Merge pull request #2396 from tmael/expanding_OpenSSL_compatibility

Phase 1 of the OpenSSL Compatibility APIs
This commit is contained in:
toddouska
2019-08-13 14:56:09 -07:00
committed by GitHub
8 changed files with 606 additions and 34 deletions
+54 -2
View File
@@ -5119,6 +5119,7 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
ssl->sessionCtxSz = ctx->sessionCtxSz;
XMEMCPY(ssl->sessionCtx, ctx->sessionCtx, ctx->sessionCtxSz);
ssl->cbioFlag = ctx->cbioFlag;
#endif
InitCiphers(ssl);
@@ -5145,6 +5146,16 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
XMEMSET(ssl->arrays->preMasterSecret, 0, ENCRYPT_LEN);
#endif
#ifdef OPENSSL_EXTRA
if ((ssl->param = (WOLFSSL_X509_VERIFY_PARAM*)XMALLOC(
sizeof(WOLFSSL_X509_VERIFY_PARAM),
ssl->heap, DYNAMIC_TYPE_OPENSSL)) == NULL) {
WOLFSSL_MSG("ssl->param memory error");
return MEMORY_E;
}
XMEMSET(ssl->param, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM));
#endif
#ifdef SINGLE_THREADED
if (ctx->suites == NULL)
#endif
@@ -5682,7 +5693,11 @@ void SSL_ResourceFree(WOLFSSL* ssl)
FreeWriteDup(ssl);
}
#endif
#ifdef OPENSSL_EXTRA
if (ssl->param) {
XFREE(ssl->param, ssl->heap, DYNAMIC_TYPE_OPENSSL);
}
#endif
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
while (ssl->certReqCtx != NULL) {
CertReqCtx* curr = ssl->certReqCtx;
@@ -9039,7 +9054,16 @@ static int DoVerifyCallback(WOLFSSL* ssl, int ret, ProcPeerCertArgs* args)
use_cb = 1;
}
#endif
#if defined(OPENSSL_EXTRA)
/* perform domain name check on the peer certificate */
if (args->dCertInit && args->dCert && args->dCert->subjectCN \
&& ssl->param && ssl->param->hostName[0]) {
if(XSTRSTR(args->dCert->subjectCN, ssl->param->hostName) == NULL) {
return VERIFY_CERT_ERROR;
}
}
#endif
/* if verify callback has been set */
if (use_cb && ssl->verifyCallback) {
#ifdef WOLFSSL_SMALL_STACK
@@ -9113,7 +9137,30 @@ static int DoVerifyCallback(WOLFSSL* ssl, int ret, ProcPeerCertArgs* args)
else {
store->store = &ssl->ctx->x509_store;
}
#endif
#if defined(OPENSSL_EXTRA)
store->param = (WOLFSSL_X509_VERIFY_PARAM*)XMALLOC(
sizeof(WOLFSSL_X509_VERIFY_PARAM),
ssl->heap, DYNAMIC_TYPE_OPENSSL);
if (store->param == NULL) {
return MEMORY_E;
}
XMEMSET(store->param, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM));
/* Overwrite with non-default param values in SSL */
if (ssl->param) {
if (ssl->param->check_time)
store->param->check_time = ssl->param->check_time;
if (ssl->param->flags)
store->param->flags = ssl->param->flags;
if (ssl->param->hostName[0])
XMEMCPY(store->param->hostName, ssl->param->hostName,
WOLFSSL_HOST_NAME_MAX);
}
#endif /* defined(OPENSSL_EXTRA) */
#endif /* defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)*/
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
#ifdef KEEP_PEER_CERT
if (args->certIdx == 0) {
@@ -9167,6 +9214,11 @@ static int DoVerifyCallback(WOLFSSL* ssl, int ret, ProcPeerCertArgs* args)
#endif
}
#endif /* SESSION_CERTS */
#ifdef OPENSSL_EXTRA
if (store->param){
XFREE(store->param, ssl->heap, DYNAMIC_TYPE_OPENSSL);
}
#endif
#ifdef WOLFSSL_SMALL_STACK
XFREE(domain, ssl->heap, DYNAMIC_TYPE_STRING);
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+282 -5
View File
@@ -7630,6 +7630,24 @@ int wolfSSL_use_PrivateKey_ASN1(int pri, WOLFSSL* ssl, unsigned char* der,
(void)pri; /* type of private key */
return wolfSSL_use_PrivateKey_buffer(ssl, der, derSz, WOLFSSL_FILETYPE_ASN1);
}
/******************************************************************************
* wolfSSL_CTX_use_PrivateKey_ASN1 - loads a private key buffer into the SSL ctx
*
* RETURNS:
* returns WOLFSSL_SUCCESS on success, otherwise returns WOLFSSL_FAILURE
*/
int wolfSSL_CTX_use_PrivateKey_ASN1(int pri, WOLFSSL_CTX* ctx,
unsigned char* der, long derSz)
{
WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey_ASN1");
if (ctx == NULL || der == NULL ) {
return WOLFSSL_FAILURE;
}
(void)pri; /* type of private key */
return wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, derSz, WOLFSSL_FILETYPE_ASN1);
}
#ifndef NO_RSA
@@ -12194,7 +12212,6 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
return &ctx->x509_store;
}
void wolfSSL_CTX_set_cert_store(WOLFSSL_CTX* ctx, WOLFSSL_X509_STORE* str)
{
if (ctx == NULL || str == NULL) {
@@ -16649,7 +16666,48 @@ WOLFSSL_X509_NAME* wolfSSL_X509_get_subject_name(WOLFSSL_X509* cert)
return NULL;
}
#if defined(OPENSSL_EXTRA) && !defined(NO_SHA)
/******************************************************************************
* wolfSSL_X509_subject_name_hash - compute the hash digest of the raw subject name
*
* RETURNS:
* The beginning of the hash digest. Otherwise, returns zero.
* Note:
* Returns a different hash value from OpenSSL's X509_subject_name_hash() API
* depending on the subject name.
*/
unsigned long wolfSSL_X509_subject_name_hash(const WOLFSSL_X509* x509)
{
word32 ret = 0;
int retHash;
WOLFSSL_X509_NAME *subjectName = NULL;
#ifdef WOLFSSL_PIC32MZ_HASH
byte digest[PIC32_DIGEST_SIZE];
#else
byte digest[WC_SHA_DIGEST_SIZE];
#endif
if (x509 == NULL){
return WOLFSSL_FAILURE;
}
subjectName = wolfSSL_X509_get_subject_name((WOLFSSL_X509*)x509);
if (subjectName != NULL){
retHash = wc_ShaHash((const byte*)subjectName->name,
(word32)subjectName->sz, digest);
if(retHash != 0){
WOLFSSL_MSG("Hash of X509 subjectName has failed");
return WOLFSSL_FAILURE;
}
ret = MakeWordFromHash(digest);
}
return (unsigned long)ret;
}
#endif
WOLFSSL_X509_NAME* wolfSSL_X509_get_issuer_name(WOLFSSL_X509* cert)
{
@@ -19182,6 +19240,14 @@ WOLFSSL_X509_STORE* wolfSSL_X509_STORE_new(void)
goto err_exit;
#endif
#ifdef OPENSSL_EXTRA
if ((store->param = (WOLFSSL_X509_VERIFY_PARAM*)XMALLOC(
sizeof(WOLFSSL_X509_VERIFY_PARAM),
NULL,DYNAMIC_TYPE_OPENSSL)) == NULL)
goto err_exit;
#endif
return store;
err_exit:
@@ -19192,6 +19258,11 @@ err_exit:
#ifdef HAVE_CRL
if(store->crl != NULL)
wolfSSL_X509_CRL_free(store->crl);
#endif
#ifdef OPENSSL_EXTRA
if (store->param != NULL){
XFREE(store->param,NULL,DYNAMIC_TYPE_OPENSSL);
}
#endif
wolfSSL_X509_STORE_free(store);
@@ -19207,6 +19278,11 @@ void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE* store)
#ifdef HAVE_CRL
if (store->crl != NULL)
wolfSSL_X509_CRL_free(store->crl);
#endif
#ifdef OPENSSL_EXTRA
if (store->param != NULL){
XFREE(store->param,NULL,DYNAMIC_TYPE_OPENSSL);
}
#endif
XFREE(store, NULL, DYNAMIC_TYPE_X509_STORE);
}
@@ -19658,6 +19734,60 @@ void wolfSSL_X509_STORE_CTX_set_time(WOLFSSL_X509_STORE_CTX* ctx,
ctx->param->check_time = t;
ctx->param->flags |= WOLFSSL_USE_CHECK_TIME;
}
/******************************************************************************
* wolfSSL_X509_VERIFY_PARAM_set1_host - sets the DNS hostname to name
* hostnames is cleared if name is NULL or empty.
*
* RETURNS:
*
*/
int wolfSSL_X509_VERIFY_PARAM_set1_host(WOLFSSL_X509_VERIFY_PARAM* pParam,
const char* name,
unsigned int nameSz)
{
unsigned int sz = 0;
if (pParam == NULL)
return WOLFSSL_FAILURE;
XMEMSET(pParam->hostName, 0, WOLFSSL_HOST_NAME_MAX);
if (name == NULL)
return WOLFSSL_SUCCESS;
sz = (unsigned int)XSTRLEN(name);
/* If name is NUL-terminated, namelen can be set to zero. */
if(nameSz == 0 || nameSz > sz)
nameSz = sz;
if (nameSz > 0 && name[nameSz - 1] == '\0')
nameSz--;
if (nameSz > WOLFSSL_HOST_NAME_MAX-1)
nameSz = WOLFSSL_HOST_NAME_MAX-1;
if (nameSz > 0)
XMEMCPY(pParam->hostName, name, nameSz);
pParam->hostName[nameSz] = '\0';
return WOLFSSL_SUCCESS;
}
/******************************************************************************
* wolfSSL_get0_param - return a pointer to the SSL verification parameters
*
* RETURNS:
* returns pointer to the SSL verification parameters on success,
* otherwise returns NULL
*/
WOLFSSL_X509_VERIFY_PARAM* wolfSSL_get0_param(WOLFSSL* ssl)
{
if (ssl == NULL) {
return NULL;
}
return ssl->param;
}
#ifndef NO_WOLFSSL_STUB
void wolfSSL_X509_OBJECT_free_contents(WOLFSSL_X509_OBJECT* obj)
@@ -22940,7 +23070,6 @@ int wolfSSL_RAND_bytes(unsigned char* buf, int num)
rng = tmpRNG;
initTmpRng = 1;
}
if (rng) {
if (wc_RNG_GenerateBlock(rng, buf, num) != 0)
WOLFSSL_MSG("Bad wc_RNG_GenerateBlock");
@@ -34462,8 +34591,8 @@ int wolfSSL_CTX_get_verify_mode(WOLFSSL_CTX* ctx)
WOLFSSL_LEAVE("wolfSSL_CTX_get_verify_mode", mode);
return mode;
}
#endif
#endif
#if defined(OPENSSL_EXTRA) && defined(HAVE_CURVE25519)
/* return 1 if success, 0 if error
* output keys are little endian format
@@ -36275,6 +36404,28 @@ PKCS7* wolfSSL_PKCS7_new(void)
return (PKCS7*)pkcs7;
}
/******************************************************************************
* wolfSSL_PKCS7_SIGNED_new - allocates PKCS7 and initialize it for a signed data
*
* RETURNS:
* returns pointer to the PKCS7 structure on success, otherwise returns NULL
*/
PKCS7_SIGNED* wolfSSL_PKCS7_SIGNED_new(void)
{
byte signedData[]= { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x02};
PKCS7* pkcs7 = NULL;
if ((pkcs7 = wolfSSL_PKCS7_new()) == NULL)
return NULL;
pkcs7->contentOID = SIGNED_DATA;
if ((wc_PKCS7_SetContentType(pkcs7, signedData, sizeof(signedData))) < 0) {
if (pkcs7) {
wolfSSL_PKCS7_free(pkcs7);
return NULL;
}
}
return pkcs7;
}
void wolfSSL_PKCS7_free(PKCS7* pkcs7)
{
@@ -36287,7 +36438,11 @@ void wolfSSL_PKCS7_free(PKCS7* pkcs7)
XFREE(p7, NULL, DYNAMIC_TYPE_PKCS7);
}
}
void wolfSSL_PKCS7_SIGNED_free(PKCS7_SIGNED* p7)
{
wolfSSL_PKCS7_free(p7);
return;
}
PKCS7* wolfSSL_d2i_PKCS7(PKCS7** p7, const unsigned char** in, int len)
{
WOLFSSL_PKCS7* pkcs7 = NULL;
@@ -36426,7 +36581,130 @@ WOLFSSL_STACK* wolfSSL_PKCS7_get0_signers(PKCS7* pkcs7, WOLFSSL_STACK* certs,
return signers;
}
/******************************************************************************
* wolfSSL_PEM_write_bio_PKCS7 - writes the PKCS7 data to BIO
*
* RETURNS:
* returns WOLFSSL_SUCCESS on success, otherwise returns WOLFSSL_FAILURE
*/
int wolfSSL_PEM_write_bio_PKCS7(WOLFSSL_BIO* bio, PKCS7* p7)
{
#ifdef WOLFSSL_SMALL_STACK
byte* outputHead;
byte* outputFoot;
#else
byte outputHead[2048];
byte outputFoot[2048];
#endif
word32 outputHeadSz = 2048;
word32 outputFootSz = 2048;
word32 outputSz = 0;
byte* output = NULL;
byte* pem = NULL;
int pemSz = -1;
enum wc_HashType hashType;
byte hashBuf[WC_MAX_DIGEST_SIZE];
word32 hashSz = -1;
WOLFSSL_ENTER("wolfSSL_PEM_write_bio_PKCS7()");
if (bio == NULL || p7 == NULL)
return WOLFSSL_FAILURE;
#ifdef WOLFSSL_SMALL_STACK
outputHead = (byte*)XMALLOC(outputHeadSz, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (outputHead == NULL)
return MEMORY_E;
outputFoot = (byte*)XMALLOC(outputFootSz, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (outputFoot == NULL)
goto error;
#endif
XMEMSET(hashBuf, 0, WC_MAX_DIGEST_SIZE);
XMEMSET(outputHead, 0, outputHeadSz);
XMEMSET(outputFoot, 0, outputFootSz);
hashType = wc_OidGetHash(p7->hashOID);
hashSz = wc_HashGetDigestSize(hashType);
if (hashSz > WC_MAX_DIGEST_SIZE)
return WOLFSSL_FAILURE;
/* only SIGNED_DATA is supported */
switch (p7->contentOID) {
case SIGNED_DATA:
break;
default:
WOLFSSL_MSG("Unknown PKCS#7 Type");
return WOLFSSL_FAILURE;
};
if ((wc_PKCS7_EncodeSignedData_ex(p7, hashBuf, hashSz,
outputHead, &outputHeadSz, outputFoot, &outputFootSz)) != 0)
return WOLFSSL_FAILURE;
outputSz = outputHeadSz + p7->contentSz + outputFootSz;
output = (byte*)XMALLOC(outputSz, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (!output)
return WOLFSSL_FAILURE;
XMEMSET(output, 0, outputSz);
outputSz = 0;
XMEMCPY(&output[outputSz], outputHead, outputHeadSz);
outputSz += outputHeadSz;
XMEMCPY(&output[outputSz], p7->content, p7->contentSz);
outputSz += p7->contentSz;
XMEMCPY(&output[outputSz], outputFoot, outputFootSz);
outputSz += outputFootSz;
/* get PEM size */
pemSz = wc_DerToPemEx(output, outputSz, NULL, 0, NULL, CERT_TYPE);
if (pemSz < 0)
goto error;
pemSz++; /* for '\0'*/
/* create PEM buffer and convert from DER to PEM*/
if ((pem = (byte*)XMALLOC(pemSz, bio->heap, DYNAMIC_TYPE_TMP_BUFFER)) == NULL)
goto error;
XMEMSET(pem, 0, pemSz);
if (wc_DerToPemEx(output, outputSz, pem, pemSz, NULL, CERT_TYPE) < 0) {
goto error;
}
if ((wolfSSL_BIO_write(bio, pem, pemSz) == pemSz)) {
XFREE(output, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(pem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
#ifdef WOLFSSL_SMALL_STACK
XFREE(outputHead, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(outputFoot, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return WOLFSSL_SUCCESS;
}
error:
#ifdef WOLFSSL_SMALL_STACK
if (outputHead) {
XFREE(outputHead, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
}
if (outputFoot) {
XFREE(outputFoot, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
}
#endif
if (output) {
XFREE(output, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
}
if (pem) {
XFREE(pem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
}
return WOLFSSL_FAILURE;
}
#endif /* defined(OPENSSL_ALL) && defined(HAVE_PKCS7) */
#ifdef OPENSSL_ALL
WOLFSSL_STACK* wolfSSL_sk_X509_new(void)
@@ -36998,4 +37276,3 @@ int wolfSSL_X509_REQ_set_pubkey(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey)
return wolfSSL_X509_set_pubkey(req, pkey);
}
#endif
+226 -2
View File
@@ -4140,7 +4140,6 @@ static void test_wolfSSL_X509_NAME_get_entry(void)
#endif /* !NO_CERTS && !NO_RSA */
}
/* Testing functions dealing with PKCS12 parsing out X509 certs */
static void test_wolfSSL_PKCS12(void)
{
@@ -17839,7 +17838,31 @@ static void test_wolfSSL_X509_NAME(void)
printf(resultFmt, passed);
#endif /* defined(OPENSSL_EXTRA) && !defined(NO_DES3) */
}
static void test_wolfSSL_X509_subject_name_hash(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \
&& !defined(NO_SHA) && !defined(NO_RSA)
X509* x509;
X509_NAME* subjectName = NULL;
unsigned long ret = 0;
printf(testingFmt, "wolfSSL_X509_subject_name_hash()");
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
SSL_FILETYPE_PEM));
AssertNotNull(subjectName = wolfSSL_X509_get_subject_name(x509));
ret = X509_subject_name_hash(x509);
AssertIntNE(ret, WOLFSSL_FAILURE);
X509_free(x509);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_DES(void)
{
@@ -18310,6 +18333,21 @@ static void test_wolfSSL_private_keys(void)
/* After loading back in DER format of original key, should match */
AssertIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
/* test loading private key to the WOLFSSL_CTX */
AssertIntEQ(SSL_CTX_use_PrivateKey_ASN1(0, ctx,
(unsigned char*)client_key_der_2048,
sizeof_client_key_der_2048), WOLFSSL_SUCCESS);
#ifndef HAVE_USER_RSA
/* Should mismatch now that a different private key loaded */
AssertIntNE(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_SUCCESS);
#endif
AssertIntEQ(SSL_CTX_use_PrivateKey_ASN1(0, ctx,
(unsigned char*)server_key,
sizeof_server_key_der_2048), WOLFSSL_SUCCESS);
/* After loading back in DER format of original key, should match */
AssertIntEQ(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_SUCCESS);
/* pkey not set yet, expecting to fail */
AssertIntEQ(SSL_use_PrivateKey(ssl, pkey), WOLFSSL_FAILURE);
@@ -19451,6 +19489,58 @@ static void test_wolfSSL_X509_STORE_CTX_set_time(void)
#endif /* OPENSSL_EXTRA */
}
static void test_wolfSSL_get0_param(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
SSL_CTX* ctx;
SSL* ssl;
WOLFSSL_X509_VERIFY_PARAM* pParam;
printf(testingFmt, "wolfSSL_get0_param()");
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM));
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
AssertNotNull(ssl = SSL_new(ctx));
pParam = SSL_get0_param(ssl);
(void)pParam;
SSL_free(ssl);
SSL_CTX_free(ctx);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && !defined(NO_RSA)*/
}
static void test_wolfSSL_X509_VERIFY_PARAM_set1_host(void)
{
#if defined(OPENSSL_EXTRA)
const char host[] = "www.example.com";
WOLFSSL_X509_VERIFY_PARAM* pParam;
printf(testingFmt, "wolfSSL_X509_VERIFY_PARAM_set1_host()");
AssertNotNull(pParam = (WOLFSSL_X509_VERIFY_PARAM*)XMALLOC(
sizeof(WOLFSSL_X509_VERIFY_PARAM),
HEAP_HINT, DYNAMIC_TYPE_OPENSSL));
XMEMSET(pParam, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM));
X509_VERIFY_PARAM_set1_host(pParam, host, sizeof(host));
AssertIntEQ(XMEMCMP(pParam->hostName, host, sizeof(host)), 0);
XMEMSET(pParam, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM));
AssertIntNE(XMEMCMP(pParam->hostName, host, sizeof(host)), 0);
XFREE(pParam, HEAP_HINT, DYNAMIC_TYPE_OPENSSL);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA */
}
static void test_wolfSSL_CTX_set_client_CA_list(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_CERTS)
@@ -23586,6 +23676,136 @@ static void test_wolfssl_PKCS7(void)
#endif
}
static void test_wolfSSL_PKCS7_SIGNED_new(void)
{
#if defined(OPENSSL_ALL) && defined(HAVE_PKCS7)
PKCS7_SIGNED* pkcs7;
printf(testingFmt, "wolfSSL_PKCS7_SIGNED_new()");
pkcs7 = PKCS7_SIGNED_new();
AssertNotNull(pkcs7);
AssertIntEQ(pkcs7->contentOID, SIGNED_DATA);
PKCS7_SIGNED_free(pkcs7);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_PEM_write_bio_PKCS7(void)
{
#if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM)
PKCS7* pkcs7 = NULL;
BIO* bio = NULL;
const byte* cert_buf = NULL;
int ret = 0;
WC_RNG rng;
const byte data[] = { /* Hello World */
0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
0x72,0x6c,0x64
};
#ifndef NO_RSA
#if defined(USE_CERT_BUFFERS_2048)
byte key[sizeof_client_key_der_2048];
byte cert[sizeof_client_cert_der_2048];
word32 keySz = (word32)sizeof(key);
word32 certSz = (word32)sizeof(cert);
XMEMSET(key, 0, keySz);
XMEMSET(cert, 0, certSz);
XMEMCPY(key, client_key_der_2048, keySz);
XMEMCPY(cert, client_cert_der_2048, certSz);
#elif defined(USE_CERT_BUFFERS_1024)
byte key[sizeof_client_key_der_1024];
byte cert[sizeof_client_cert_der_1024];
word32 keySz = (word32)sizeof(key);
word32 certSz = (word32)sizeof(cert);
XMEMSET(key, 0, keySz);
XMEMSET(cert, 0, certSz);
XMEMCPY(key, client_key_der_1024, keySz);
XMEMCPY(cert, client_cert_der_1024, certSz);
#else
unsigned char cert[ONEK_BUF];
unsigned char key[ONEK_BUF];
XFILE fp;
int certSz;
int keySz;
fp = XFOPEN("./certs/1024/client-cert.der", "rb");
AssertTrue((fp != XBADFILE));
certSz = XFREAD(cert, 1, sizeof_client_cert_der_1024, fp);
XFCLOSE(fp);
fp = XFOPEN("./certs/1024/client-key.der", "rb");
AssertTrue(fp != XBADFILE);
keySz = XFREAD(key, 1, sizeof_client_key_der_1024, fp);
XFCLOSE(fp);
#endif
#elif defined(HAVE_ECC)
#if defined(USE_CERT_BUFFERS_256)
unsigned char cert[sizeof_cliecc_cert_der_256];
unsigned char key[sizeof_ecc_clikey_der_256];
int certSz = (int)sizeof(cert);
int keySz = (int)sizeof(key);
XMEMSET(cert, 0, certSz);
XMEMSET(key, 0, keySz);
XMEMCPY(cert, cliecc_cert_der_256, sizeof_cliecc_cert_der_256);
XMEMCPY(key, ecc_clikey_der_256, sizeof_ecc_clikey_der_256);
#else
unsigned char cert[ONEK_BUF];
unsigned char key[ONEK_BUF];
XFILE fp;
int certSz, keySz;
fp = XFOPEN("./certs/client-ecc-cert.der", "rb");
AssertTrue(fp != XBADFILE);
certSz = XFREAD(cert, 1, sizeof_cliecc_cert_der_256, fp);
XFCLOSE(fp);
fp = XFOPEN("./certs/client-ecc-key.der", "rb");
AssertTrue(fp != XBADFILE);
keySz = XFREAD(key, 1, sizeof_ecc_clikey_der_256, fp);
XFCLOSE(fp);
#endif
#else
#error PKCS7 requires ECC or RSA
#endif
printf(testingFmt, "wolfSSL_PEM_write_bio_PKCS7()");
AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
/* initialize with DER encoded cert */
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, (byte*)cert, (word32)certSz), 0);
/* init rng */
AssertIntEQ(wc_InitRng(&rng), 0);
pkcs7->rng = &rng;
pkcs7->content = (byte*)data; /* not used for ex */
pkcs7->contentSz = (word32)sizeof(data);
pkcs7->contentOID = SIGNED_DATA;
pkcs7->privateKey = key;
pkcs7->privateKeySz = (word32)sizeof(key);
pkcs7->encryptOID = RSAk;
pkcs7->hashOID = SHAh;
pkcs7->signedAttribs = NULL;
pkcs7->signedAttribsSz = 0;
AssertNotNull(bio = BIO_new(BIO_s_mem()));
/* Write PKCS#7 PEM to BIO, the function converts the DER to PEM cert*/
AssertIntEQ(PEM_write_bio_PKCS7(bio, pkcs7), WOLFSSL_SUCCESS);
/* Read PKCS#7 PEM from BIO */
ret = wolfSSL_BIO_get_mem_data(bio, &cert_buf);
AssertIntGE(ret, 0);
BIO_free(bio);
wc_PKCS7_Free(pkcs7);
wc_FreeRng(&rng);
printf(resultFmt, passed);
#endif
}
/*----------------------------------------------------------------------------*
| Certficate Failure Checks
*----------------------------------------------------------------------------*/
@@ -24876,7 +25096,6 @@ static void test_SetTmpEC_DHE_Sz(void)
#endif
}
/*----------------------------------------------------------------------------*
| Main
*----------------------------------------------------------------------------*/
@@ -24960,6 +25179,7 @@ void ApiTest(void)
/* compatibility tests */
test_wolfSSL_X509_NAME();
test_wolfSSL_X509_subject_name_hash();
test_wolfSSL_DES();
test_wolfSSL_certs();
test_wolfSSL_ASN1_TIME_print();
@@ -24990,6 +25210,8 @@ void ApiTest(void)
test_wolfSSL_X509_LOOKUP_load_file();
test_wolfSSL_X509_NID();
test_wolfSSL_X509_STORE_CTX_set_time();
test_wolfSSL_get0_param();
test_wolfSSL_X509_VERIFY_PARAM_set1_host();
test_wolfSSL_X509_STORE();
test_wolfSSL_BN();
test_wolfSSL_PEM_read_bio();
@@ -25067,6 +25289,8 @@ void ApiTest(void)
test_X509_REQ();
/* OpenSSL PKCS7 API test */
test_wolfssl_PKCS7();
test_wolfSSL_PKCS7_SIGNED_new();
test_wolfSSL_PEM_write_bio_PKCS7();
/* wolfCrypt ASN tests */
test_wc_GetPkcs8TraditionalOffset();
+1
View File
@@ -3739,6 +3739,7 @@ struct WOLFSSL {
WOLFSSL_BIO* biord; /* socket bio read to free/close */
WOLFSSL_BIO* biowr; /* socket bio write to free/close */
byte sessionCtx[ID_LEN]; /* app session context ID */
WOLFSSL_X509_VERIFY_PARAM* param; /* verification parameters*/
#endif
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
unsigned long peerVerifyRet;
+7 -2
View File
@@ -47,8 +47,9 @@ typedef struct WOLFSSL_PKCS7
WOLFSSL_API PKCS7* wolfSSL_PKCS7_new(void);
WOLFSSL_API PKCS7_SIGNED* wolfSSL_PKCS7_SIGNED_new(void);
WOLFSSL_API void wolfSSL_PKCS7_free(PKCS7* p7);
WOLFSSL_API void wolfSSL_PKCS7_SIGNED_free(PKCS7_SIGNED* p7);
WOLFSSL_API PKCS7* wolfSSL_d2i_PKCS7(PKCS7** p7, const unsigned char** in,
int len);
WOLFSSL_API PKCS7* wolfSSL_d2i_PKCS7_bio(WOLFSSL_BIO* bio, PKCS7** p7);
@@ -56,13 +57,17 @@ WOLFSSL_API int wolfSSL_PKCS7_verify(PKCS7* p7, WOLFSSL_STACK* certs,
WOLFSSL_X509_STORE* store, WOLFSSL_BIO* in, WOLFSSL_BIO* out, int flags);
WOLFSSL_API WOLFSSL_STACK* wolfSSL_PKCS7_get0_signers(PKCS7* p7,
WOLFSSL_STACK* certs, int flags);
WOLFSSL_API int wolfSSL_PEM_write_bio_PKCS7(WOLFSSL_BIO* bio, PKCS7* p7);
#define PKCS7_new wolfSSL_PKCS7_new
#define PKCS7_new wolfSSL_PKCS7_new
#define PKCS7_SIGNED_new wolfSSL_PKCS7_SIGNED_new
#define PKCS7_free wolfSSL_PKCS7_free
#define PKCS7_SIGNED_free wolfSSL_PKCS7_SIGNED_free
#define d2i_PKCS7 wolfSSL_d2i_PKCS7
#define d2i_PKCS7_bio wolfSSL_d2i_PKCS7_bio
#define PKCS7_verify wolfSSL_PKCS7_verify
#define PKCS7_get0_signers wolfSSL_PKCS7_get0_signers
#define PEM_write_bio_PKCS7 wolfSSL_PEM_write_bio_PKCS7
#endif /* OPENSSL_ALL && HAVE_PKCS7 */
+17 -15
View File
@@ -101,6 +101,7 @@ typedef WOLFSSL_X509_REVOKED X509_REVOKED;
typedef WOLFSSL_X509_OBJECT X509_OBJECT;
typedef WOLFSSL_X509_STORE X509_STORE;
typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
typedef WOLFSSL_X509_VERIFY_PARAM X509_VERIFY_PARAM;
#define EVP_CIPHER_INFO EncryptedInfo
@@ -115,7 +116,6 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
/* depreciated */
#define CRYPTO_thread_id wolfSSL_thread_id
#define CRYPTO_set_id_callback wolfSSL_set_id_callback
#define CRYPTO_LOCK 0x01
#define CRYPTO_UNLOCK 0x02
#define CRYPTO_READ 0x04
@@ -162,6 +162,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
#define SSL_use_PrivateKey_ASN1 wolfSSL_use_PrivateKey_ASN1
#define SSL_use_RSAPrivateKey_ASN1 wolfSSL_use_RSAPrivateKey_ASN1
#define SSL_get_privatekey wolfSSL_get_privatekey
#define SSL_CTX_use_PrivateKey_ASN1 wolfSSL_CTX_use_PrivateKey_ASN1
#define SSLv23_method wolfSSLv23_method
#define SSLv23_client_method wolfSSLv23_client_method
@@ -250,7 +251,6 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
#define SSL_session_reused wolfSSL_session_reused
#define SSL_SESSION_free wolfSSL_SESSION_free
#define SSL_is_init_finished wolfSSL_is_init_finished
#define SSL_get_version wolfSSL_get_version
#define SSL_get_current_cipher wolfSSL_get_current_cipher
@@ -266,7 +266,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
#define SSL_SESSION_get_master_key_length wolfSSL_SESSION_get_master_key_length
#define DSA_dup_DH wolfSSL_DSA_dup_DH
#define i2d_X509_bio wolfSSL_i2d_X509_bio
#define d2i_X509_bio wolfSSL_d2i_X509_bio
#define d2i_X509_fp wolfSSL_d2i_X509_fp
@@ -317,7 +317,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
#define X509_email_free wolfSSL_X509_email_free
#define X509_check_issued wolfSSL_X509_check_issued
#define X509_dup wolfSSL_X509_dup
#define sk_X509_new wolfSSL_sk_X509_new
#define sk_X509_num wolfSSL_sk_X509_num
#define sk_X509_value wolfSSL_sk_X509_value
@@ -371,7 +371,6 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
#define X509_STORE_CTX_cleanup wolfSSL_X509_STORE_CTX_cleanup
#define X509_STORE_CTX_set_error wolfSSL_X509_STORE_CTX_set_error
#define X509_STORE_CTX_get_ex_data wolfSSL_X509_STORE_CTX_get_ex_data
#define X509_STORE_new wolfSSL_X509_STORE_new
#define X509_STORE_free wolfSSL_X509_STORE_free
#define X509_STORE_add_lookup wolfSSL_X509_STORE_add_lookup
@@ -382,16 +381,17 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
#define X509_STORE_get_by_subject wolfSSL_X509_STORE_get_by_subject
#define X509_STORE_CTX_get1_issuer wolfSSL_X509_STORE_CTX_get1_issuer
#define X509_STORE_CTX_set_time wolfSSL_X509_STORE_CTX_set_time
#define X509_VERIFY_PARAM_set1_host wolfSSL_X509_VERIFY_PARAM_set1_host
#define X509_LOOKUP_add_dir wolfSSL_X509_LOOKUP_add_dir
#define X509_LOOKUP_load_file wolfSSL_X509_LOOKUP_load_file
#define X509_LOOKUP_hash_dir wolfSSL_X509_LOOKUP_hash_dir
#define X509_LOOKUP_file wolfSSL_X509_LOOKUP_file
#define d2i_X509_CRL wolfSSL_d2i_X509_CRL
#define d2i_X509_CRL_fp wolfSSL_d2i_X509_CRL_fp
#define PEM_read_X509_CRL wolfSSL_PEM_read_X509_CRL
#define X509_CRL_free wolfSSL_X509_CRL_free
#define X509_CRL_get_lastUpdate wolfSSL_X509_CRL_get_lastUpdate
#define X509_CRL_get_nextUpdate wolfSSL_X509_CRL_get_nextUpdate
@@ -402,9 +402,10 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
#define sk_X509_REVOKED_value wolfSSL_sk_X509_REVOKED_value
#define X509_OBJECT_free_contents wolfSSL_X509_OBJECT_free_contents
#define X509_subject_name_hash wolfSSL_X509_subject_name_hash
#define OCSP_parse_url wolfSSL_OCSP_parse_url
#define MD4_Init wolfSSL_MD4_Init
#define MD4_Update wolfSSL_MD4_Update
#define MD4_Final wolfSSL_MD4_Final
@@ -433,7 +434,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
#define SSL_set_bio wolfSSL_set_bio
#define BIO_eof wolfSSL_BIO_eof
#define BIO_set_ss wolfSSL_BIO_set_ss
#define BIO_s_mem wolfSSL_BIO_s_mem
#define BIO_f_base64 wolfSSL_BIO_f_base64
#define BIO_set_flags wolfSSL_BIO_set_flags
@@ -515,7 +516,7 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING;
#define RSA_free wolfSSL_RSA_free
#define RSA_generate_key wolfSSL_RSA_generate_key
#define SSL_CTX_set_tmp_rsa_callback wolfSSL_CTX_set_tmp_rsa_callback
#define PEM_def_callback wolfSSL_PEM_def_callback
#define SSL_CTX_sess_accept wolfSSL_CTX_sess_accept
@@ -609,7 +610,7 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING;
#define SSL_want_write wolfSSL_want_write
#define BIO_prf wolfSSL_BIO_prf
#define sk_num wolfSSL_sk_num
#define sk_value wolfSSL_sk_value
@@ -700,7 +701,7 @@ typedef STACK_OF(WOLFSSL_ASN1_OBJECT) GENERAL_NAMES;
#define SSL_R_SHORT_READ 10
#define ERR_R_PEM_LIB 9
#define V_ASN1_IA5STRING 22
#define SSL_CTRL_MODE 33
#define SSL_CTRL_MODE 33
#define SSL_CTX_clear_chain_certs(ctx) SSL_CTX_set0_chain(ctx,NULL)
#define d2i_RSAPrivateKey_bio wolfSSL_d2i_RSAPrivateKey_bio
@@ -761,7 +762,7 @@ typedef STACK_OF(WOLFSSL_ASN1_OBJECT) GENERAL_NAMES;
#define SSL_set_tlsext_status_ocsp_res wolfSSL_set_tlsext_status_ocsp_resp
#define SSL_set_tlsext_status_ocsp_resp wolfSSL_set_tlsext_status_ocsp_resp
#define SSL_get_tlsext_status_ocsp_resp wolfSSL_get_tlsext_status_ocsp_resp
#define SSL_CTX_add_extra_chain_cert wolfSSL_CTX_add_extra_chain_cert
#define SSL_CTX_get_read_ahead wolfSSL_CTX_get_read_ahead
#define SSL_CTX_set_read_ahead wolfSSL_CTX_set_read_ahead
@@ -949,7 +950,7 @@ typedef STACK_OF(WOLFSSL_ASN1_OBJECT) GENERAL_NAMES;
#define SSL_is_server wolfSSL_is_server
#define SSL_CTX_set1_curves_list wolfSSL_CTX_set1_curves_list
#endif /* WOLFSSL_NGINX || WOLFSSL_HAPROXY || WOLFSSL_MYSQL_COMPATIBLE ||
#endif /* WOLFSSL_NGINX || WOLFSSL_HAPROXY || WOLFSSL_MYSQL_COMPATIBLE ||
OPENSSL_ALL || HAVE_LIGHTY */
#ifdef OPENSSL_EXTRA
@@ -957,9 +958,10 @@ typedef STACK_OF(WOLFSSL_ASN1_OBJECT) GENERAL_NAMES;
#define SSL_CTX_set_srp_password wolfSSL_CTX_set_srp_password
#define SSL_CTX_set_srp_username wolfSSL_CTX_set_srp_username
#define SSL_get_SSL_CTX wolfSSL_get_SSL_CTX
#define SSL_get0_param wolfSSL_get0_param
#define ERR_NUM_ERRORS 16
#define EVP_PKEY_RSA 6
#define EVP_PKEY_RSA 6
#define EVP_PKEY_RSA2 19
#define SN_pkcs9_emailAddress "Email"
#define LN_pkcs9_emailAddress "emailAddress"
+14 -3
View File
@@ -307,6 +307,7 @@ struct WOLFSSL_X509_STORE {
WOLFSSL_X509_LOOKUP lookup;
#ifdef OPENSSL_EXTRA
int isDynamic;
WOLFSSL_X509_VERIFY_PARAM* param; /* certificate validation parameter */
#endif
#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL)
WOLFSSL_X509_CRL *crl;
@@ -317,9 +318,11 @@ struct WOLFSSL_X509_STORE {
#define WOLFSSL_USE_CHECK_TIME 0x2
#define WOLFSSL_NO_CHECK_TIME 0x200000
#define WOLFSSL_NO_WILDCARDS 0x4
#define WOLFSSL_HOST_NAME_MAX 256
struct WOLFSSL_X509_VERIFY_PARAM {
time_t check_time;
unsigned long flags;
time_t check_time;
unsigned long flags;
char hostName[WOLFSSL_HOST_NAME_MAX];
};
#endif
@@ -578,6 +581,7 @@ WOLFSSL_API WOLFSSL_CTX* wolfSSL_CTX_new_ex(WOLFSSL_METHOD* method, void* heap);
WOLFSSL_API WOLFSSL_CTX* wolfSSL_CTX_new(WOLFSSL_METHOD*);
WOLFSSL_API WOLFSSL* wolfSSL_new(WOLFSSL_CTX*);
WOLFSSL_API WOLFSSL_CTX* wolfSSL_get_SSL_CTX(WOLFSSL* ssl);
WOLFSSL_API WOLFSSL_X509_VERIFY_PARAM* wolfSSL_get0_param(WOLFSSL* ssl);
WOLFSSL_API int wolfSSL_is_server(WOLFSSL*);
WOLFSSL_API WOLFSSL* wolfSSL_write_dup(WOLFSSL*);
WOLFSSL_API int wolfSSL_set_fd (WOLFSSL*, int);
@@ -1014,6 +1018,10 @@ WOLFSSL_API int wolfSSL_sk_X509_REVOKED_num(WOLFSSL_X509_REVOKED*);
WOLFSSL_API void wolfSSL_X509_STORE_CTX_set_time(WOLFSSL_X509_STORE_CTX*,
unsigned long flags,
time_t t);
WOLFSSL_API int wolfSSL_X509_VERIFY_PARAM_set1_host(WOLFSSL_X509_VERIFY_PARAM* pParam,
const char* name,
unsigned int nameSz);
#endif
WOLFSSL_API WOLFSSL_X509_REVOKED* wolfSSL_X509_CRL_get_REVOKED(WOLFSSL_X509_CRL*);
WOLFSSL_API WOLFSSL_X509_REVOKED* wolfSSL_sk_X509_REVOKED_value(
@@ -2689,6 +2697,8 @@ WOLFSSL_API WOLFSSL_EVP_PKEY *wolfSSL_get_privatekey(const WOLFSSL *ssl);
WOLFSSL_API int wolfSSL_use_RSAPrivateKey_ASN1(WOLFSSL* ssl, unsigned char* der,
long derSz);
#endif
WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_ASN1(int pri, WOLFSSL_CTX* ctx,
unsigned char* der, long derSz);
#endif /* NO_CERTS */
WOLFSSL_API WOLFSSL_DH *wolfSSL_DSA_dup_DH(const WOLFSSL_DSA *r);
@@ -2791,7 +2801,6 @@ WOLFSSL_API WOLFSSL_DSA *wolfSSL_PEM_read_bio_DSAparams(WOLFSSL_BIO *bp,
WOLFSSL_API int wolfSSL_PEM_write_bio_X509_REQ(WOLFSSL_BIO *bp,WOLFSSL_X509 *x);
WOLFSSL_API int wolfSSL_PEM_write_bio_X509_AUX(WOLFSSL_BIO *bp,WOLFSSL_X509 *x);
WOLFSSL_API int wolfSSL_PEM_write_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 *x);
#endif /* HAVE_STUNNEL || HAVE_LIGHTY */
#ifdef OPENSSL_ALL
@@ -3107,6 +3116,8 @@ WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PKCS8PrivateKey_bio(WOLFSSL_BIO* bio,
WOLFSSL_EVP_PKEY** pkey, pem_password_cb* cb, void* u);
WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_AutoPrivateKey(
WOLFSSL_EVP_PKEY** pkey, const unsigned char** data, long length);
WOLFSSL_API unsigned long wolfSSL_X509_subject_name_hash(const WOLFSSL_X509* x509);
#endif /* OPENSSL_EXTRA */
+5 -5
View File
@@ -198,6 +198,7 @@ typedef struct PKCS7State PKCS7State;
typedef struct Pkcs7Cert Pkcs7Cert;
typedef struct Pkcs7EncodedRecip Pkcs7EncodedRecip;
typedef struct PKCS7 PKCS7;
typedef struct PKCS7 PKCS7_SIGNED;
typedef struct PKCS7SignerInfo PKCS7SignerInfo;
/* OtherRecipientInfo decrypt callback prototype */
@@ -220,7 +221,7 @@ typedef int (*CallbackWrapCEK)(PKCS7* pkcs7, byte* cek, word32 cekSz,
int keyWrapAlgo, int type, int dir);
/* Public Structure Warning:
* Existing members must not be changed to maintain backwards compatibility!
* Existing members must not be changed to maintain backwards compatibility!
*/
struct PKCS7 {
WC_RNG* rng;
@@ -267,7 +268,7 @@ struct PKCS7 {
byte issuerSn[MAX_SN_SZ]; /* singleCert's serial number */
byte publicKey[MAX_RSA_INT_SZ + MAX_RSA_E_SZ]; /* MAX RSA key size (m + e)*/
word32 certSz[MAX_PKCS7_CERTS];
/* flags - up to 16-bits */
word16 isDynamic:1;
word16 noDegenerate:1; /* allow degenerate case in verify function */
@@ -320,7 +321,6 @@ struct PKCS7 {
/* !! NEW DATA MEMBERS MUST BE ADDED AT END !! */
};
WOLFSSL_API PKCS7* wc_PKCS7_New(void* heap, int devId);
WOLFSSL_API int wc_PKCS7_Init(PKCS7* pkcs7, void* heap, int devId);
WOLFSSL_API int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* der, word32 derSz);
@@ -346,7 +346,7 @@ WOLFSSL_API int wc_PKCS7_SetDetached(PKCS7* pkcs7, word16 flag);
WOLFSSL_API int wc_PKCS7_NoDefaultSignedAttribs(PKCS7* pkcs7);
WOLFSSL_API int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7,
byte* output, word32 outputSz);
WOLFSSL_API int wc_PKCS7_EncodeSignedData_ex(PKCS7* pkcs7, const byte* hashBuf,
WOLFSSL_API int wc_PKCS7_EncodeSignedData_ex(PKCS7* pkcs7, const byte* hashBuf,
word32 hashSz, byte* outputHead,
word32* outputHeadSz,
byte* outputFoot,
@@ -354,7 +354,7 @@ WOLFSSL_API int wc_PKCS7_EncodeSignedData_ex(PKCS7* pkcs7, const byte* hashBuf,
WOLFSSL_API void wc_PKCS7_AllowDegenerate(PKCS7* pkcs7, word16 flag);
WOLFSSL_API int wc_PKCS7_VerifySignedData(PKCS7* pkcs7,
byte* pkiMsg, word32 pkiMsgSz);
WOLFSSL_API int wc_PKCS7_VerifySignedData_ex(PKCS7* pkcs7, const byte* hashBuf,
WOLFSSL_API int wc_PKCS7_VerifySignedData_ex(PKCS7* pkcs7, const byte* hashBuf,
word32 hashSz, byte* pkiMsgHead,
word32 pkiMsgHeadSz, byte* pkiMsgFoot,
word32 pkiMsgFootSz);