wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-03-07 00:54:02 +01:00
Code Issues Packages Projects Releases Wiki Activity

add GENERAL NAME stack functions and fix WOLFSSL_BIO free with files

Browse Source
This commit is contained in:
Jacob Barthelmeh
2017-04-10 17:27:24 -06:00
parent 6455801518
commit db3badb73a
9 changed files with 251 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/bio.c
View File

@@ -671,14 +671,20 @@ size_t wolfSSL_BIO_ctrl_pending(WOLFSSL_BIO *bio)
long wolfSSL_BIO_get_mem_ptr(WOLFSSL_BIO *bio, WOLFSSL_BUF_MEM **ptr)
{
WOLFSSL_ENTER("BIO_get_mem_ptr");
WOLFSSL_ENTER("wolfSSL_BIO_get_mem_ptr");
if (bio == NULL || ptr == NULL) {
return WOLFSSL_FAILURE;
}
*ptr = (WOLFSSL_BUF_MEM*)(bio->mem);
return WOLFSSL_SUCCESS;
if (bio->type == WOLFSSL_BIO_FILE) {
WOLFSSL_MSG("NO memory buffer for FILE type");
return SSL_FAILURE;
}
*ptr = bio->mem_buf;
return SSL_SUCCESS;
}
/*** TBD ***/

37
src/internal.c
View File

@@ -7628,6 +7628,43 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
dCert->weOwnAltNames = 0;
x509->altNamesNext = x509->altNames; /* index hint */
#ifdef OPENSSL_EXTRA
/* add copies of alternate emails from dCert to X509 */
if (dCert->altEmailNames != NULL) {
DNS_entry* cur = dCert->altEmailNames;
while (cur != NULL) {
if (cur->type == ASN_RFC822_TYPE) {
DNS_entry* dnsEntry;
int strLen = XSTRLEN(cur->name);
dnsEntry = (DNS_entry*)XMALLOC(sizeof(DNS_entry), x509->heap,
DYNAMIC_TYPE_ALTNAME);
if (dnsEntry == NULL) {
WOLFSSL_MSG("\tOut of Memory");
return MEMORY_E;
}
dnsEntry->type = ASN_RFC822_TYPE;
dnsEntry->name = (char*)XMALLOC(strLen + 1, x509->heap,
DYNAMIC_TYPE_ALTNAME);
if (dnsEntry->name == NULL) {
WOLFSSL_MSG("\tOut of Memory");
XFREE(dnsEntry, x509->heap, DYNAMIC_TYPE_ALTNAME);
return MEMORY_E;
}
XMEMCPY(dnsEntry->name, cur->name, strLen);
dnsEntry->name[strLen] = '\0';
dnsEntry->next = x509->altNames;
x509->altNames = dnsEntry;
}
cur = cur->next;
}
}
#endif
x509->isCa = dCert->isCA;
#ifdef OPENSSL_EXTRA
x509->pathLength = dCert->pathLength;

74
src/ssl.c
View File

@@ -7263,7 +7263,7 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509,
case ALT_NAMES_OID:
{
DNS_entry* dns;
DNS_entry* dns = NULL;
if (x509->subjAltNameSet && x509->altNames != NULL) {
/* alt names are DNS_entry structs */
@@ -7279,8 +7279,12 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509,
dns = x509->altNames;
while (dns != NULL) {
obj = wolfSSL_ASN1_OBJECT_new();
obj->type = ALT_NAMES_OID;
obj->type = dns->type;
obj->obj = (byte*)dns->name;
/* set app derefrenced pointers */
obj->d.ia5_internal.data = dns->name;
obj->d.ia5_internal.length = XSTRLEN(dns->name);
dns = dns->next;
/* last dns in list add at end of function */
if (dns != NULL) {
@@ -12055,14 +12059,16 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
XMEMSET(bio, 0, sizeof(WOLFSSL_BIO));
bio->type = method->type;
bio->close = BIO_CLOSE; /* default to close things */
bio->mem_buf = (WOLFSSL_BUF_MEM*)XMALLOC(sizeof(WOLFSSL_BUF_MEM),
if (method->type != WOLFSSL_BIO_FILE) {
bio->mem_buf =(WOLFSSL_BUF_MEM*)XMALLOC(sizeof(WOLFSSL_BUF_MEM),
0, DYNAMIC_TYPE_OPENSSL);
if (bio->mem_buf == NULL) {
WOLFSSL_MSG("Memory error");
wolfSSL_BIO_free(bio);
return NULL;
if (bio->mem_buf == NULL) {
WOLFSSL_MSG("Memory error");
wolfSSL_BIO_free(bio);
return NULL;
}
bio->mem_buf->data = (char*)bio->mem;
}
bio->mem_buf->data = (char*)bio->mem;
}
return bio;
}
@@ -12147,9 +12153,17 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
#endif
if (bio->close != BIO_NOCLOSE) {
if (bio->mem_buf->data != (char*)bio->mem && bio->mem != NULL) {
XFREE(bio->mem, bio->heap, DYNAMIC_TYPE_OPENSSL);
bio->mem = NULL;
if (bio->mem != NULL) {
if (bio->mem_buf != NULL) {
if (bio->mem_buf->data != (char*)bio->mem) {
XFREE(bio->mem, bio->heap, DYNAMIC_TYPE_OPENSSL);
bio->mem = NULL;
}
}
else {
XFREE(bio->mem, bio->heap, DYNAMIC_TYPE_OPENSSL);
bio->mem = NULL;
}
}
if (bio->mem_buf != NULL) {
wolfSSL_BUF_MEM_free(bio->mem_buf);
@@ -16068,6 +16082,43 @@ int wolfSSL_sk_GENERAL_NAME_num(WOLFSSL_STACK* sk)
return (int)sk->num;
}
/* Frees all nodes in a GENERAL NAME stack
*
* sk stack of nodes to free
* f free function to use, not called with wolfSSL
*/
void wolfSSL_sk_GENERAL_NAME_pop_free(WOLFSSL_STACK* sk,
void f (WOLFSSL_ASN1_OBJECT*))
{
WOLFSSL_STACK* node;
WOLFSSL_ENTER("wolfSSL_sk_GENERAL_NAME_pop_free");
(void)f;
if (sk == NULL) {
return;
}
/* parse through stack freeing each node */
node = sk->next;
while (sk->num > 1) {
WOLFSSL_STACK* tmp = node;
node = node->next;
wolfSSL_ASN1_OBJECT_free(tmp->data.obj);
XFREE(tmp, NULL, DYNAMIC_TYPE_ASN1);
sk->num -= 1;
}
/* free head of stack */
if (sk->num == 1) {
wolfSSL_ASN1_OBJECT_free(sk->data.obj);
}
XFREE(sk, NULL, DYNAMIC_TYPE_ASN1);
}
#endif /* OPENSSL_EXTRA */
/* Wraps wolfSSL_X509_d2i
@@ -16438,6 +16489,7 @@ WOLFSSL_ASN1_OBJECT* wolfSSL_ASN1_OBJECT_new(void)
}
XMEMSET(obj, 0, sizeof(WOLFSSL_ASN1_OBJECT));
obj->d.ia5 = &(obj->d.ia5_internal);
return obj;
}

58
tests/api.c
View File

@@ -15819,6 +15819,63 @@ static void test_wolfSSL_d2i_PUBKEY(void)
#endif
}
static void test_wolfSSL_sk_GENERAL_NAME(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
!defined(NO_RSA)
X509* x509;
unsigned char buf[4096];
const unsigned char* bufPt;
int bytes;
XFILE f;
STACK_OF(GENERAL_NAME)* sk;
printf(testingFmt, "wolfSSL_sk_GENERAL_NAME()");
AssertNotNull(f = XFOPEN(cliCertDerFile, "rb"));
AssertIntGT((bytes = XFREAD(buf, 1, sizeof(buf), f)), 0);
XFCLOSE(f);
bufPt = buf;
AssertNotNull(x509 = d2i_X509(NULL, &bufPt, bytes));
/* current cert has no alt names */
AssertNull(sk = X509_get_ext_d2i(x509, NID_subject_alt_name, NULL, NULL));
AssertIntEQ(sk_GENERAL_NAME_num(sk), 0);
#if 0
for (i = 0; i < sk_GENERAL_NAME_num(sk); i++) {
GENERAL_NAME* gn = sk_GENERAL_NAME_value(sk, i);
if (gn == NULL) {
printf("massive falure\n");
return -1;
}
if (gn->type == GEN_DNS) {
printf("found type GEN_DNS\n");
printf("length = %d\n", gn->d.ia5->length);
printf("data = %s\n", (char*)gn->d.ia5->data);
}
if (gn->type == GEN_EMAIL) {
printf("found type GEN_EMAIL\n");
printf("length = %d\n", gn->d.ia5->length);
printf("data = %s\n", (char*)gn->d.ia5->data);
}
if (gn->type == GEN_URI) {
printf("found type GEN_URI\n");
printf("length = %d\n", gn->d.ia5->length);
printf("data = %s\n", (char*)gn->d.ia5->data);
}
}
#endif
X509_free(x509);
sk_GENERAL_NAME_pop_free(sk, GENERAL_NAME_free);
printf(resultFmt, passed);
#endif
}
static void test_no_op_functions(void)
{
@@ -16640,6 +16697,7 @@ void ApiTest(void)
test_wolfSSL_BIO_write();
test_wolfSSL_SESSION();
test_wolfSSL_DES_ecb_encrypt();
test_wolfSSL_sk_GENERAL_NAME();
/* test the no op functions for compatibility */
test_no_op_functions();

44
wolfcrypt/src/asn.c
View File

@@ -3963,6 +3963,7 @@ static int GetName(DecodedCert* cert, int nameType)
WOLFSSL_MSG("\tOut of Memory");
return MEMORY_E;
}
emailName->type = 0;
emailName->name = (char*)XMALLOC(adv + 1,
cert->heap, DYNAMIC_TYPE_ALTNAME);
if (emailName->name == NULL) {
@@ -5362,6 +5363,7 @@ static int DecodeAltNames(byte* input, int sz, DecodedCert* cert)
return MEMORY_E;
}
dnsEntry->type = ASN_DNS_TYPE;
dnsEntry->name = (char*)XMALLOC(strLen + 1, cert->heap,
DYNAMIC_TYPE_ALTNAME);
if (dnsEntry->name == NULL) {
@@ -5398,6 +5400,7 @@ static int DecodeAltNames(byte* input, int sz, DecodedCert* cert)
return MEMORY_E;
}
emailEntry->type = ASN_RFC822_TYPE;
emailEntry->name = (char*)XMALLOC(strLen + 1, cert->heap,
DYNAMIC_TYPE_ALTNAME);
if (emailEntry->name == NULL) {
@@ -5415,8 +5418,45 @@ static int DecodeAltNames(byte* input, int sz, DecodedCert* cert)
length -= strLen;
idx += strLen;
}
#endif /* IGNORE_NAME_CONSTRAINTS */
#ifdef WOLFSSL_SEP
else if (b == (ASN_CONTEXT_SPECIFIC | ASN_URI_TYPE)) {
DNS_entry* uriEntry;
int strLen;
word32 lenStartIdx = idx;
WOLFSSL_MSG("\tPutting URI into list but not using");
if (GetLength(input, &idx, &strLen, sz) < 0) {
WOLFSSL_MSG("\tfail: str length");
return ASN_PARSE_E;
}
length -= (idx - lenStartIdx);
uriEntry = (DNS_entry*)XMALLOC(sizeof(DNS_entry), cert->heap,
DYNAMIC_TYPE_ALTNAME);
if (uriEntry == NULL) {
WOLFSSL_MSG("\tOut of Memory");
return MEMORY_E;
}
uriEntry->type = ASN_URI_TYPE;
uriEntry->name = (char*)XMALLOC(strLen + 1, cert->heap,
DYNAMIC_TYPE_ALTNAME);
if (uriEntry->name == NULL) {
WOLFSSL_MSG("\tOut of Memory");
XFREE(uriEntry, cert->heap, DYNAMIC_TYPE_ALTNAME);
return MEMORY_E;
}
XMEMCPY(uriEntry->name, &input[idx], strLen);
uriEntry->name[strLen] = '\0';
uriEntry->next = cert->altNames;
cert->altNames = uriEntry;
length -= strLen;
idx += strLen;
}
#endif /* IGNORE_NAME_CONSTRAINTS */
#ifdef WOLFSSL_SEP
else if (b == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | ASN_OTHER_TYPE))
{
int strLen;

15
wolfssl/openssl/ssl.h
View File

@@ -104,6 +104,8 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
#define CRYPTO_EX_dup WOLFSSL_CRYPTO_EX_dup
#define CRYPTO_EX_free WOLFSSL_CRYPTO_EX_free
#define STACK_OF(x) WOLFSSL_STACK
/* this function was used to set the default malloc, free, and realloc */
#define CRYPTO_malloc_init() /* CRYPTO_malloc_init is not needed */
@@ -581,6 +583,12 @@ enum {
NID_anyExtendedKeyUsage = 76,
};
enum {
GEN_DNS = 0x02, /* ASN_DNS_TYPE */
GEN_EMAIL = 0x01, /* ASN_RFC822_TYPE */
GEN_URI = 0x06 /* ASN_URI_TYPE */
};
#define PEM_write_bio_X509_REQ wolfSSL_PEM_write_bio_X509_REQ
#define PEM_write_bio_X509_AUX wolfSSL_PEM_write_bio_X509_AUX
@@ -699,7 +707,8 @@ enum {
#define X509_V_FLAG_USE_CHECK_TIME WOLFSSL_USE_CHECK_TIME
#define X509_V_FLAG_NO_CHECK_TIME WOLFSSL_NO_CHECK_TIME
#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX)
#define SSL3_RANDOM_SIZE 32 /* same as RAN_LEN in internal.h */
#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(OPENSSL_EXTRA)
#include <wolfssl/openssl/asn1.h>
#define SSL2_VERSION 0x0002
@@ -717,6 +726,7 @@ enum {
#define SSL_alert_type_string_long wolfSSL_alert_type_string_long
#define SSL_CIPHER_get_bits wolfSSL_CIPHER_get_bits
#define sk_X509_NAME_num wolfSSL_sk_X509_NAME_num
#define sk_GENERAL_NAME_num wolfSSL_sk_GENERAL_NAME_num
#define sk_X509_num wolfSSL_sk_X509_num
#define X509_NAME_print_ex wolfSSL_X509_NAME_print_ex
#define X509_get0_pubkey_bitstr wolfSSL_X509_get0_pubkey_bitstr
@@ -731,6 +741,7 @@ enum {
#define sk_X509_NAME_value wolfSSL_sk_X509_NAME_value
#define sk_X509_value wolfSSL_sk_X509_value
#define sk_GENERAL_NAME_value wolfSSL_sk_GENERAL_NAME_value
#define SSL_SESSION_get_ex_data wolfSSL_SESSION_get_ex_data
#define SSL_SESSION_set_ex_data wolfSSL_SESSION_set_ex_data
#define SSL_SESSION_get_ex_new_index wolfSSL_SESSION_get_ex_new_index
@@ -739,6 +750,8 @@ enum {
typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING;
#define X509_STORE_get1_certs wolfSSL_X509_STORE_get1_certs
#define sk_X509_pop_free wolfSSL_sk_X509_pop_free
#define sk_GENERAL_NAME_pop_free wolfSSL_sk_GENERAL_NAME_pop_free
#define GENERAL_NAME_free NULL
#define SSL3_AL_FATAL 2
#define SSL_TLSEXT_ERR_OK 0

31
wolfssl/ssl.h
View File

@@ -192,6 +192,28 @@ struct WOLFSSL_ASN1_TIME {
/* ASN_TIME | LENGTH | date bytes */
};
struct WOLFSSL_ASN1_STRING {
int length;
int type; /* type of string i.e. CTC_UTF8 */
char* data;
long flags;
};
#define WOLFSSL_MAX_SNAME 40
struct WOLFSSL_ASN1_OBJECT {
void* heap;
unsigned char* obj;
/* sName is short name i.e sha256 rather than oid (null terminated) */
char sName[WOLFSSL_MAX_SNAME];
int type; /* oid */
unsigned int objSz;
unsigned char dynamic; /* if 1 then obj was dynamiclly created, 0 otherwise */
struct d { /* derefrenced */
WOLFSSL_ASN1_STRING ia5_internal;
WOLFSSL_ASN1_STRING* ia5; /* points to ia5_internal */
} d;
};
struct WOLFSSL_EVP_PKEY {
void* heap;
int type; /* openssh dereference */
@@ -677,6 +699,8 @@ WOLFSSL_API void wolfSSL_sk_X509_free(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk);
WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_sk_GENERAL_NAME_value(
WOLFSSL_STACK* sk, int i);
WOLFSSL_API int wolfSSL_sk_GENERAL_NAME_num(WOLFSSL_STACK* sk);
WOLFSSL_API void wolfSSL_sk_GENERAL_NAME_pop_free(WOLFSSL_STACK* sk,
void f (WOLFSSL_ASN1_OBJECT*));
WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_ASN1_OBJECT_new(void);
WOLFSSL_API void wolfSSL_ASN1_OBJECT_free(WOLFSSL_ASN1_OBJECT* obj);
WOLFSSL_API int wolfSSL_sk_ASN1_OBJECT_push(WOLF_STACK_OF(WOLFSSL_ASN1_OBJEXT)* sk,
@@ -2500,13 +2524,6 @@ struct WOLFSSL_ASN1_BIT_STRING {
long flags;
};
struct WOLFSSL_ASN1_STRING {
int length;
int type; /* type of string i.e. CTC_UTF8 */
char* data;
long flags;
};
#include <wolfssl/openssl/asn1.h>
struct WOLFSSL_X509_NAME_ENTRY {

2
wolfssl/test.h
View File

@@ -265,6 +265,7 @@
#define svrCertFile "certs/server-cert.pem"
#define svrKeyFile "certs/server-key.pem"
#define cliCertFile "certs/client-cert.pem"
#define cliCertDerFile "certs/client-cert.der"
#define cliKeyFile "certs/client-key.pem"
#define ntruCertFile "certs/ntru-cert.pem"
#define ntruKeyFile "certs/ntru-key.raw"
@@ -284,6 +285,7 @@
#define svrCertFile "./certs/server-cert.pem"
#define svrKeyFile "./certs/server-key.pem"
#define cliCertFile "./certs/client-cert.pem"
#define cliCertDerFile "./certs/client-cert.der"
#define cliKeyFile "./certs/client-key.pem"
#define ntruCertFile "./certs/ntru-cert.pem"
#define ntruKeyFile "./certs/ntru-key.raw"

13
wolfssl/wolfcrypt/asn.h
View File

@@ -81,6 +81,7 @@ enum ASN_Tags {
ASN_RFC822_TYPE = 0x01,
ASN_DNS_TYPE = 0x02,
ASN_DIR_TYPE = 0x04,
ASN_URI_TYPE = 0x06, /* the value 6 is from GeneralName OID */
ASN_GENERALIZED_TIME = 0x18,
CRL_EXTENSIONS = 0xa0,
ASN_EXTENSIONS = 0xa3,
@@ -407,6 +408,7 @@ typedef struct DNS_entry DNS_entry;
struct DNS_entry {
DNS_entry* next; /* next on DNS list */
int type; /* i.e. ASN_DNS_TYPE */
char* name; /* actual DNS name */
};
@@ -662,17 +664,6 @@ struct DecodedCert {
SignatureCtx sigCtx;
};
#define WOLFSSL_MAX_SNAME 40
struct WOLFSSL_ASN1_OBJECT {
void* heap;
byte* obj;
/* sName is short name i.e sha256 rather than oid (null terminated) */
char sName[WOLFSSL_MAX_SNAME];
int type; /* oid */
word32 objSz;
byte dynamic; /* if 1 then obj was dynamiclly created, 0 otherwise */
};
extern const char* BEGIN_CERT;
extern const char* END_CERT;