diff --git a/src/bio.c b/src/bio.c index 02ac5b353..626384acd 100644 --- a/src/bio.c +++ b/src/bio.c @@ -1684,6 +1684,10 @@ int wolfSSL_BIO_get_mem_data(WOLFSSL_BIO* bio, void* p) if (bio == NULL) return WOLFSSL_FATAL_ERROR; + /* Return pointer from last BIO in chain */ + while (bio->next) + bio = bio->next; + if (p) { *(byte**)p = (byte*)bio->ptr; } diff --git a/src/ssl.c b/src/ssl.c index 65fe18772..c349fbad3 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -48732,7 +48732,10 @@ int wolfSSL_PKCS7_verify(PKCS7* pkcs7, WOLFSSL_STACK* certs, int wolfSSL_PKCS7_encode_certs(PKCS7* pkcs7, WOLFSSL_STACK* certs, WOLFSSL_BIO* out) { + int ret; PKCS7* p7; + WC_RNG rng; + byte cleanRng = 0; WOLFSSL_ENTER("wolfSSL_PKCS7_encode_certs"); @@ -48743,6 +48746,28 @@ int wolfSSL_PKCS7_encode_certs(PKCS7* pkcs7, WOLFSSL_STACK* certs, p7 = &((WOLFSSL_PKCS7*)pkcs7)->pkcs7; + if (p7->certList) { + WOLFSSL_MSG("wolfSSL_PKCS7_encode_certs called multiple times on same " + "struct"); + return WOLFSSL_FAILURE; + } + + if (certs) { + /* Save some of the values */ + int hashOID = p7->hashOID; + byte version = p7->version; + + if (wc_PKCS7_InitWithCert(p7, certs->data.x509->derCert->buffer, + certs->data.x509->derCert->length) != 0) { + WOLFSSL_MSG("wc_PKCS7_InitWithCert error"); + return WOLFSSL_FAILURE; + } + certs = certs->next; + + p7->hashOID = hashOID; + p7->version = version; + } + /* Add the certs to the PKCS7 struct */ while (certs) { if (wc_PKCS7_AddCertificate(p7, certs->data.x509->derCert->buffer, @@ -48753,7 +48778,28 @@ int wolfSSL_PKCS7_encode_certs(PKCS7* pkcs7, WOLFSSL_STACK* certs, certs = certs->next; } - return wolfSSL_i2d_PKCS7_bio(out, p7); + if (wc_PKCS7_SetSignerIdentifierType(p7, DEGENERATE_SID) != 0) { + WOLFSSL_MSG("wc_PKCS7_SetSignerIdentifierType error"); + return WOLFSSL_FAILURE; + } + + if (!p7->rng) { + if (wc_InitRng(&rng) != 0) { + WOLFSSL_MSG("wc_InitRng error"); + return WOLFSSL_FAILURE; + } + p7->rng = &rng; + cleanRng = 1; + } + + ret = wolfSSL_i2d_PKCS7_bio(out, p7); + + if (cleanRng) { + wc_FreeRng(&rng); + p7->rng = NULL; + } + + return ret; } #endif /* !NO_BIO */ diff --git a/wolfcrypt/src/hash.c b/wolfcrypt/src/hash.c index e5d619703..b02caaec2 100644 --- a/wolfcrypt/src/hash.c +++ b/wolfcrypt/src/hash.c @@ -625,7 +625,7 @@ int wc_HashUpdate(wc_HashAlg* hash, enum wc_HashType type, const byte* data, { int ret = HASH_TYPE_E; /* Default to hash type error */ - if (hash == NULL || data == NULL) + if (hash == NULL || (data == NULL && dataSz > 0)) return BAD_FUNC_ARG; switch (type) { diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index 7dbd4aace..471961588 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -1151,6 +1151,7 @@ int wc_PKCS7_AddCertificate(PKCS7* pkcs7, byte* derCert, word32 derCertSz) DYNAMIC_TYPE_PKCS7); if (cert == NULL) return MEMORY_E; + XMEMSET(cert, 0, sizeof(Pkcs7Cert)); cert->der = derCert; cert->derSz = derCertSz; @@ -2268,8 +2269,8 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd, byte signingTime[MAX_TIME_STRING_SZ]; - if (pkcs7 == NULL || pkcs7->contentSz == 0 || - pkcs7->encryptOID == 0 || pkcs7->hashOID == 0 || pkcs7->rng == 0 || + if (pkcs7 == NULL || (pkcs7->contentSz > 0 && pkcs7->content == NULL) || + pkcs7->hashOID == 0 || output == NULL || outputSz == NULL || *outputSz == 0 || hashSz == 0 || hashBuf == NULL) { return BAD_FUNC_ARG; @@ -2746,7 +2747,7 @@ int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz) #endif /* other args checked in wc_PKCS7_EncodeSigned_ex */ - if (pkcs7 == NULL || pkcs7->contentSz == 0 || pkcs7->content == NULL) { + if (pkcs7 == NULL || (pkcs7->contentSz > 0 && pkcs7->content == NULL)) { return BAD_FUNC_ARG; } diff --git a/wolfssl/openssl/include.am b/wolfssl/openssl/include.am index 716b1d0ea..8a1209429 100644 --- a/wolfssl/openssl/include.am +++ b/wolfssl/openssl/include.am @@ -47,6 +47,7 @@ nobase_include_HEADERS+= \ wolfssl/openssl/ssl.h \ wolfssl/openssl/stack.h \ wolfssl/openssl/tls1.h \ + wolfssl/openssl/txt_db.h \ wolfssl/openssl/ui.h \ wolfssl/openssl/x509.h \ wolfssl/openssl/x509_vfy.h \ diff --git a/wolfssl/openssl/txt_db.h b/wolfssl/openssl/txt_db.h new file mode 100644 index 000000000..4fb940026 --- /dev/null +++ b/wolfssl/openssl/txt_db.h @@ -0,0 +1,27 @@ +/* txt_db.h + * + * Copyright (C) 2006-2020 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFSSL_TXT_DB_H_ +#define WOLFSSL_TXT_DB_H_ + + + +#endif /* WOLFSSL_TXT_DB_H_ */ diff --git a/wolfssl/openssl/x509.h b/wolfssl/openssl/x509.h index 349dd089c..dd98f3d30 100644 --- a/wolfssl/openssl/x509.h +++ b/wolfssl/openssl/x509.h @@ -24,4 +24,9 @@ #define X509_FLAG_NO_IDS (1UL << 12) #define XN_FLAG_FN_SN 0 -#define XN_FLAG_SEP_CPLUS_SPC 2 +#define XN_FLAG_ONELINE 0 +#define XN_FLAG_RFC2253 1 +#define XN_FLAG_SEP_CPLUS_SPC (2 << 16) +#define XN_FLAG_SEP_SPLUS_SPC (3 << 16) +#define XN_FLAG_DN_REV (1 << 20) +#define XN_FLAG_SPC_EQ (1 << 23) diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index a57353eae..c6f72bb94 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1816,12 +1816,6 @@ enum { X509_R_CERT_ALREADY_IN_HASH_TABLE, - XN_FLAG_SPC_EQ = (1 << 23), - XN_FLAG_SEP_CPLUS_SPC = (2 << 16), - XN_FLAG_ONELINE = 0, - XN_FLAG_RFC2253 = 1, - XN_FLAG_DN_REV = (1 << 20), - CRYPTO_LOCK = 1, CRYPTO_NUM_LOCKS = 10,