -1727,7 +1727,7 @@ int wolfSSL_BIO_reset(WOLFSSL_BIO *bio)
bio->mem_buf->max = 0;
}
}
return 0;
return WOLFSSL_SUCCESS;
#ifndef WOLFCRYPT_ONLY
case WOLFSSL_BIO_MD:
@@ -1738,7 +1738,7 @@ int wolfSSL_BIO_reset(WOLFSSL_BIO *bio)
wolfSSL_EVP_MD_CTX_init(bio->ptr.md_ctx);
wolfSSL_EVP_DigestInit(bio->ptr.md_ctx, md);
}
return 0;
return WOLFSSL_SUCCESS;
#endif /* WOLFCRYPT_ONLY */
default:

10
src/conf.c
View File

@@ -133,7 +133,7 @@ WOLFSSL_TXT_DB *wolfSSL_TXT_DB_read(WOLFSSL_BIO *in, int num)
XFREE(strBuf, NULL, DYNAMIC_TYPE_OPENSSL);
goto error;
}
if (wolfSSL_sk_push(ret->data, strBuf) != WOLFSSL_SUCCESS) {
if (wolfSSL_sk_push(ret->data, strBuf) <= 0) {
WOLFSSL_MSG("wolfSSL_sk_push error");
XFREE(strBuf, NULL, DYNAMIC_TYPE_OPENSSL);
goto error;
@@ -226,7 +226,7 @@ int wolfSSL_TXT_DB_insert(WOLFSSL_TXT_DB *db, WOLFSSL_STRING *row)
return WOLFSSL_FAILURE;
}
if (wolfSSL_sk_push(db->data, row) != WOLFSSL_SUCCESS) {
if (wolfSSL_sk_push(db->data, row) <= 0) {
WOLFSSL_MSG("wolfSSL_sk_push error");
return WOLFSSL_FAILURE;
}
@@ -450,11 +450,11 @@ int wolfSSL_CONF_add_string(WOLFSSL_CONF *conf,
sk = (WOLF_STACK_OF(WOLFSSL_CONF_VALUE) *)section->value;
value->section = section->section;
if (wolfSSL_sk_CONF_VALUE_push(sk, value) != WOLFSSL_SUCCESS) {
if (wolfSSL_sk_CONF_VALUE_push(sk, value) <= 0) {
WOLFSSL_MSG("wolfSSL_sk_CONF_VALUE_push error");
return WOLFSSL_FAILURE;
}
if (wolfSSL_sk_CONF_VALUE_push(conf->data, value) != WOLFSSL_SUCCESS) {
if (wolfSSL_sk_CONF_VALUE_push(conf->data, value) <= 0) {
WOLFSSL_MSG("wolfSSL_sk_CONF_VALUE_push error");
wolfssl_sk_pop_type(sk, STACK_TYPE_CONF_VALUE);
return WOLFSSL_FAILURE;
@@ -497,7 +497,7 @@ WOLFSSL_CONF_VALUE *wolfSSL_CONF_new_section(WOLFSSL_CONF *conf,
ret->value = (char*)sk;
if (wolfSSL_sk_CONF_VALUE_push(conf->data, ret) != WOLFSSL_SUCCESS) {
if (wolfSSL_sk_CONF_VALUE_push(conf->data, ret) <= 0) {
WOLFSSL_MSG("wolfSSL_sk_CONF_VALUE_push error");
goto error;
}

11
src/crl.c
View File

@@ -437,7 +437,7 @@ static int CheckCertCRLList(WOLFSSL_CRL* crl, byte* issuerHash, byte* serial,
break;
}
else if (foundEntry == 0) {
ret = ASN_AFTER_DATE_E;
ret = CRL_CERT_DATE_ERR;
}
}
}
@@ -478,8 +478,9 @@ int CheckCertCRL_ex(WOLFSSL_CRL* crl, byte* issuerHash, byte* serial,
if (foundEntry == 0) {
/* perform embedded lookup */
if (crl->crlIOCb) {
ret = crl->crlIOCb(crl, (const char*)extCrlInfo, extCrlInfoSz);
if (ret == WOLFSSL_CBIO_ERR_WANT_READ) {
int cbRet = crl->crlIOCb(crl, (const char*)extCrlInfo,
extCrlInfoSz);
if (cbRet == WOLFSSL_CBIO_ERR_WANT_READ) {
ret = OCSP_WANT_READ;
}
else if (ret >= 0) {
@@ -502,9 +503,9 @@ int CheckCertCRL_ex(WOLFSSL_CRL* crl, byte* issuerHash, byte* serial,
/* When not set the folder or not use hash_dir, do nothing. */
if ((foundEntry == 0) && (ret != WC_NO_ERR_TRACE(OCSP_WANT_READ))) {
if (crl->cm != NULL && crl->cm->x509_store_p != NULL) {
ret = LoadCertByIssuer(crl->cm->x509_store_p,
int loadRet = LoadCertByIssuer(crl->cm->x509_store_p,
(WOLFSSL_X509_NAME*)issuerName, X509_LU_CRL);
if (ret == WOLFSSL_SUCCESS) {
if (loadRet == WOLFSSL_SUCCESS) {
/* try again */
ret = CheckCertCRLList(crl, issuerHash, serial, serialSz,
serialHash, &foundEntry);

11
src/internal.c
View File

@@ -4570,6 +4570,8 @@ void FreeX509(WOLFSSL_X509* x509)
x509->authKeyId = NULL;
XFREE(x509->subjKeyId, x509->heap, DYNAMIC_TYPE_X509_EXT);
x509->subjKeyId = NULL;
wolfSSL_ASN1_STRING_free(x509->subjKeyIdStr);
x509->subjKeyIdStr = NULL;
XFREE(x509->authInfo, x509->heap, DYNAMIC_TYPE_X509_EXT);
x509->authInfo = NULL;
XFREE(x509->rawCRLInfo, x509->heap, DYNAMIC_TYPE_X509_EXT);
@@ -6915,12 +6917,12 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
#endif
#if defined(OPENSSL_EXTRA) && !defined(NO_BIO)
/* Don't change recv callback if currently using BIO's */
if (ssl->CBIORecv != BioReceive)
if (ssl->CBIORecv != SslBioReceive)
#endif
ssl->CBIORecv = ctx->CBIORecv;
#if defined(OPENSSL_EXTRA) && !defined(NO_BIO)
/* Don't change send callback if currently using BIO's */
if (ssl->CBIOSend != BioSend)
if (ssl->CBIOSend != SslBioSend)
#endif
ssl->CBIOSend = ctx->CBIOSend;
ssl->verifyDepth = ctx->verifyDepth;
@@ -14002,7 +14004,8 @@ int LoadCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type)
ph->hash_value = hash;
ph->last_suffix = suffix;
ret = wolfSSL_sk_BY_DIR_HASH_push(entry->hashes, ph);
ret = wolfSSL_sk_BY_DIR_HASH_push(entry->hashes, ph) > 0
? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
}
}
wc_UnLockMutex(&lookup->dirs->lock);
@@ -30294,7 +30297,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
if (ret == 0) {
if (wolfSSL_sk_X509_NAME_push(ssl->client_ca_names, name)
== WOLFSSL_FAILURE)
<= 0)
{
ret = MEMORY_ERROR;
}

325
src/ocsp.c
View File

@@ -1053,6 +1053,9 @@ OcspResponse* wolfSSL_d2i_OCSP_RESPONSE(OcspResponse** response,
if (GetSequence(*data, &idx, &length, (word32)len) >= 0)
(*data) += (unsigned char) ((int)idx + length);
if (response != NULL && *response == NULL)
*response = resp;
return resp;
}
@@ -1140,6 +1143,9 @@ int wolfSSL_i2d_OCSP_REQUEST(OcspRequest* request, unsigned char** data)
{
int size;
if (request == NULL)
return BAD_FUNC_ARG;
size = EncodeOcspRequest(request, NULL, 0);
if (size <= 0 || data == NULL)
return size;
@@ -1393,6 +1399,322 @@ WOLFSSL_OCSP_SINGLERESP* wolfSSL_OCSP_resp_get0(WOLFSSL_OCSP_BASICRESP *bs, int
return single;
}
#endif /* OPENSSL_EXTRA */
#ifdef OPENSSL_ALL
/*******************************************************************************
* START OF WOLFSSL_OCSP_REQ_CTX API
******************************************************************************/
enum ocspReqStates {
ORS_INVALID = 0,
ORS_HEADER_ADDED,
ORS_REQ_DONE
};
enum ocspReqIOStates {
ORIOS_INVALID = 0,
ORIOS_WRITE,
ORIOS_READ
};
WOLFSSL_OCSP_REQ_CTX* wolfSSL_OCSP_REQ_CTX_new(WOLFSSL_BIO *bio, int maxline)
{
WOLFSSL_OCSP_REQ_CTX* ret = NULL;
WOLFSSL_ENTER("wolfSSL_OCSP_REQ_CTX_new");
if (maxline <= 0)
maxline = OCSP_MAX_REQUEST_SZ;
ret = (WOLFSSL_OCSP_REQ_CTX*)XMALLOC(sizeof(*ret), NULL,
DYNAMIC_TYPE_OPENSSL);
if (ret != NULL) {
XMEMSET(ret, 0, sizeof(*ret));
ret->buf = (byte*)XMALLOC(maxline, NULL, DYNAMIC_TYPE_OPENSSL);
if (ret->buf == NULL)
goto error;
ret->reqResp = wolfSSL_BIO_new(wolfSSL_BIO_s_mem());
ret->bufLen = maxline;
ret->bio = bio;
ret->ioState = ORIOS_WRITE;
}
return ret;
error:
wolfSSL_OCSP_REQ_CTX_free(ret);
return NULL;
}
void wolfSSL_OCSP_REQ_CTX_free(WOLFSSL_OCSP_REQ_CTX *ctx)
{
WOLFSSL_ENTER("wolfSSL_OCSP_REQ_CTX_free");
if (ctx != NULL) {
if (ctx->buf != NULL)
XFREE(ctx->buf, NULL, DYNAMIC_TYPE_OPENSSL);
if (ctx->reqResp != NULL)
wolfSSL_BIO_free(ctx->reqResp);
XFREE(ctx, NULL, DYNAMIC_TYPE_OPENSSL);
}
}
WOLFSSL_OCSP_REQ_CTX* wolfSSL_OCSP_sendreq_new(WOLFSSL_BIO *bio,
const char *path, OcspRequest *req, int maxline)
{
WOLFSSL_OCSP_REQ_CTX* ret = NULL;
WOLFSSL_ENTER("wolfSSL_OCSP_sendreq_new");
ret = wolfSSL_OCSP_REQ_CTX_new(bio, maxline);
if (ret == NULL)
return NULL;
if (wolfSSL_OCSP_REQ_CTX_http(ret, "POST", path) != WOLFSSL_SUCCESS)
goto error;
if (req != NULL &&
wolfSSL_OCSP_REQ_CTX_set1_req(ret, req) != WOLFSSL_SUCCESS)
goto error;
return ret;
error:
wolfSSL_OCSP_REQ_CTX_free(ret);
return NULL;
}
int wolfSSL_OCSP_REQ_CTX_add1_header(WOLFSSL_OCSP_REQ_CTX *ctx,
const char *name, const char *value)
{
WOLFSSL_ENTER("wolfSSL_OCSP_REQ_CTX_add1_header");
if (name == NULL) {
WOLFSSL_MSG("Bad parameter");
return WOLFSSL_FAILURE;
}
if (wolfSSL_BIO_puts(ctx->reqResp, name) <= 0) {
WOLFSSL_MSG("wolfSSL_BIO_puts error");
return WOLFSSL_FAILURE;
}
if (value != NULL) {
if (wolfSSL_BIO_write(ctx->reqResp, ": ", 2) != 2) {
WOLFSSL_MSG("wolfSSL_BIO_write error");
return WOLFSSL_FAILURE;
}
if (wolfSSL_BIO_puts(ctx->reqResp, value) <= 0) {
WOLFSSL_MSG("wolfSSL_BIO_puts error");
return WOLFSSL_FAILURE;
}
}
if (wolfSSL_BIO_write(ctx->reqResp, "\r\n", 2) != 2) {
WOLFSSL_MSG("wolfSSL_BIO_write error");
return WOLFSSL_FAILURE;
}
ctx->state = ORS_HEADER_ADDED;
return WOLFSSL_SUCCESS;
}
int wolfSSL_OCSP_REQ_CTX_http(WOLFSSL_OCSP_REQ_CTX *ctx, const char *op,
const char *path)
{
static const char http_hdr[] = "%s %s HTTP/1.0\r\n";
WOLFSSL_ENTER("wolfSSL_OCSP_REQ_CTX_http");
if (ctx == NULL || op == NULL) {
WOLFSSL_MSG("Bad parameter");
return WOLFSSL_FAILURE;
}
if (path == NULL)
path = "/";
if (wolfSSL_BIO_printf(ctx->reqResp, http_hdr, op, path) <= 0) {
WOLFSSL_MSG("WOLFSSL_OCSP_REQ_CTX: wolfSSL_BIO_printf error");
return WOLFSSL_FAILURE;
}
ctx->state = ORS_HEADER_ADDED;
return WOLFSSL_SUCCESS;
}
int wolfSSL_OCSP_REQ_CTX_set1_req(WOLFSSL_OCSP_REQ_CTX *ctx, OcspRequest *req)
{
static const char req_hdr[] =
"Content-Type: application/ocsp-request\r\n"
"Content-Length: %d\r\n\r\n";
/* Should be enough to hold Content-Length */
char req_hdr_buf[sizeof(req_hdr) + 10];
int req_hdr_buf_len;
int req_len = wolfSSL_i2d_OCSP_REQUEST(req, NULL);
WOLFSSL_ENTER("wolfSSL_OCSP_REQ_CTX_set1_req");
if (ctx == NULL || req == NULL) {
WOLFSSL_MSG("Bad parameters");
return WOLFSSL_FAILURE;
}
if (req_len <= 0) {
WOLFSSL_MSG("wolfSSL_OCSP_REQ_CTX_set1_req: request len error");
return WOLFSSL_FAILURE;
}
req_hdr_buf_len =
XSNPRINTF(req_hdr_buf, sizeof(req_hdr_buf), req_hdr, req_len);
if (req_hdr_buf_len >= (int)sizeof(req_hdr_buf)) {
WOLFSSL_MSG("wolfSSL_OCSP_REQ_CTX_set1_req: request too long");
return WOLFSSL_FAILURE;
}
if (wolfSSL_BIO_write(ctx->reqResp, req_hdr_buf, req_hdr_buf_len) <= 0) {
WOLFSSL_MSG("wolfSSL_OCSP_REQ_CTX_set1_req: wolfSSL_BIO_write error");
return WOLFSSL_FAILURE;
}
if (wolfSSL_i2d_OCSP_REQUEST_bio(ctx->reqResp, req) <= 0) {
WOLFSSL_MSG("wolfSSL_OCSP_REQ_CTX_set1_req: request i2d error");
return WOLFSSL_FAILURE;
}
ctx->state = ORS_REQ_DONE;
return WOLFSSL_SUCCESS;
}
static int OCSP_REQ_CTX_bio_cb(char *buf, int sz, void *ctx)
{
return BioReceive((WOLFSSL_BIO*)ctx, NULL, buf, sz);
}
int wolfSSL_OCSP_REQ_CTX_nbio(WOLFSSL_OCSP_REQ_CTX *ctx)
{
WOLFSSL_ENTER("wolfSSL_OCSP_REQ_CTX_nbio");
if (ctx == NULL) {
WOLFSSL_MSG("Bad parameters");
return WOLFSSL_FAILURE;
}
switch ((enum ocspReqIOStates)ctx->ioState) {
case ORIOS_WRITE:
case ORIOS_READ:
break;
case ORIOS_INVALID:
default:
WOLFSSL_MSG("Invalid ctx->ioState state");
return WOLFSSL_FAILURE;
}
if (ctx->ioState == ORIOS_WRITE) {
switch ((enum ocspReqStates)ctx->state) {
case ORS_HEADER_ADDED:
/* Write final new line to complete http header */
if (wolfSSL_BIO_write(ctx->reqResp, "\r\n", 2) != 2) {
WOLFSSL_MSG("wolfSSL_BIO_write error");
return WOLFSSL_FAILURE;
}
break;
case ORS_REQ_DONE:
break;
case ORS_INVALID:
default:
WOLFSSL_MSG("Invalid WOLFSSL_OCSP_REQ_CTX state");
return WOLFSSL_FAILURE;
}
}
switch ((enum ocspReqIOStates)ctx->ioState) {
case ORIOS_WRITE:
{
const unsigned char *req;
int reqLen = wolfSSL_BIO_get_mem_data(ctx->reqResp, &req);
if (reqLen <= 0) {
WOLFSSL_MSG("wolfSSL_BIO_get_mem_data error");
return WOLFSSL_FAILURE;
}
while (ctx->sent < reqLen) {
int sent = wolfSSL_BIO_write(ctx->bio, req + ctx->sent,
reqLen - ctx->sent);
if (sent <= 0) {
if (wolfSSL_BIO_should_retry(ctx->bio))
return -1;
WOLFSSL_MSG("wolfSSL_BIO_write error");
ctx->ioState = ORIOS_INVALID;
return 0;
}
ctx->sent += sent;
}
ctx->sent = 0;
ctx->ioState = ORIOS_READ;
(void)wolfSSL_BIO_reset(ctx->reqResp);
FALL_THROUGH;
}
case ORIOS_READ:
{
byte* resp = NULL;
int respLen;
int ret;
if (ctx->buf == NULL) /* Should be allocated in new call */
return WOLFSSL_FAILURE;
ret = wolfIO_HttpProcessResponseOcspGenericIO(OCSP_REQ_CTX_bio_cb,
ctx->bio, &resp, ctx->buf, ctx->bufLen, NULL);
if (ret <= 0) {
if (resp != NULL)
XFREE(resp, NULL, DYNAMIC_TYPE_OCSP);
if (ret == WOLFSSL_CBIO_ERR_WANT_READ || ret == OCSP_WANT_READ)
return -1;
return WOLFSSL_FAILURE;
}
respLen = ret;
ret = wolfSSL_BIO_write(ctx->reqResp, resp, respLen);
XFREE(resp, NULL, DYNAMIC_TYPE_OCSP);
if (ret != respLen) {
WOLFSSL_MSG("wolfSSL_BIO_write error");
return WOLFSSL_FAILURE;
}
break;
}
case ORIOS_INVALID:
default:
WOLFSSL_MSG("Invalid ctx->ioState state");
return WOLFSSL_FAILURE;
}
return WOLFSSL_SUCCESS;
}
int wolfSSL_OCSP_sendreq_nbio(OcspResponse **presp, WOLFSSL_OCSP_REQ_CTX *ctx)
{
int ret;
int len;
const unsigned char *resp = NULL;
WOLFSSL_ENTER("wolfSSL_OCSP_sendreq_nbio");
if (presp == NULL)
return WOLFSSL_FAILURE;
ret = wolfSSL_OCSP_REQ_CTX_nbio(ctx);
if (ret != WOLFSSL_SUCCESS)
return ret;
len = wolfSSL_BIO_get_mem_data(ctx->reqResp, &resp);
if (len <= 0)
return WOLFSSL_FAILURE;
return wolfSSL_d2i_OCSP_RESPONSE(presp, &resp, len) != NULL
? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
}
/*******************************************************************************
* END OF WOLFSSL_OCSP_REQ_CTX API
******************************************************************************/
#ifndef NO_WOLFSSL_STUB
int wolfSSL_OCSP_REQUEST_add_ext(OcspRequest* req, WOLFSSL_X509_EXTENSION* ext,
int idx)
@@ -1585,7 +1907,8 @@ int wolfSSL_OCSP_check_nonce(OcspRequest* req, WOLFSSL_OCSP_BASICRESP* bs)
/* nonces are present but not equal */
return 0;
}
#endif /* OPENSSL_EXTRA */
#endif /* OPENSSL_ALL */
#else /* HAVE_OCSP */

19
src/pk.c
View File

@@ -9172,13 +9172,19 @@ void wolfSSL_EC_GROUP_free(WOLFSSL_EC_GROUP *group)
* @return NULL on error.
*/
static WOLFSSL_EC_GROUP* wolfssl_ec_group_d2i(WOLFSSL_EC_GROUP** group,
const unsigned char* in, long inSz)
const unsigned char** in_pp, long inSz)
{
int err = 0;
WOLFSSL_EC_GROUP* ret = NULL;
word32 idx = 0;
word32 oid = 0;
int id = 0;
const unsigned char* in;
if (in_pp == NULL || *in_pp == NULL)
return NULL;
in = *in_pp;
/* Use the group passed in. */
if ((group != NULL) && (*group != NULL)) {
@@ -9227,6 +9233,9 @@ static WOLFSSL_EC_GROUP* wolfssl_ec_group_d2i(WOLFSSL_EC_GROUP** group,
}
ret = NULL;
}
else {
*in_pp += idx;
}
return ret;
}
@@ -9258,7 +9267,8 @@ WOLFSSL_EC_GROUP* wolfSSL_PEM_read_bio_ECPKParameters(WOLFSSL_BIO* bio,
}
if (!err) {
/* Create EC group from DER encoding. */
ret = wolfssl_ec_group_d2i(group, der->buffer, der->length);
const byte** p = (const byte**)&der->buffer;
ret = wolfssl_ec_group_d2i(group, p, der->length);
if (ret == NULL) {
WOLFSSL_ERROR_MSG("Error loading DER buffer into WOLFSSL_EC_GROUP");
}
@@ -9269,6 +9279,11 @@ WOLFSSL_EC_GROUP* wolfSSL_PEM_read_bio_ECPKParameters(WOLFSSL_BIO* bio,
return ret;
}
WOLFSSL_EC_GROUP *wolfSSL_d2i_ECPKParameters(WOLFSSL_EC_GROUP **out,
const unsigned char **in, long len)
{
return wolfssl_ec_group_d2i(out, in, len);
}
#endif /* !NO_BIO */
#if defined(OPENSSL_ALL) && !defined(NO_CERTS)

293
src/ssl.c
View File

@@ -11003,12 +11003,12 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
if ((flags & WOLFSSL_BIO_FLAG_READ) &&
(((ssl->cbioFlag & WOLFSSL_CBIO_RECV) == 0)))
{
ssl->CBIORecv = BioReceive;
ssl->CBIORecv = SslBioReceive;
}
if ((flags & WOLFSSL_BIO_FLAG_WRITE) &&
(((ssl->cbioFlag & WOLFSSL_CBIO_SEND) == 0)))
{
ssl->CBIOSend = BioSend;
ssl->CBIOSend = SslBioSend;
}
/* User programs should always retry reading from these BIOs */
@@ -11331,8 +11331,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
return WOLFSSL_FAILURE;
}
if (wolfSSL_sk_X509_NAME_push(ctx->client_ca_names, nameCopy) !=
WOLFSSL_SUCCESS) {
if (wolfSSL_sk_X509_NAME_push(ctx->client_ca_names, nameCopy) <= 0) {
WOLFSSL_MSG("wolfSSL_sk_X509_NAME_push error");
wolfSSL_X509_NAME_free(nameCopy);
return WOLFSSL_FAILURE;
@@ -11387,8 +11386,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
*/
nameCopy->x509 = NULL;
if (wolfSSL_sk_X509_NAME_push(list, nameCopy) !=
WOLFSSL_SUCCESS) {
if (wolfSSL_sk_X509_NAME_push(list, nameCopy) <= 0) {
WOLFSSL_MSG("wolfSSL_sk_X509_NAME_push error");
/* Do free in loop because nameCopy is now responsibility
* of list to free and adding jumps to cleanup after this
@@ -13465,7 +13463,7 @@ static int PushCAx509Chain(WOLFSSL_CERT_MANAGER* cm,
i--;
for (; i >= 0; i--) {
if (push) {
if (wolfSSL_sk_X509_push(sk, issuer[i]) != WOLFSSL_SUCCESS) {
if (wolfSSL_sk_X509_push(sk, issuer[i]) <= 0) {
wolfSSL_X509_free(issuer[i]);
ret = WOLFSSL_FATAL_ERROR;
push = 0; /* Free the rest of the unpushed certs */
@@ -13517,7 +13515,7 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_set_peer_cert_chain(WOLFSSL* ssl)
}
#endif
if (ret != 0 || wolfSSL_sk_X509_push(sk, x509) != WOLFSSL_SUCCESS) {
if (ret != 0 || wolfSSL_sk_X509_push(sk, x509) <= 0) {
WOLFSSL_MSG("Error decoding cert");
wolfSSL_X509_free(x509);
wolfSSL_sk_X509_pop_free(sk, NULL);
@@ -13612,66 +13610,80 @@ static WC_INLINE int compare_WOLFSSL_CIPHER(
#endif /* OPENSSL_ALL || WOLFSSL_QT */
/* return 1 on success 0 on fail */
/* return number of elements on success 0 on fail */
int wolfSSL_sk_push(WOLFSSL_STACK* sk, const void *data)
{
WOLFSSL_ENTER("wolfSSL_sk_push");
return wolfSSL_sk_insert(sk, data, 0);
}
/* return number of elements on success 0 on fail */
int wolfSSL_sk_insert(WOLFSSL_STACK *sk, const void *data, int idx)
{
WOLFSSL_STACK* node;
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
WOLFSSL_CIPHER ciph;
#endif
WOLFSSL_ENTER("wolfSSL_sk_push");
WOLFSSL_ENTER("wolfSSL_sk_insert");
if (!sk) {
if (!sk)
return WOLFSSL_FATAL_ERROR;
if (!data)
return WOLFSSL_FAILURE;
}
/* Check if empty data */
switch (sk->type) {
case STACK_TYPE_CIPHER:
if (idx == 0 || sk->num == 0) {
/* Check if empty data */
switch (sk->type) {
case STACK_TYPE_CIPHER:
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
/* check if entire struct is zero */
XMEMSET(&ciph, 0, sizeof(WOLFSSL_CIPHER));
if (compare_WOLFSSL_CIPHER(&sk->data.cipher, &ciph) == 0) {
sk->data.cipher = *(WOLFSSL_CIPHER*)data;
sk->num = 1;
if (sk->hash_fn) {
sk->hash = sk->hash_fn(&sk->data.cipher);
/* check if entire struct is zero */
XMEMSET(&ciph, 0, sizeof(WOLFSSL_CIPHER));
if (compare_WOLFSSL_CIPHER(&sk->data.cipher, &ciph) == 0) {
sk->data.cipher = *(WOLFSSL_CIPHER*)data;
sk->num = 1;
if (sk->hash_fn) {
sk->hash = sk->hash_fn(&sk->data.cipher);
}
return (int)sk->num;
}
return WOLFSSL_SUCCESS;
}
break;
if (sk->num == 0)
sk->num = 1; /* confirmed at least one element */
break;
#endif
case STACK_TYPE_X509:
case STACK_TYPE_GEN_NAME:
case STACK_TYPE_BIO:
case STACK_TYPE_OBJ:
case STACK_TYPE_STRING:
case STACK_TYPE_ACCESS_DESCRIPTION:
case STACK_TYPE_X509_EXT:
case STACK_TYPE_X509_REQ_ATTR:
case STACK_TYPE_NULL:
case STACK_TYPE_X509_NAME:
case STACK_TYPE_X509_NAME_ENTRY:
case STACK_TYPE_CONF_VALUE:
case STACK_TYPE_X509_INFO:
case STACK_TYPE_BY_DIR_entry:
case STACK_TYPE_BY_DIR_hash:
case STACK_TYPE_X509_OBJ:
case STACK_TYPE_DIST_POINT:
case STACK_TYPE_X509_CRL:
default:
/* All other types are pointers */
if (!sk->data.generic) {
sk->data.generic = (void*)data;
sk->num = 1;
case STACK_TYPE_X509:
case STACK_TYPE_GEN_NAME:
case STACK_TYPE_BIO:
case STACK_TYPE_OBJ:
case STACK_TYPE_STRING:
case STACK_TYPE_ACCESS_DESCRIPTION:
case STACK_TYPE_X509_EXT:
case STACK_TYPE_X509_REQ_ATTR:
case STACK_TYPE_NULL:
case STACK_TYPE_X509_NAME:
case STACK_TYPE_X509_NAME_ENTRY:
case STACK_TYPE_CONF_VALUE:
case STACK_TYPE_X509_INFO:
case STACK_TYPE_BY_DIR_entry:
case STACK_TYPE_BY_DIR_hash:
case STACK_TYPE_X509_OBJ:
case STACK_TYPE_DIST_POINT:
case STACK_TYPE_X509_CRL:
default:
/* All other types are pointers */
if (!sk->data.generic) {
sk->data.generic = (void*)data;
sk->num = 1;
#ifdef OPENSSL_ALL
if (sk->hash_fn) {
sk->hash = sk->hash_fn(sk->data.generic);
}
if (sk->hash_fn)
sk->hash = sk->hash_fn(sk->data.generic);
#endif
return WOLFSSL_SUCCESS;
}
break;
return (int)sk->num;
}
if (sk->num == 0)
sk->num = 1; /* confirmed at least one element */
break;
}
}
/* stack already has value(s) create a new node and add more */
@@ -13680,26 +13692,71 @@ int wolfSSL_sk_push(WOLFSSL_STACK* sk, const void *data)
WOLFSSL_MSG("Memory error");
return WOLFSSL_FAILURE;
}
/* push new x509 onto head of stack */
node->next = sk->next;
node->type = sk->type;
sk->next = node;
sk->num += 1;
#ifdef OPENSSL_ALL
node->hash_fn = sk->hash_fn;
node->hash = sk->hash;
sk->hash = 0;
#endif
if (idx == 0) {
/* Special case where we need to change the values in the head element
* to avoid changing the initial pointer. */
/* push new item onto head of stack */
node->next = sk->next;
sk->next = node;
#ifdef OPENSSL_ALL
node->hash = sk->hash;
sk->hash = 0;
#endif
switch (sk->type) {
case STACK_TYPE_CIPHER:
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
node->data.cipher = sk->data.cipher;
sk->data.cipher = *(WOLFSSL_CIPHER*)data;
if (sk->hash_fn) {
sk->hash = sk->hash_fn(&sk->data.cipher);
}
break;
#endif
case STACK_TYPE_X509:
case STACK_TYPE_GEN_NAME:
case STACK_TYPE_BIO:
case STACK_TYPE_OBJ:
case STACK_TYPE_STRING:
case STACK_TYPE_ACCESS_DESCRIPTION:
case STACK_TYPE_X509_EXT:
case STACK_TYPE_X509_REQ_ATTR:
case STACK_TYPE_NULL:
case STACK_TYPE_X509_NAME:
case STACK_TYPE_X509_NAME_ENTRY:
case STACK_TYPE_CONF_VALUE:
case STACK_TYPE_X509_INFO:
case STACK_TYPE_BY_DIR_entry:
case STACK_TYPE_BY_DIR_hash:
case STACK_TYPE_X509_OBJ:
case STACK_TYPE_DIST_POINT:
case STACK_TYPE_X509_CRL:
default:
/* All other types are pointers */
node->data.generic = sk->data.generic;
sk->data.generic = (void*)data;
#ifdef OPENSSL_ALL
if (sk->hash_fn)
sk->hash = sk->hash_fn(sk->data.generic);
#endif
break;
}
return (int)sk->num;
}
/* populate node */
switch (sk->type) {
case STACK_TYPE_CIPHER:
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
node->data.cipher = sk->data.cipher;
sk->data.cipher = *(WOLFSSL_CIPHER*)data;
if (sk->hash_fn) {
sk->hash = sk->hash_fn(&sk->data.cipher);
}
node->data.cipher = *(WOLFSSL_CIPHER*)data;
if (node->hash_fn)
node->hash = node->hash_fn(&node->data.cipher);
break;
#endif
case STACK_TYPE_X509:
@@ -13722,17 +13779,25 @@ int wolfSSL_sk_push(WOLFSSL_STACK* sk, const void *data)
case STACK_TYPE_X509_CRL:
default:
/* All other types are pointers */
node->data.generic = sk->data.generic;
sk->data.generic = (void*)data;
node->data.generic = (void*)data;
#ifdef OPENSSL_ALL
if (sk->hash_fn) {
sk->hash = sk->hash_fn(sk->data.generic);
}
if (node->hash_fn)
node->hash = node->hash_fn(node->data.generic);
#endif
break;
}
{
/* insert node into stack. not using sk since we return sk->num after */
WOLFSSL_STACK* prev_node = sk;
while (idx != 0 && prev_node->next != NULL) {
prev_node = prev_node->next;
idx--;
}
node->next = prev_node->next;
prev_node->next = node;
}
return WOLFSSL_SUCCESS;
return (int)sk->num;
}
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
@@ -14949,20 +15014,80 @@ char* wolfSSL_CIPHER_description(const WOLFSSL_CIPHER* cipher, char* in,
return ret;
}
#ifndef NO_WOLFSSL_STUB
int wolfSSL_OCSP_parse_url(char* url, char** host, char** port, char** path,
int* ssl)
int wolfSSL_OCSP_parse_url(const char* url, char** host, char** port,
char** path, int* ssl)
{
(void)url;
(void)host;
(void)port;
(void)path;
(void)ssl;
WOLFSSL_STUB("OCSP_parse_url");
return 0;
const char* u = url;
const char* upath; /* path in u */
const char* uport; /* port in u */
const char* hostEnd;
WOLFSSL_ENTER("OCSP_parse_url");
*host = NULL;
*port = NULL;
*path = NULL;
*ssl = 0;
if (*(u++) != 'h') goto err;
if (*(u++) != 't') goto err;
if (*(u++) != 't') goto err;
if (*(u++) != 'p') goto err;
if (*u == 's') {
*ssl = 1;
u++;
*port = CopyString("443", -1, NULL, DYNAMIC_TYPE_OPENSSL);
}
else if (*u == ':') {
*ssl = 0;
*port = CopyString("80", -1, NULL, DYNAMIC_TYPE_OPENSSL);
}
else
goto err;
if (*port == NULL)
goto err;
if (*(u++) != ':') goto err;
if (*(u++) != '/') goto err;
if (*(u++) != '/') goto err;
/* Look for path */
upath = XSTRSTR(u, "/");
*path = CopyString(upath == NULL ? "/" : upath, -1, NULL,
DYNAMIC_TYPE_OPENSSL);
/* Look for port */
uport = XSTRSTR(u, ":");
if (uport != NULL) {
if (*(++uport) == '\0')
goto err;
/* port must be before path */
if (upath != NULL && uport >= upath)
goto err;
XFREE(*port, NULL, DYNAMIC_TYPE_OPENSSL);
*port = CopyString(uport, upath != NULL ? (int)(upath - uport) : -1,
NULL, DYNAMIC_TYPE_OPENSSL);
if (*port == NULL)
goto err;
hostEnd = uport - 1;
}
else
hostEnd = upath;
*host = CopyString(u, hostEnd != NULL ? (int)(hostEnd - u) : -1, NULL,
DYNAMIC_TYPE_OPENSSL);
if (*host == NULL)
goto err;
return WOLFSSL_SUCCESS;
err:
XFREE(*host, NULL, DYNAMIC_TYPE_OPENSSL);
*host = NULL;
XFREE(*port, NULL, DYNAMIC_TYPE_OPENSSL);
*port = NULL;
XFREE(*path, NULL, DYNAMIC_TYPE_OPENSSL);
*path = NULL;
return WOLFSSL_FAILURE;
}
#endif
#ifndef NO_WOLFSSL_STUB
WOLFSSL_COMP_METHOD* wolfSSL_COMP_zlib(void)

1184
src/ssl_asn1.c
View File

File diff suppressed because it is too large Load Diff

2
src/ssl_certman.c
View File

@@ -398,7 +398,7 @@ WOLFSSL_STACK* wolfSSL_CertManagerGetCerts(WOLFSSL_CERT_MANAGER* cm)
}
/* Decode certificate. */
if ((!err) && (wolfSSL_sk_X509_push(sk, x509) != WOLFSSL_SUCCESS)) {
if ((!err) && (wolfSSL_sk_X509_push(sk, x509) <= 0)) {
wolfSSL_X509_free(x509);
err = 1;
}

33
src/ssl_crypto.c
View File

@@ -45,8 +45,7 @@
void wolfSSL_MD4_Init(WOLFSSL_MD4_CTX* md4)
{
/* Ensure WOLFSSL_MD4_CTX is big enough for wolfCrypt Md4. */
typedef char ok[sizeof(md4->buffer) >= sizeof(Md4) ? 1 : -1];
(void)sizeof(ok);
WOLFSSL_ASSERT_SIZEOF_GE(md4->buffer, Md4);
WOLFSSL_ENTER("MD4_Init");
@@ -97,8 +96,7 @@ void wolfSSL_MD4_Final(unsigned char* digest, WOLFSSL_MD4_CTX* md4)
int wolfSSL_MD5_Init(WOLFSSL_MD5_CTX* md5)
{
/* Ensure WOLFSSL_MD5_CTX is big enough for wolfCrypt wc_Md5. */
typedef char md5_test[sizeof(WOLFSSL_MD5_CTX) >= sizeof(wc_Md5) ? 1 : -1];
(void)sizeof(md5_test);
WOLFSSL_ASSERT_SIZEOF_GE(WOLFSSL_MD5_CTX, wc_Md5);
WOLFSSL_ENTER("MD5_Init");
@@ -212,8 +210,7 @@ unsigned char* wolfSSL_MD5(const unsigned char* data, size_t len,
int wolfSSL_SHA_Init(WOLFSSL_SHA_CTX* sha)
{
/* Ensure WOLFSSL_SHA_CTX is big enough for wolfCrypt wc_Sha. */
typedef char sha_test[sizeof(WOLFSSL_SHA_CTX) >= sizeof(wc_Sha) ? 1 : -1];
(void)sizeof(sha_test);
WOLFSSL_ASSERT_SIZEOF_GE(WOLFSSL_SHA_CTX, wc_Sha);
WOLFSSL_ENTER("SHA_Init");
@@ -362,8 +359,7 @@ int wolfSSL_SHA1_Transform(WOLFSSL_SHA_CTX* sha, const unsigned char* data)
int wolfSSL_SHA224_Init(WOLFSSL_SHA224_CTX* sha224)
{
/* Ensure WOLFSSL_SHA224_CTX is big enough for wolfCrypt wc_Sha224. */
typedef char sha_test[sizeof(SHA224_CTX) >= sizeof(wc_Sha224) ? 1 : -1];
(void)sizeof(sha_test);
WOLFSSL_ASSERT_SIZEOF_GE(SHA224_CTX, wc_Sha224);
WOLFSSL_ENTER("SHA224_Init");
@@ -422,8 +418,7 @@ int wolfSSL_SHA224_Final(byte* output, WOLFSSL_SHA224_CTX* sha224)
int wolfSSL_SHA256_Init(WOLFSSL_SHA256_CTX* sha256)
{
/* Ensure WOLFSSL_SHA256_CTX is big enough for wolfCrypt wc_Sha256. */
typedef char sha_test[sizeof(SHA256_CTX) >= sizeof(wc_Sha256) ? 1 : -1];
(void)sizeof(sha_test);
WOLFSSL_ASSERT_SIZEOF_GE(SHA256_CTX, wc_Sha256);
WOLFSSL_ENTER("SHA256_Init");
@@ -512,8 +507,7 @@ int wolfSSL_SHA256_Transform(WOLFSSL_SHA256_CTX* sha256,
int wolfSSL_SHA384_Init(WOLFSSL_SHA384_CTX* sha384)
{
/* Ensure WOLFSSL_SHA384_CTX is big enough for wolfCrypt wc_Sha384. */
typedef char sha_test[sizeof(SHA384_CTX) >= sizeof(wc_Sha384) ? 1 : -1];
(void)sizeof(sha_test);
WOLFSSL_ASSERT_SIZEOF_GE(SHA384_CTX, wc_Sha384);
WOLFSSL_ENTER("SHA384_Init");
@@ -572,8 +566,7 @@ int wolfSSL_SHA384_Final(byte* output, WOLFSSL_SHA384_CTX* sha384)
int wolfSSL_SHA512_Init(WOLFSSL_SHA512_CTX* sha512)
{
/* Ensure WOLFSSL_SHA512_CTX is big enough for wolfCrypt wc_Sha512. */
typedef char sha_test[sizeof(SHA512_CTX) >= sizeof(wc_Sha512) ? 1 : -1];
(void)sizeof(sha_test);
WOLFSSL_ASSERT_SIZEOF_GE(SHA512_CTX, wc_Sha512);
WOLFSSL_ENTER("SHA512_Init");
@@ -809,8 +802,7 @@ int wolfSSL_SHA512_256_Transform(WOLFSSL_SHA512_CTX* sha512,
int wolfSSL_SHA3_224_Init(WOLFSSL_SHA3_224_CTX* sha3_224)
{
/* Ensure WOLFSSL_SHA3_224_CTX is big enough for wolfCrypt wc_Sha3. */
typedef char sha_test[sizeof(SHA3_224_CTX) >= sizeof(wc_Sha3) ? 1 : -1];
(void)sizeof(sha_test);
WOLFSSL_ASSERT_SIZEOF_GE(SHA3_224_CTX, wc_Sha3);
WOLFSSL_ENTER("SHA3_224_Init");
@@ -869,8 +861,7 @@ int wolfSSL_SHA3_224_Final(byte* output, WOLFSSL_SHA3_224_CTX* sha3)
int wolfSSL_SHA3_256_Init(WOLFSSL_SHA3_256_CTX* sha3_256)
{
/* Ensure WOLFSSL_SHA3_256_CTX is big enough for wolfCrypt wc_Sha3. */
typedef char sha_test[sizeof(SHA3_256_CTX) >= sizeof(wc_Sha3) ? 1 : -1];
(void)sizeof(sha_test);
WOLFSSL_ASSERT_SIZEOF_GE(SHA3_256_CTX, wc_Sha3);
WOLFSSL_ENTER("SHA3_256_Init");
@@ -929,8 +920,7 @@ int wolfSSL_SHA3_256_Final(byte* output, WOLFSSL_SHA3_256_CTX* sha3)
int wolfSSL_SHA3_384_Init(WOLFSSL_SHA3_384_CTX* sha3_384)
{
/* Ensure WOLFSSL_SHA3_384_CTX is big enough for wolfCrypt wc_Sha3. */
typedef char sha_test[sizeof(SHA3_384_CTX) >= sizeof(wc_Sha3) ? 1 : -1];
(void)sizeof(sha_test);
WOLFSSL_ASSERT_SIZEOF_GE(SHA3_384_CTX, wc_Sha3);
WOLFSSL_ENTER("SHA3_384_Init");
@@ -989,8 +979,7 @@ int wolfSSL_SHA3_384_Final(byte* output, WOLFSSL_SHA3_384_CTX* sha3)
int wolfSSL_SHA3_512_Init(WOLFSSL_SHA3_512_CTX* sha3_512)
{
/* Ensure WOLFSSL_SHA3_512_CTX is big enough for wolfCrypt wc_Sha3. */
typedef char sha_test[sizeof(SHA3_512_CTX) >= sizeof(wc_Sha3) ? 1 : -1];
(void)sizeof(sha_test);
WOLFSSL_ASSERT_SIZEOF_GE(SHA3_512_CTX, wc_Sha3);
WOLFSSL_ENTER("SHA3_512_Init");

6
src/ssl_load.c
View File

@@ -4809,7 +4809,8 @@ int wolfSSL_CTX_add1_chain_cert(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509)
}
if (ret == 1) {
/* Push the X509 object onto stack. */
ret = wolfSSL_sk_X509_push(ctx->x509Chain, x509);
ret = wolfSSL_sk_X509_push(ctx->x509Chain, x509) > 0
? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
}
if (ret != 1) {
@@ -4873,7 +4874,8 @@ int wolfSSL_add0_chain_cert(WOLFSSL* ssl, WOLFSSL_X509* x509)
}
if (ret == 1) {
/* Push X509 object onto stack to be freed. */
ret = wolfSSL_sk_X509_push(ssl->ourCertChain, x509);
ret = wolfSSL_sk_X509_push(ssl->ourCertChain, x509) > 0
? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
if (ret != 1) {
/* Free it now on error. */
wolfSSL_X509_free(x509);

9
src/ssl_p7p12.c
View File

@@ -229,7 +229,7 @@ WOLFSSL_STACK* wolfSSL_PKCS7_to_stack(PKCS7* pkcs7)
if (!ret)
ret = wolfSSL_sk_X509_new_null();
if (x509) {
if (wolfSSL_sk_X509_push(ret, x509) != WOLFSSL_SUCCESS) {
if (wolfSSL_sk_X509_push(ret, x509) <= 0) {
wolfSSL_X509_free(x509);
WOLFSSL_MSG("wolfSSL_sk_X509_push error");
goto error;
@@ -294,7 +294,7 @@ WOLFSSL_STACK* wolfSSL_PKCS7_get0_signers(PKCS7* pkcs7, WOLFSSL_STACK* certs,
return NULL;
}
if (wolfSSL_sk_X509_push(signers, x509) != WOLFSSL_SUCCESS) {
if (wolfSSL_sk_X509_push(signers, x509) <= 0) {
wolfSSL_sk_X509_pop_free(signers, NULL);
return NULL;
}
@@ -1152,7 +1152,8 @@ PKCS7* wolfSSL_SMIME_read_PKCS7(WOLFSSL_BIO* in,
}
XMEMSET(boundary, 0, (word32)(boundLen+1));
boundary[0] = boundary[1] = '-';
XSTRNCPY(&boundary[2], curParam->value, boundLen-2);
/* analyzers have issues with using strncpy and strcpy here */
XMEMCPY(&boundary[2], curParam->value, boundLen - 2);
/* Parse up to first boundary, ignore everything here. */
lineLen = wolfSSL_BIO_gets(in, section, remainLen);
@@ -1929,7 +1930,7 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
}
FreeDecodedCert(DeCert);
if (wolfSSL_sk_X509_push(*ca, x509) != 1) {
if (wolfSSL_sk_X509_push(*ca, x509) <= 0) {
WOLFSSL_MSG("Failed to push x509 onto stack");
wolfSSL_X509_free(x509);
wolfSSL_sk_X509_pop_free(*ca, NULL); *ca = NULL;

3
src/tls.c
View File

@@ -6910,8 +6910,7 @@ static int TLSX_CA_Names_Parse(WOLFSSL *ssl, const byte* input,
if (ret == 0) {
CopyDecodedName(name, cert, ASN_SUBJECT);
if (wolfSSL_sk_X509_NAME_push(ssl->client_ca_names, name)
== WOLFSSL_FAILURE)
if (wolfSSL_sk_X509_NAME_push(ssl->client_ca_names, name) <= 0)
ret = MEMORY_ERROR;
}

163
src/wolfio.c
View File

@@ -259,6 +259,57 @@ static int TranslateIoReturnCode(int err, SOCKET_T sd, int direction)
#ifdef OPENSSL_EXTRA
#ifndef NO_BIO
int BioReceive(WOLFSSL_BIO* biord, WOLFSSL_BIO* biowr, char* buf, int sz)
{
int recvd = WOLFSSL_CBIO_ERR_GENERAL;
WOLFSSL_ENTER("SslBioReceive");
if (biord == NULL) {
WOLFSSL_MSG("WOLFSSL biord not set");
return WOLFSSL_CBIO_ERR_GENERAL;
}
recvd = wolfSSL_BIO_read(biord, buf, sz);
if (recvd <= 0) {
if (/* ssl->biowr->wrIdx is checked for Bind9 */
wolfSSL_BIO_method_type(biowr) == WOLFSSL_BIO_BIO &&
wolfSSL_BIO_wpending(biowr) != 0 &&
/* Not sure this pending check is necessary but let's double
* check that the read BIO is empty before we signal a write
* need */
wolfSSL_BIO_supports_pending(biord) &&
wolfSSL_BIO_ctrl_pending(biord) == 0) {
/* Let's signal to the app layer that we have
* data pending that needs to be sent. */
return WOLFSSL_CBIO_ERR_WANT_WRITE;
}
else if (biord->type == WOLFSSL_BIO_SOCKET) {
if (recvd == 0) {
WOLFSSL_MSG("SslBioReceive connection closed");
return WOLFSSL_CBIO_ERR_CONN_CLOSE;
}
#ifdef USE_WOLFSSL_IO
recvd = TranslateIoReturnCode(recvd, biord->num.fd,
SOCKET_RECEIVING);
#endif
return recvd;
}
/* If retry and read flags are set, return WANT_READ */
if ((biord->flags & WOLFSSL_BIO_FLAG_READ) &&
(biord->flags & WOLFSSL_BIO_FLAG_RETRY)) {
return WOLFSSL_CBIO_ERR_WANT_READ;
}
WOLFSSL_MSG("BIO general error");
return WOLFSSL_CBIO_ERR_GENERAL;
}
return recvd;
}
/* Use the WOLFSSL read BIO for receiving data. This is set by the function
* wolfSSL_set_bio and can also be set by wolfSSL_CTX_SetIORecv.
*
@@ -270,55 +321,11 @@ static int TranslateIoReturnCode(int err, SOCKET_T sd, int direction)
*
* returns the amount of data read or want read. See WOLFSSL_CBIO_ERR_* values.
*/
int BioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx)
int SslBioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx)
{
int recvd = WOLFSSL_CBIO_ERR_GENERAL;
WOLFSSL_ENTER("BioReceive");
if (ssl->biord == NULL) {
WOLFSSL_MSG("WOLFSSL biord not set");
return WOLFSSL_CBIO_ERR_GENERAL;
}
recvd = wolfSSL_BIO_read(ssl->biord, buf, sz);
if (recvd <= 0) {
if (/* ssl->biowr->wrIdx is checked for Bind9 */
wolfSSL_BIO_method_type(ssl->biowr) == WOLFSSL_BIO_BIO &&
wolfSSL_BIO_wpending(ssl->biowr) != 0 &&
/* Not sure this pending check is necessary but let's double
* check that the read BIO is empty before we signal a write
* need */
wolfSSL_BIO_supports_pending(ssl->biord) &&
wolfSSL_BIO_ctrl_pending(ssl->biord) == 0) {
/* Let's signal to the app layer that we have
* data pending that needs to be sent. */
return WOLFSSL_CBIO_ERR_WANT_WRITE;
}
else if (ssl->biord->type == WOLFSSL_BIO_SOCKET) {
if (recvd == 0) {
WOLFSSL_MSG("BioReceive connection closed");
return WOLFSSL_CBIO_ERR_CONN_CLOSE;
}
#ifdef USE_WOLFSSL_IO
recvd = TranslateIoReturnCode(recvd, ssl->biord->num.fd,
SOCKET_RECEIVING);
#endif
return recvd;
}
/* If retry and read flags are set, return WANT_READ */
if ((ssl->biord->flags & WOLFSSL_BIO_FLAG_READ) &&
(ssl->biord->flags & WOLFSSL_BIO_FLAG_RETRY)) {
return WOLFSSL_CBIO_ERR_WANT_READ;
}
WOLFSSL_MSG("BIO general error");
return WOLFSSL_CBIO_ERR_GENERAL;
}
WOLFSSL_ENTER("SslBioReceive");
(void)ctx;
return recvd;
return BioReceive(ssl->biord, ssl->biowr, buf, sz);
}
@@ -332,11 +339,11 @@ int BioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx)
*
* returns the amount of data sent or want send. See WOLFSSL_CBIO_ERR_* values.
*/
int BioSend(WOLFSSL* ssl, char *buf, int sz, void *ctx)
int SslBioSend(WOLFSSL* ssl, char *buf, int sz, void *ctx)
{
int sent = WOLFSSL_CBIO_ERR_GENERAL;
WOLFSSL_ENTER("BioSend");
WOLFSSL_ENTER("SslBioSend");
if (ssl->biowr == NULL) {
WOLFSSL_MSG("WOLFSSL biowr not set");
@@ -1659,8 +1666,9 @@ int wolfIO_DecodeUrl(const char* url, int urlSz, char* outName, char* outPath,
return result;
}
static int wolfIO_HttpProcessResponseBuf(int sfd, byte **recvBuf,
int* recvBufSz, int chunkSz, char* start, int len, int dynType, void* heap)
static int wolfIO_HttpProcessResponseBuf(WolfSSLGenericIORecvCb ioCb,
void* ioCbCtx, byte **recvBuf, int* recvBufSz, int chunkSz, char* start,
int len, int dynType, void* heap)
{
byte* newRecvBuf = NULL;
int newRecvSz = *recvBufSz + chunkSz;
@@ -1713,7 +1721,7 @@ static int wolfIO_HttpProcessResponseBuf(int sfd, byte **recvBuf,
/* receive the remainder of chunk */
while (len < chunkSz) {
int rxSz = wolfIO_Recv(sfd, (char*)&newRecvBuf[pos], chunkSz-len, 0);
int rxSz = ioCb((char*)&newRecvBuf[pos], chunkSz-len, ioCbCtx);
if (rxSz > 0) {
len += rxSz;
pos += rxSz;
@@ -1731,8 +1739,9 @@ static int wolfIO_HttpProcessResponseBuf(int sfd, byte **recvBuf,
return 0;
}
int wolfIO_HttpProcessResponse(int sfd, const char** appStrList,
byte** respBuf, byte* httpBuf, int httpBufSz, int dynType, void* heap)
int wolfIO_HttpProcessResponseGenericIO(WolfSSLGenericIORecvCb ioCb,
void* ioCbCtx, const char** appStrList, unsigned char** respBuf,
unsigned char* httpBuf, int httpBufSz, int dynType, void* heap)
{
static const char HTTP_PROTO[] = "HTTP/1.";
static const char HTTP_STATUS_200[] = "200";
@@ -1753,8 +1762,8 @@ int wolfIO_HttpProcessResponse(int sfd, const char** appStrList,
do {
if (state == phr_get_chunk_data) {
/* get chunk of data */
result = wolfIO_HttpProcessResponseBuf(sfd, respBuf, &respBufSz,
chunkSz, start, len, dynType, heap);
result = wolfIO_HttpProcessResponseBuf(ioCb, ioCbCtx, respBuf,
&respBufSz, chunkSz, start, len, dynType, heap);
state = (result != 0) ? phr_http_end : phr_get_chunk_len;
end = NULL;
@@ -1768,7 +1777,7 @@ int wolfIO_HttpProcessResponse(int sfd, const char** appStrList,
* can.
*/
}
result = wolfIO_Recv(sfd, (char*)httpBuf+len, httpBufSz-len-1, 0);
result = ioCb((char*)httpBuf+len, httpBufSz-len-1, ioCbCtx);
if (result > 0) {
len += result;
start = (char*)httpBuf;
@@ -1894,8 +1903,8 @@ int wolfIO_HttpProcessResponse(int sfd, const char** appStrList,
} while (state != phr_http_end);
if (!isChunked) {
result = wolfIO_HttpProcessResponseBuf(sfd, respBuf, &respBufSz, chunkSz,
start, len, dynType, heap);
result = wolfIO_HttpProcessResponseBuf(ioCb, ioCbCtx, respBuf,
&respBufSz, chunkSz, start, len, dynType, heap);
}
if (result >= 0) {
@@ -1907,6 +1916,22 @@ int wolfIO_HttpProcessResponse(int sfd, const char** appStrList,
return result;
}
static int httpResponseIoCb(char* buf, int sz, void* ctx)
{
/* Double cast to silence the compiler int/pointer width msg */
return wolfIO_Recv((SOCKET_T)(uintptr_t)ctx, buf, sz, 0);
}
int wolfIO_HttpProcessResponse(int sfd, const char** appStrList,
byte** respBuf, byte* httpBuf, int httpBufSz, int dynType, void* heap)
{
return wolfIO_HttpProcessResponseGenericIO(httpResponseIoCb,
/* Double cast to silence the compiler int/pointer width msg */
(void*)(uintptr_t)sfd, appStrList, respBuf, httpBuf, httpBufSz,
dynType, heap);
}
int wolfIO_HttpBuildRequest(const char *reqType, const char *domainName,
const char *path, int pathLen, int reqSz, const char *contentType,
byte *buf, int bufSize)
@@ -2028,17 +2053,25 @@ int wolfIO_HttpBuildRequestOcsp(const char* domainName, const char* path,
ocspReqSz, "application/ocsp-request", cacheCtl, buf, bufSize);
}
static const char* ocspAppStrList[] = {
"application/ocsp-response",
NULL
};
WOLFSSL_API int wolfIO_HttpProcessResponseOcspGenericIO(
WolfSSLGenericIORecvCb ioCb, void* ioCbCtx, unsigned char** respBuf,
unsigned char* httpBuf, int httpBufSz, void* heap)
{
return wolfIO_HttpProcessResponseGenericIO(ioCb, ioCbCtx,
ocspAppStrList, respBuf, httpBuf, httpBufSz, DYNAMIC_TYPE_OCSP, heap);
}
/* return: >0 OCSP Response Size
* -1 error */
int wolfIO_HttpProcessResponseOcsp(int sfd, byte** respBuf,
byte* httpBuf, int httpBufSz, void* heap)
{
const char* appStrList[] = {
"application/ocsp-response",
NULL
};
return wolfIO_HttpProcessResponse(sfd, appStrList,
return wolfIO_HttpProcessResponse(sfd, ocspAppStrList,
respBuf, httpBuf, httpBufSz, DYNAMIC_TYPE_OCSP, heap);
}

383
src/x509.c
View File

@@ -362,39 +362,9 @@ WOLFSSL_STACK* wolfSSL_sk_new_x509_ext(void)
* OpenSSL. */
int wolfSSL_sk_X509_EXTENSION_push(WOLFSSL_STACK* sk,WOLFSSL_X509_EXTENSION* ext)
{
WOLFSSL_STACK* node;
WOLFSSL_ENTER("wolfSSL_sk_X509_EXTENSION_push");
if (sk == NULL || ext == NULL) {
return WOLFSSL_FAILURE;
}
/* no previous values in stack */
if (sk->data.ext == NULL) {
sk->data.ext = ext;
sk->num += 1;
return (int)sk->num;
}
/* stack already has value(s) create a new node and add more */
node = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK), NULL,
DYNAMIC_TYPE_X509);
if (node == NULL) {
WOLFSSL_MSG("Memory error");
return WOLFSSL_FAILURE;
}
XMEMSET(node, 0, sizeof(WOLFSSL_STACK));
/* push new obj onto head of stack */
node->data.ext = sk->data.ext;
node->next = sk->next;
node->type = sk->type;
sk->next = node;
sk->data.ext = ext;
sk->num += 1;
return (int)sk->num;
return wolfSSL_sk_push(sk, ext);
}
/* Free the structure for X509_EXTENSION stack
@@ -535,8 +505,8 @@ int wolfSSL_X509_get_ext_by_OBJ(const WOLFSSL_X509 *x,
if (lastpos < 0)
lastpos = 0;
for (; lastpos < wolfSSL_sk_num(sk); lastpos++)
if (wolfSSL_OBJ_cmp((WOLFSSL_ASN1_OBJECT*)wolfSSL_sk_value(sk,
lastpos), obj) == 0)
if (wolfSSL_OBJ_cmp(wolfSSL_sk_X509_EXTENSION_value(sk,
lastpos)->obj, obj) == 0)
return lastpos;
return -1;
}
@@ -556,10 +526,10 @@ static int wolfssl_dns_entry_othername_to_gn(DNS_entry* dns,
WOLFSSL_GENERAL_NAME* gn)
{
int ret = 0;
WOLFSSL_ASN1_OBJECT* obj;
WOLFSSL_ASN1_TYPE* type;
WOLFSSL_ASN1_STRING* str;
byte tag;
WOLFSSL_ASN1_OBJECT* obj = NULL;
WOLFSSL_ASN1_TYPE* type = NULL;
WOLFSSL_ASN1_STRING* str = NULL;
byte tag = 0;
unsigned char* p = (unsigned char *)dns->name;
long len = dns->len;
@@ -594,7 +564,7 @@ static int wolfssl_dns_entry_othername_to_gn(DNS_entry* dns,
goto err;
}
tag = ASN_UTF8STRING;
tag = V_ASN1_UTF8STRING;
}
else
#endif
@@ -604,39 +574,23 @@ static int wolfssl_dns_entry_othername_to_gn(DNS_entry* dns,
/* Create an object id for general name from DER encoding. */
obj = wolfSSL_d2i_ASN1_OBJECT(NULL, (const unsigned char**)&p, len);
if (obj == NULL) {
if (obj == NULL)
goto err;
}
/* Pointer moved on and now update length of remaining data. */
len -= (long)((size_t)p - (size_t)dns->name);
/* Next is: [0]. Check tag and length. */
if (GetASNTag(p, &idx, &tag, (word32)len) < 0) {
wolfSSL_ASN1_OBJECT_free(obj);
/* Next is "value [0] EXPLICIT ANY DEFINED BY type-id" */
if (GetASNHeader(p, ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 0,
&idx, &nameLen, (word32)len) < 0)
goto err;
}
if (tag != (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 0)) {
wolfSSL_ASN1_OBJECT_free(obj);
goto err;
}
if (GetLength(p, &idx, &nameLen, (word32)len) <= 1) {
wolfSSL_ASN1_OBJECT_free(obj);
goto err;
}
/* Next is a string of some type. */
if (GetASNTag(p, &idx, &tag, (word32)len) < 0) {
wolfSSL_ASN1_OBJECT_free(obj);
goto err;
}
if (GetLength(p, &idx, &nameLen, (word32)len) <= 0) {
wolfSSL_ASN1_OBJECT_free(obj);
goto err;
}
p += idx;
len -= idx;
/* Set the tag to object so that it gets output in raw form */
tag = V_ASN1_SEQUENCE;
}
/* Create a WOLFSSL_ASN1_STRING from the DER. */
str = wolfSSL_ASN1_STRING_type_new(tag);
if (str == NULL) {
@@ -647,11 +601,8 @@ static int wolfssl_dns_entry_othername_to_gn(DNS_entry* dns,
/* Wrap string in a WOLFSSL_ASN1_TYPE. */
type = wolfSSL_ASN1_TYPE_new();
if (type == NULL) {
wolfSSL_ASN1_OBJECT_free(obj);
wolfSSL_ASN1_STRING_free(str);
if (type == NULL)
goto err;
}
wolfSSL_ASN1_TYPE_set(type, tag, str);
/* Store the object and string in general name. */
@@ -660,6 +611,10 @@ static int wolfssl_dns_entry_othername_to_gn(DNS_entry* dns,
ret = 1;
err:
if (ret != 1) {
wolfSSL_ASN1_OBJECT_free(obj);
wolfSSL_ASN1_STRING_free(str);
}
return ret;
}
#endif /* OPENSSL_ALL || WOLFSSL_WPAS_SMALL */
@@ -722,7 +677,7 @@ static int wolfssl_x509_alt_names_to_gn(WOLFSSL_X509* x509,
}
}
if (wolfSSL_sk_GENERAL_NAME_push(sk, gn) != WOLFSSL_SUCCESS) {
if (wolfSSL_sk_GENERAL_NAME_push(sk, gn) <= 0) {
WOLFSSL_MSG("Error pushing onto stack");
wolfSSL_GENERAL_NAME_free(gn);
wolfSSL_sk_pop_free(sk, NULL);
@@ -976,7 +931,8 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
obj->grp = oidCertAuthInfoType;
obj->nid = NID_ad_ca_issuers;
ret = wolfSSL_sk_ASN1_OBJECT_push(sk, obj);
ret = wolfSSL_sk_ASN1_OBJECT_push(sk, obj) > 0
? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
if (ret != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("Error pushing ASN1 object onto stack");
wolfSSL_ASN1_OBJECT_free(obj);
@@ -1011,7 +967,8 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
obj->grp = oidCertAuthInfoType;
obj->nid = NID_ad_OCSP;
ret = wolfSSL_sk_ASN1_OBJECT_push(sk, obj);
ret = wolfSSL_sk_ASN1_OBJECT_push(sk, obj) > 0
? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
if (ret != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("Error pushing ASN1 object onto stack");
wolfSSL_ASN1_OBJECT_free(obj);
@@ -1251,7 +1208,7 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
*/
if (x509->ext_sk == NULL)
x509->ext_sk = wolfSSL_sk_new_x509_ext();
if (wolfSSL_sk_X509_EXTENSION_push(x509->ext_sk, ext) == WOLFSSL_FAILURE) {
if (wolfSSL_sk_insert(x509->ext_sk, ext, -1) <= 0) {
wolfSSL_X509_EXTENSION_free(ext);
ext = NULL;
}
@@ -1813,7 +1770,8 @@ static WOLFSSL_AUTHORITY_INFO_ACCESS* wolfssl_x509v3_ext_aia_d2i(
break;
}
/* Push onto AUTHORITY_INFO_ACCESS stack. */
ret = wolfSSL_sk_ACCESS_DESCRIPTION_push(aia, ad);
ret = wolfSSL_sk_ACCESS_DESCRIPTION_push(aia, ad) > 0
? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
if (ret != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("Error pushing ASN1 AD onto stack");
err = 1;
@@ -2311,8 +2269,7 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c,
}
dns = dns->next;
if (wolfSSL_sk_GENERAL_NAME_push(sk, gn) !=
WOLFSSL_SUCCESS) {
if (wolfSSL_sk_GENERAL_NAME_push(sk, gn) <= 0) {
WOLFSSL_MSG("Error pushing ASN1 object onto stack");
goto err;
}
@@ -2367,13 +2324,13 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c,
/* push GENERAL_NAME onto fullname stack */
if (wolfSSL_sk_GENERAL_NAME_push(dp->distpoint->name.fullname,
gn) != WOLFSSL_SUCCESS) {
gn) <= 0) {
WOLFSSL_MSG("wolfSSL_sk_GENERAL_NAME_push error");
goto err;
}
/* push DIST_POINT onto stack */
if (wolfSSL_sk_DIST_POINT_push(sk, dp) != WOLFSSL_SUCCESS) {
if (wolfSSL_sk_DIST_POINT_push(sk, dp) <= 0) {
WOLFSSL_MSG("Error pushing DIST_POINT onto stack");
goto err;
}
@@ -2488,8 +2445,7 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c,
obj->grp = oidCertExtType;
obj->obj = (byte*)(x509->certPolicies[i]);
obj->objSz = MAX_CERTPOL_SZ;
if (wolfSSL_sk_ASN1_OBJECT_push(sk, obj)
!= WOLFSSL_SUCCESS) {
if (wolfSSL_sk_ASN1_OBJECT_push(sk, obj) <= 0) {
WOLFSSL_MSG("Error pushing ASN1 object onto stack");
wolfSSL_ASN1_OBJECT_free(obj);
wolfSSL_sk_ASN1_OBJECT_pop_free(sk, NULL);
@@ -2565,6 +2521,44 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c,
case EXT_KEY_USAGE_OID:
if (x509->extKeyUsageSrc != NULL) {
const byte* ekuSrc = x509->extKeyUsageSrc;
word32 i;
sk = wolfSSL_sk_new_asn1_obj();
if (sk == NULL) {
WOLFSSL_MSG("Issue creating stack");
return NULL;
}
for (i = 0; i < x509->extKeyUsageCount; i++) {
long ekuSrcLen = (long)(x509->extKeyUsageSz -
(word32)(ekuSrc - x509->extKeyUsageSrc));
WOLFSSL_ASN1_OBJECT* ekuObj = wolfSSL_d2i_ASN1_OBJECT(NULL,
&ekuSrc, ekuSrcLen);
if (ekuObj == NULL) {
wolfSSL_sk_ASN1_OBJECT_pop_free(sk, NULL);
WOLFSSL_MSG("d2i obj error");
return NULL;
}
ekuObj->type = EXT_KEY_USAGE_OID;
ekuObj->grp = oidCertExtType;
/* Push to end to maintain order */
if (wolfSSL_sk_insert(sk, ekuObj, -1) <= 0) {
wolfSSL_ASN1_OBJECT_free(ekuObj);
wolfSSL_sk_ASN1_OBJECT_pop_free(sk, NULL);
WOLFSSL_MSG("d2i obj error");
return NULL;
}
}
if ((word32)(ekuSrc - x509->extKeyUsageSrc)
!= x509->extKeyUsageSz ||
i != x509->extKeyUsageCount) {
wolfSSL_sk_ASN1_OBJECT_pop_free(sk, NULL);
WOLFSSL_MSG("incorrect eku count or buffer not exhausted");
return NULL;
}
if (c != NULL) {
if (x509->extKeyUsageCount > 1) {
*c = -2;
@@ -2573,15 +2567,6 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c,
*c = x509->extKeyUsageCrit;
}
}
obj = wolfSSL_ASN1_OBJECT_new();
if (obj == NULL) {
WOLFSSL_MSG("Issue creating WOLFSSL_ASN1_OBJECT struct");
return NULL;
}
obj->type = EXT_KEY_USAGE_OID;
obj->grp = oidCertExtType;
obj->obj = x509->extKeyUsageSrc;
obj->objSz = x509->extKeyUsageSz;
}
else {
WOLFSSL_MSG("No Extended Key Usage set");
@@ -2628,7 +2613,7 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c,
}
}
if (obj) {
if (wolfSSL_sk_ASN1_OBJECT_push(sk, obj) != WOLFSSL_SUCCESS) {
if (wolfSSL_sk_ASN1_OBJECT_push(sk, obj) <= 0) {
WOLFSSL_MSG("Error pushing ASN1_OBJECT object onto "
"stack.");
goto err;
@@ -2801,7 +2786,7 @@ static WOLFSSL_X509_EXTENSION* createExtFromStr(int nid, const char *value)
WOLFSSL_MSG("wolfSSL_GENERAL_NAME_new error");
goto err_cleanup;
}
if (wolfSSL_sk_GENERAL_NAME_push(gns, gn) != WOLFSSL_SUCCESS) {
if (wolfSSL_sk_GENERAL_NAME_push(gns, gn) <= 0) {
WOLFSSL_MSG("wolfSSL_sk_GENERAL_NAME_push error");
wolfSSL_GENERAL_NAME_free(gn);
goto err_cleanup;
@@ -4464,39 +4449,9 @@ int wolfSSL_GENERAL_NAME_set0_othername(WOLFSSL_GENERAL_NAME* gen,
int wolfSSL_sk_GENERAL_NAME_push(WOLFSSL_GENERAL_NAMES* sk,
WOLFSSL_GENERAL_NAME* gn)
{
WOLFSSL_STACK* node;
WOLFSSL_ENTER("wolfSSL_sk_GENERAL_NAME_push");
if (sk == NULL || gn == NULL) {
return WOLFSSL_FAILURE;
}
/* no previous values in stack */
if (sk->data.gn == NULL) {
sk->data.gn = gn;
sk->num += 1;
return WOLFSSL_SUCCESS;
}
/* stack already has value(s) create a new node and add more */
node = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK), NULL,
DYNAMIC_TYPE_ASN1);
if (node == NULL) {
WOLFSSL_MSG("Memory error");
return WOLFSSL_FAILURE;
}
XMEMSET(node, 0, sizeof(WOLFSSL_STACK));
/* push new obj onto head of stack */
node->type = STACK_TYPE_GEN_NAME;
node->data.gn = sk->data.gn;
node->next = sk->next;
sk->next = node;
sk->data.gn = gn;
sk->num += 1;
return WOLFSSL_SUCCESS;
return wolfSSL_sk_push(sk, gn);
}
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
@@ -5074,19 +5029,9 @@ int wolfSSL_sk_X509_EXTENSION_num(WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk)
/* returns null on failure and pointer to internal value on success */
WOLFSSL_X509_EXTENSION* wolfSSL_sk_X509_EXTENSION_value(
WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk, int idx)
const WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk, int idx)
{
WOLFSSL_STACK* ret;
if (sk == NULL) {
return NULL;
}
ret = wolfSSL_sk_get_node(sk, idx);
if (ret != NULL) {
return ret->data.ext;
}
return NULL;
return (WOLFSSL_X509_EXTENSION*)wolfSSL_sk_value(sk, idx);
}
/* frees all of the nodes and the values in stack */
@@ -5783,6 +5728,37 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b)
return id;
}
const WOLFSSL_ASN1_STRING *wolfSSL_X509_get0_subject_key_id(
WOLFSSL_X509 *x509)
{
WOLFSSL_ASN1_STRING* ret = NULL;
WOLFSSL_ENTER("wolfSSL_X509_get0_subject_key_id");
if (x509 != NULL && x509->subjKeyIdSet) {
if (x509->subjKeyIdStr == NULL) {
x509->subjKeyIdStr = wolfSSL_ASN1_STRING_new();
if (x509->subjKeyIdStr != NULL) {
if (wolfSSL_ASN1_STRING_set(x509->subjKeyIdStr,
x509->subjKeyId, x509->subjKeyIdSz) == 1) {
ret = x509->subjKeyIdStr;
}
else {
wolfSSL_ASN1_STRING_free(x509->subjKeyIdStr);
x509->subjKeyIdStr = NULL;
}
}
}
else {
ret = x509->subjKeyIdStr;
}
}
WOLFSSL_LEAVE("wolfSSL_X509_get0_subject_key_id", ret != NULL);
return ret;
}
#endif /* OPENSSL_EXTRA */
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || \
@@ -7305,8 +7281,7 @@ static int x509AddCertDir(WOLFSSL_BY_DIR *ctx, const char *argc, long argl)
XSTRNCPY(entry->dir_name, buf, pathLen);
entry->dir_name[pathLen] = '\0';
if (wolfSSL_sk_BY_DIR_entry_push(ctx->dir_entry, entry)
!= WOLFSSL_SUCCESS) {
if (wolfSSL_sk_BY_DIR_entry_push(ctx->dir_entry, entry) <= 0) {
wolfSSL_BY_DIR_entry_free(entry);
#ifdef WOLFSSL_SMALL_STACK
XFREE(buf, 0, DYNAMIC_TYPE_OPENSSL);
@@ -8792,7 +8767,7 @@ const WOLFSSL_X509_VERIFY_PARAM *wolfSSL_X509_VERIFY_PARAM_lookup(const char *na
int wolfSSL_X509_VERIFY_PARAM_inherit(WOLFSSL_X509_VERIFY_PARAM *to,
const WOLFSSL_X509_VERIFY_PARAM *from)
{
int ret = WOLFSSL_FAILURE;
int ret = WOLFSSL_SUCCESS;
int isOverWrite = 0;
int isDefault = 0;
unsigned int flags;
@@ -9344,6 +9319,110 @@ int wolfSSL_X509_ALGOR_set0(WOLFSSL_X509_ALGOR *algor, WOLFSSL_ASN1_OBJECT *aobj
return WOLFSSL_SUCCESS;
}
/**
* Serialize object to DER encoding
*
* @param alg Object to serialize
* @param pp Output
* @return Length on success
* Negative number on failure
*/
int wolfSSL_i2d_X509_ALGOR(const WOLFSSL_X509_ALGOR* alg,
unsigned char** pp)
{
int len;
word32 oid = 0;
word32 idx = 0;
unsigned char* buf = NULL;
if (alg == NULL || alg->algorithm == 0) {
WOLFSSL_MSG("alg is NULL or algorithm not set");
return WOLFSSL_FATAL_ERROR;
}
if (GetObjectId(alg->algorithm->obj, &idx, &oid,
(word32)alg->algorithm->grp, alg->algorithm->objSz) < 0) {
WOLFSSL_MSG("Issue getting OID of object");
return WOLFSSL_FATAL_ERROR;
}
len = (int)SetAlgoID((int)oid, NULL, alg->algorithm->grp, 0);
if (len == 0) {
WOLFSSL_MSG("SetAlgoID error");
return WOLFSSL_FATAL_ERROR;
}
if (pp != NULL) {
if (*pp != NULL)
buf = *pp;
else {
buf = (byte*)XMALLOC((size_t)len, NULL, DYNAMIC_TYPE_ASN1);
if (buf == NULL)
return WOLFSSL_FATAL_ERROR;
}
len = (int)SetAlgoID((int)oid, buf, alg->algorithm->grp, 0);
if (len == 0) {
WOLFSSL_MSG("SetAlgoID error");
if (*pp == NULL)
XFREE(buf, NULL, DYNAMIC_TYPE_ASN1);
return WOLFSSL_FATAL_ERROR;
}
if (*pp != NULL)
*pp += len;
else
*pp = buf;
}
return len;
}
WOLFSSL_X509_ALGOR* wolfSSL_d2i_X509_ALGOR(WOLFSSL_X509_ALGOR** out,
const byte** src, long len)
{
WOLFSSL_X509_ALGOR* ret = NULL;
word32 idx = 0;
word32 oid = 0;
int grp;
WOLFSSL_ENTER("wolfSSL_d2i_X509_ALGOR");
if (src == NULL || *src == NULL || len == 0)
return NULL;
if (GetAlgoId(*src, &idx, &oid, oidIgnoreType, (word32)len) != 0)
return NULL;
/* Try to guess the type */
for (grp = 0; grp < oidIgnoreType; grp++) {
word32 oidSz;
if (OidFromId(oid, (word32)grp, &oidSz) != NULL)
break;
}
if (grp == oidIgnoreType)
return NULL;
ret = wolfSSL_X509_ALGOR_new();
if (ret == NULL)
return NULL;
ret->algorithm = wolfSSL_OBJ_nid2obj(oid2nid(oid, grp));
if (ret->algorithm == NULL) {
wolfSSL_X509_ALGOR_free(ret);
return NULL;
}
*src += idx;
if (out != NULL) {
if (*out != NULL)
wolfSSL_X509_ALGOR_free(*out);
*out = ret;
}
return ret;
}
/**
* Allocate a new WOLFSSL_X509_PUBKEY object.
*
@@ -11851,8 +11930,7 @@ err:
ret = MEMORY_E;
break;
}
if (wolfSSL_sk_X509_INFO_push(localSk, current) !=
WOLFSSL_SUCCESS) {
if (wolfSSL_sk_X509_INFO_push(localSk, current) <= 0) {
wolfSSL_X509_INFO_free(current);
current = NULL;
ret = WOLFSSL_FAILURE;
@@ -12229,8 +12307,7 @@ WOLFSSL_ASN1_OBJECT* wolfSSL_X509_NAME_ENTRY_get_object(
if (name->entries == NULL) {
name->entries = wolfSSL_sk_X509_NAME_new(NULL);
}
if (wolfSSL_sk_X509_NAME_ENTRY_push(name->entries, current
) != WOLFSSL_SUCCESS) {
if (wolfSSL_sk_X509_NAME_ENTRY_push(name->entries, current) <= 0) {
ret = WOLFSSL_FAILURE;
}
#endif
@@ -12861,7 +12938,7 @@ WOLF_STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_dup_CA_list(
for (i = 0; i < num; i++) {
name = wolfSSL_X509_NAME_dup(wolfSSL_sk_X509_NAME_value(sk, i));
if (name == NULL || WOLFSSL_SUCCESS != wolfSSL_sk_X509_NAME_push(copy, name)) {
if (name == NULL || wolfSSL_sk_X509_NAME_push(copy, name) <= 0) {
WOLFSSL_MSG("Memory error");
wolfSSL_sk_X509_NAME_pop_free(copy, wolfSSL_X509_NAME_free);
wolfSSL_X509_NAME_free(name);
@@ -13259,6 +13336,28 @@ void wolfSSL_X509_OBJECT_free(WOLFSSL_X509_OBJECT *obj)
XFREE(obj, NULL, DYNAMIC_TYPE_OPENSSL);
}
}
WOLFSSL_X509_OBJECT *wolfSSL_X509_OBJECT_retrieve_by_subject(
WOLF_STACK_OF(WOLFSSL_X509_OBJECT) *sk,
WOLFSSL_X509_LOOKUP_TYPE type,
WOLFSSL_X509_NAME *name)
{
int i;
WOLFSSL_ENTER("wolfSSL_X509_OBJECT_retrieve_by_subject");
if (sk == NULL || name == NULL)
return NULL;
for (i = 0; i < wolfSSL_sk_X509_OBJECT_num(sk); i++) {
WOLFSSL_X509_OBJECT* obj = wolfSSL_sk_X509_OBJECT_value(sk, i);
if (obj != NULL && obj->type == type &&
wolfSSL_X509_NAME_cmp(
wolfSSL_X509_get_subject_name(obj->data.x509), name) == 0)
return obj;
}
return NULL;
}
#endif /* OPENSSL_ALL */
#ifndef NO_WOLFSSL_STUB
@@ -14482,8 +14581,10 @@ int wolfSSL_X509_REQ_add1_attr_by_NID(WOLFSSL_X509 *req,
req->reqAttributes->type = STACK_TYPE_X509_REQ_ATTR;
}
}
if (req->reqAttributes->type == STACK_TYPE_X509_REQ_ATTR)
ret = wolfSSL_sk_push(req->reqAttributes, attr);
if (req->reqAttributes->type == STACK_TYPE_X509_REQ_ATTR) {
ret = wolfSSL_sk_push(req->reqAttributes, attr) > 0
? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
}
else
ret = WOLFSSL_FAILURE;
if (ret != WOLFSSL_SUCCESS)

32
src/x509_str.c
View File

@@ -221,6 +221,10 @@ int GetX509Error(int e)
case WC_NO_ERR_TRACE(ASN_SIG_HASH_E):
case WC_NO_ERR_TRACE(ASN_SIG_KEY_E):
return WOLFSSL_X509_V_ERR_CERT_SIGNATURE_FAILURE;
/* We can't disambiguate if its the before or after date that caused
* the error. Assume expired. */
case WC_NO_ERR_TRACE(CRL_CERT_DATE_ERR):
return X509_V_ERR_CRL_HAS_EXPIRED;
case WC_NO_ERR_TRACE(CRL_CERT_REVOKED):
return WOLFSSL_X509_V_ERR_CERT_REVOKED;
case WC_NO_ERR_TRACE(CRL_MISSING):
@@ -537,7 +541,7 @@ WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get_chain(WOLFSSL_X509_STORE_CTX* ctx)
* signed and that a issuer was found */
if (issuer != NULL && wolfSSL_X509_NAME_cmp(&x509->issuer,
&x509->subject) != 0) {
if (wolfSSL_sk_X509_push(sk, issuer) != WOLFSSL_SUCCESS) {
if (wolfSSL_sk_X509_push(sk, issuer) <= 0) {
WOLFSSL_MSG("Unable to load CA x509 into stack");
error = 1;
}
@@ -569,7 +573,7 @@ WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get_chain(WOLFSSL_X509_STORE_CTX* ctx)
break;
}
if (wolfSSL_sk_X509_push(sk, x509) != WOLFSSL_SUCCESS) {
if (wolfSSL_sk_X509_push(sk, x509) <= 0) {
WOLFSSL_MSG("Unable to load x509 into stack");
wolfSSL_X509_free(x509);
error = 1;
@@ -688,13 +692,13 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_STORE_get1_certs(
if (certToFilterName != NULL) {
if (wolfSSL_X509_NAME_cmp(certToFilterName, name) == 0) {
filteredCert = wolfSSL_X509_dup(certToFilter->data.x509);
if (filteredCert == NULL) {
if (filteredCert == NULL ||
wolfSSL_sk_X509_push(filteredCerts, filteredCert)
<= 0) {
err = 1;
wolfSSL_X509_free(filteredCert);
break;
}
else {
wolfSSL_sk_X509_push(filteredCerts, filteredCert);
}
}
}
certToFilter = certToFilter->next;
@@ -1248,7 +1252,7 @@ WOLFSSL_STACK* wolfSSL_X509_STORE_GetCerts(WOLFSSL_X509_STORE_CTX* s)
if (CopyDecodedToX509(x509, dCert) == 0) {
if (wolfSSL_sk_X509_push(sk, x509) != WOLFSSL_SUCCESS) {
if (wolfSSL_sk_X509_push(sk, x509) <= 0) {
WOLFSSL_MSG("Unable to load x509 into stack");
wolfSSL_X509_free(x509);
goto error;
@@ -1327,7 +1331,7 @@ WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* wolfSSL_X509_STORE_get0_objects(
WOLFSSL_MSG("wolfSSL_X509_OBJECT_new error");
goto err_cleanup;
}
if (wolfSSL_sk_X509_OBJECT_push(ret, obj) != WOLFSSL_SUCCESS) {
if (wolfSSL_sk_X509_OBJECT_push(ret, obj) <= 0) {
WOLFSSL_MSG("wolfSSL_sk_X509_OBJECT_push error");
wolfSSL_X509_OBJECT_free(obj);
goto err_cleanup;
@@ -1345,7 +1349,7 @@ WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* wolfSSL_X509_STORE_get0_objects(
WOLFSSL_MSG("wolfSSL_X509_OBJECT_new error");
goto err_cleanup;
}
if (wolfSSL_sk_X509_OBJECT_push(ret, obj) != WOLFSSL_SUCCESS) {
if (wolfSSL_sk_X509_OBJECT_push(ret, obj) <= 0) {
WOLFSSL_MSG("wolfSSL_sk_X509_OBJECT_push error");
wolfSSL_X509_OBJECT_free(obj);
goto err_cleanup;
@@ -1379,6 +1383,16 @@ WOLFSSL_X509_VERIFY_PARAM *wolfSSL_X509_STORE_get0_param(
return NULL;
return ctx->param;
}
#ifdef OPENSSL_EXTRA
int wolfSSL_X509_STORE_set1_param(WOLFSSL_X509_STORE *ctx,
WOLFSSL_X509_VERIFY_PARAM *param)
{
if (ctx == NULL)
return WOLFSSL_FAILURE;
return wolfSSL_X509_VERIFY_PARAM_set1(ctx->param, param);
}
#endif
#endif
/*******************************************************************************