wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-31 07:59:18 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #4658 from julek-wolfssl/apache-2.4.51

Browse Source 
Add Apache 2.4.51 support
This commit is contained in:
David Garske
2021-12-16 08:52:10 -08:00
committed by GitHub
parent ea2245c4d1 017d6cf464
commit dec78169bf
14 changed files with 525 additions and 237 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
wolfcrypt/src/asn.c
View File

@@ -29581,43 +29581,68 @@ int OcspResponseDecode(OcspResponse* resp, void* cm, void* heap, int noVerify)
WOLFSSL_ENTER("OcspResponseDecode");
/* peel the outer SEQUENCE wrapper */
if (GetSequence(source, &idx, &length, size) < 0)
if (GetSequence(source, &idx, &length, size) < 0) {
WOLFSSL_LEAVE("OcspResponseDecode", ASN_PARSE_E);
return ASN_PARSE_E;
}
/* First get the responseStatus, an ENUMERATED */
if (GetEnumerated(source, &idx, &resp->responseStatus, size) < 0)
if (GetEnumerated(source, &idx, &resp->responseStatus, size) < 0) {
WOLFSSL_LEAVE("OcspResponseDecode", ASN_PARSE_E);
return ASN_PARSE_E;
}
if (resp->responseStatus != OCSP_SUCCESSFUL)
if (resp->responseStatus != OCSP_SUCCESSFUL) {
WOLFSSL_LEAVE("OcspResponseDecode", 0);
return 0;
}
/* Next is an EXPLICIT record called ResponseBytes, OPTIONAL */
if (idx >= size)
return ASN_INPUT_E;
if (GetASNTag(source, &idx, &tag, size) < 0)
if (idx >= size) {
WOLFSSL_LEAVE("OcspResponseDecode", ASN_PARSE_E);
return ASN_PARSE_E;
if (tag != (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC))
}
if (GetASNTag(source, &idx, &tag, size) < 0) {
WOLFSSL_LEAVE("OcspResponseDecode", ASN_PARSE_E);
return ASN_PARSE_E;
if (GetLength(source, &idx, &length, size) < 0)
}
if (tag != (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC)) {
WOLFSSL_LEAVE("OcspResponseDecode", ASN_PARSE_E);
return ASN_PARSE_E;
}
if (GetLength(source, &idx, &length, size) < 0) {
WOLFSSL_LEAVE("OcspResponseDecode", ASN_PARSE_E);
return ASN_PARSE_E;
}
/* Get the responseBytes SEQUENCE */
if (GetSequence(source, &idx, &length, size) < 0)
if (GetSequence(source, &idx, &length, size) < 0) {
WOLFSSL_LEAVE("OcspResponseDecode", ASN_PARSE_E);
return ASN_PARSE_E;
}
/* Check ObjectID for the resposeBytes */
if (GetObjectId(source, &idx, &oid, oidOcspType, size) < 0)
if (GetObjectId(source, &idx, &oid, oidOcspType, size) < 0) {
WOLFSSL_LEAVE("OcspResponseDecode", ASN_PARSE_E);
return ASN_PARSE_E;
if (oid != OCSP_BASIC_OID)
}
if (oid != OCSP_BASIC_OID) {
WOLFSSL_LEAVE("OcspResponseDecode", ASN_PARSE_E);
return ASN_PARSE_E;
}
ret = GetOctetString(source, &idx, &length, size);
if (ret < 0)
if (ret < 0) {
WOLFSSL_LEAVE("OcspResponseDecode", ret);
return ret;
}
ret = DecodeBasicOcspResponse(source, &idx, resp, size, cm, heap, noVerify);
if (ret < 0)
if (ret < 0) {
WOLFSSL_LEAVE("OcspResponseDecode", ret);
return ret;
}
WOLFSSL_LEAVE("OcspResponseDecode", 0);
return 0;
#else
DECL_ASNGETDATA(dataASN, ocspResponseASN_Length);
@@ -29658,6 +29683,7 @@ int OcspResponseDecode(OcspResponse* resp, void* cm, void* heap, int noVerify)
}
FREE_ASNGETDATA(dataASN, resp->heap);
WOLFSSL_LEAVE("OcspResponseDecode", ret);
return ret;
#endif /* WOLFSSL_ASN_TEMPLATE */
}

57
wolfcrypt/src/evp.c
View File

@@ -1420,6 +1420,9 @@ WOLFSSL_EVP_PKEY_CTX *wolfSSL_EVP_PKEY_CTX_new(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_E
ctx->pkey = pkey;
#if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
ctx->padding = RSA_PKCS1_PADDING;
#endif
#ifdef HAVE_ECC
ctx->curveNID = ECC_CURVE_DEF;
#endif
if (wolfSSL_EVP_PKEY_up_ref(pkey) != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("Couldn't increase key reference count");
@@ -1920,6 +1923,49 @@ int wolfSSL_EVP_PKEY_bits(const WOLFSSL_EVP_PKEY *pkey)
}
int wolfSSL_EVP_PKEY_paramgen_init(WOLFSSL_EVP_PKEY_CTX *ctx)
{
(void)ctx;
return WOLFSSL_SUCCESS;
}
int wolfSSL_EVP_PKEY_CTX_set_ec_paramgen_curve_nid(WOLFSSL_EVP_PKEY_CTX *ctx,
int nid)
{
WOLFSSL_ENTER("wolfSSL_EVP_PKEY_CTX_set_ec_paramgen_curve_nid");
#ifdef HAVE_ECC
if (ctx != NULL && ctx->pkey != NULL && ctx->pkey->type == EVP_PKEY_EC) {
ctx->curveNID = nid;
return WOLFSSL_SUCCESS;
}
else
#endif
{
#ifndef HAVE_ECC
(void)ctx;
(void)nid;
WOLFSSL_MSG("Support not compiled in");
#else
WOLFSSL_MSG("Bad parameter");
#endif
return WOLFSSL_FAILURE;
}
}
/* wolfSSL only supports writing out named curves so no need to store the flag.
* In short, it is preferred to write out the name of the curve chosen instead
* of the explicit parameters.
* The difference is nicely explained and illustrated in section
* "ECDH and Named Curves" of
* https://wiki.openssl.org/index.php/Elliptic_Curve_Diffie_Hellman */
int EVP_PKEY_CTX_set_ec_param_enc(WOLFSSL_EVP_PKEY_CTX *ctx,
int flag)
{
(void)ctx;
(void)flag;
return WOLFSSL_SUCCESS;
}
int wolfSSL_EVP_PKEY_keygen_init(WOLFSSL_EVP_PKEY_CTX *ctx)
{
(void)ctx;
@@ -1933,14 +1979,23 @@ int wolfSSL_EVP_PKEY_keygen(WOLFSSL_EVP_PKEY_CTX *ctx,
int ownPkey = 0;
WOLFSSL_EVP_PKEY* pkey;
WOLFSSL_ENTER("wolfSSL_EVP_PKEY_keygen");
if (ctx == NULL || ppkey == NULL) {
return BAD_FUNC_ARG;
}
pkey = *ppkey;
if (pkey == NULL) {
if (ctx->pkey == NULL ||
(ctx->pkey->type != EVP_PKEY_EC &&
ctx->pkey->type != EVP_PKEY_RSA)) {
WOLFSSL_MSG("Key not set or key type not supported");
return BAD_FUNC_ARG;
}
ownPkey = 1;
pkey = wolfSSL_EVP_PKEY_new();
pkey->type = ctx->pkey->type;
if (pkey == NULL)
return ret;
@@ -1962,7 +2017,7 @@ int wolfSSL_EVP_PKEY_keygen(WOLFSSL_EVP_PKEY_CTX *ctx,
#endif
#ifdef HAVE_ECC
case EVP_PKEY_EC:
pkey->ecc = wolfSSL_EC_KEY_new();
pkey->ecc = wolfSSL_EC_KEY_new_by_curve_name(ctx->curveNID);
if (pkey->ecc) {
ret = wolfSSL_EC_KEY_generate_key(pkey->ecc);
if (ret == WOLFSSL_SUCCESS) {

53
wolfcrypt/src/logging.c
View File

@@ -456,8 +456,7 @@ WOLFSSL_API int WOLFSSL_IS_DEBUG_ON(void)
defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \
defined(OPENSSL_EXTRA)
#if (defined(OPENSSL_EXTRA) && !defined(_WIN32) && !defined(NO_ERROR_QUEUE)) \
|| defined(DEBUG_WOLFSSL_VERBOSE)
#ifdef WOLFSSL_HAVE_ERROR_QUEUE
void WOLFSSL_ERROR_LINE(int error, const char* func, unsigned int line,
const char* file, void* usrCtx)
#else
@@ -470,8 +469,7 @@ void WOLFSSL_ERROR(int error)
{
char buffer[WOLFSSL_MAX_ERROR_SZ];
#if (defined(OPENSSL_EXTRA) && !defined(_WIN32) && \
!defined(NO_ERROR_QUEUE)) || defined(DEBUG_WOLFSSL_VERBOSE)
#ifdef WOLFSSL_HAVE_ERROR_QUEUE
(void)usrCtx; /* a user ctx for future flexibility */
(void)func;
@@ -577,6 +575,7 @@ int wc_LoggingCleanup(void)
int wc_PeekErrorNode(int idx, const char **file, const char **reason,
int *line)
{
#ifdef WOLFSSL_HAVE_ERROR_QUEUE
struct wc_error_queue* err;
if (wc_LockMutex(&debug_mutex) != 0) {
@@ -622,6 +621,14 @@ int wc_PeekErrorNode(int idx, const char **file, const char **reason,
wc_UnLockMutex(&debug_mutex);
return err->value;
#else
(void)idx;
(void)file;
(void)reason;
(void)line;
WOLFSSL_MSG("Error queue turned off, can not peak nodes");
return NOT_COMPILED_IN;
#endif
}
@@ -637,6 +644,7 @@ int wc_PeekErrorNode(int idx, const char **file, const char **reason,
*/
int wc_PullErrorNode(const char **file, const char **reason, int *line)
{
#ifdef WOLFSSL_HAVE_ERROR_QUEUE
struct wc_error_queue* err;
int value;
@@ -669,6 +677,13 @@ int wc_PullErrorNode(const char **file, const char **reason, int *line)
wc_UnLockMutex(&debug_mutex);
return value;
#else
(void)file;
(void)reason;
(void)line;
WOLFSSL_MSG("Error queue turned off, can not pull nodes");
return NOT_COMPILED_IN;
#endif
}
@@ -677,13 +692,7 @@ int wc_PullErrorNode(const char **file, const char **reason, int *line)
* function. debug_mutex should be locked before a call to this function. */
int wc_AddErrorNode(int error, int line, char* buf, char* file)
{
#if defined(NO_ERROR_QUEUE)
(void)error;
(void)line;
(void)buf;
(void)file;
WOLFSSL_MSG("Error queue turned off, can not add nodes");
#else
#ifdef WOLFSSL_HAVE_ERROR_QUEUE
struct wc_error_queue* err;
if (wc_error_queue_count >= ERROR_QUEUE_MAX) {
@@ -757,8 +766,15 @@ int wc_AddErrorNode(int error, int line, char* buf, char* file)
}
wc_error_queue_count++;
}
#endif
return 0;
#else
(void)error;
(void)line;
(void)buf;
(void)file;
WOLFSSL_MSG("Error queue turned off, can not add nodes");
return NOT_COMPILED_IN;
#endif
}
/* Removes the error node at the specified index.
@@ -767,6 +783,7 @@ int wc_AddErrorNode(int error, int line, char* buf, char* file)
*/
void wc_RemoveErrorNode(int idx)
{
#ifdef WOLFSSL_HAVE_ERROR_QUEUE
struct wc_error_queue* current;
if (wc_LockMutex(&debug_mutex) != 0) {
@@ -797,6 +814,10 @@ void wc_RemoveErrorNode(int idx)
}
wc_UnLockMutex(&debug_mutex);
#else
(void)idx;
WOLFSSL_MSG("Error queue turned off, can not remove nodes");
#endif
}
@@ -804,9 +825,7 @@ void wc_RemoveErrorNode(int idx)
*/
void wc_ClearErrorNodes(void)
{
#if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_NGINX) || \
defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
#ifdef WOLFSSL_HAVE_ERROR_QUEUE
if (wc_LockMutex(&debug_mutex) != 0) {
WOLFSSL_MSG("Lock debug mutex failed");
return;
@@ -830,7 +849,9 @@ void wc_ClearErrorNodes(void)
wc_last_node = NULL;
wc_current_node = NULL;
wc_UnLockMutex(&debug_mutex);
#endif /* DEBUG_WOLFSSL || WOLFSSL_NGINX */
#else
WOLFSSL_MSG("Error queue turned off, can not clear nodes");
#endif
}
int wc_SetLoggingHeap(void* h)