mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-07 01:10:49 +02:00
Merge pull request #2396 from tmael/expanding_OpenSSL_compatibility
Phase 1 of the OpenSSL Compatibility APIs
This commit is contained in:
+54
-2
@@ -5119,6 +5119,7 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
|
||||
ssl->sessionCtxSz = ctx->sessionCtxSz;
|
||||
XMEMCPY(ssl->sessionCtx, ctx->sessionCtx, ctx->sessionCtxSz);
|
||||
ssl->cbioFlag = ctx->cbioFlag;
|
||||
|
||||
#endif
|
||||
|
||||
InitCiphers(ssl);
|
||||
@@ -5145,6 +5146,16 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
|
||||
XMEMSET(ssl->arrays->preMasterSecret, 0, ENCRYPT_LEN);
|
||||
#endif
|
||||
|
||||
#ifdef OPENSSL_EXTRA
|
||||
if ((ssl->param = (WOLFSSL_X509_VERIFY_PARAM*)XMALLOC(
|
||||
sizeof(WOLFSSL_X509_VERIFY_PARAM),
|
||||
ssl->heap, DYNAMIC_TYPE_OPENSSL)) == NULL) {
|
||||
WOLFSSL_MSG("ssl->param memory error");
|
||||
return MEMORY_E;
|
||||
}
|
||||
XMEMSET(ssl->param, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM));
|
||||
#endif
|
||||
|
||||
#ifdef SINGLE_THREADED
|
||||
if (ctx->suites == NULL)
|
||||
#endif
|
||||
@@ -5682,7 +5693,11 @@ void SSL_ResourceFree(WOLFSSL* ssl)
|
||||
FreeWriteDup(ssl);
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef OPENSSL_EXTRA
|
||||
if (ssl->param) {
|
||||
XFREE(ssl->param, ssl->heap, DYNAMIC_TYPE_OPENSSL);
|
||||
}
|
||||
#endif
|
||||
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
|
||||
while (ssl->certReqCtx != NULL) {
|
||||
CertReqCtx* curr = ssl->certReqCtx;
|
||||
@@ -9039,7 +9054,16 @@ static int DoVerifyCallback(WOLFSSL* ssl, int ret, ProcPeerCertArgs* args)
|
||||
use_cb = 1;
|
||||
}
|
||||
#endif
|
||||
#if defined(OPENSSL_EXTRA)
|
||||
/* perform domain name check on the peer certificate */
|
||||
if (args->dCertInit && args->dCert && args->dCert->subjectCN \
|
||||
&& ssl->param && ssl->param->hostName[0]) {
|
||||
|
||||
if(XSTRSTR(args->dCert->subjectCN, ssl->param->hostName) == NULL) {
|
||||
return VERIFY_CERT_ERROR;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
/* if verify callback has been set */
|
||||
if (use_cb && ssl->verifyCallback) {
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
@@ -9113,7 +9137,30 @@ static int DoVerifyCallback(WOLFSSL* ssl, int ret, ProcPeerCertArgs* args)
|
||||
else {
|
||||
store->store = &ssl->ctx->x509_store;
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(OPENSSL_EXTRA)
|
||||
store->param = (WOLFSSL_X509_VERIFY_PARAM*)XMALLOC(
|
||||
sizeof(WOLFSSL_X509_VERIFY_PARAM),
|
||||
ssl->heap, DYNAMIC_TYPE_OPENSSL);
|
||||
if (store->param == NULL) {
|
||||
return MEMORY_E;
|
||||
}
|
||||
XMEMSET(store->param, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM));
|
||||
/* Overwrite with non-default param values in SSL */
|
||||
if (ssl->param) {
|
||||
if (ssl->param->check_time)
|
||||
store->param->check_time = ssl->param->check_time;
|
||||
|
||||
if (ssl->param->flags)
|
||||
store->param->flags = ssl->param->flags;
|
||||
|
||||
if (ssl->param->hostName[0])
|
||||
XMEMCPY(store->param->hostName, ssl->param->hostName,
|
||||
WOLFSSL_HOST_NAME_MAX);
|
||||
|
||||
}
|
||||
#endif /* defined(OPENSSL_EXTRA) */
|
||||
#endif /* defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)*/
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
#ifdef KEEP_PEER_CERT
|
||||
if (args->certIdx == 0) {
|
||||
@@ -9167,6 +9214,11 @@ static int DoVerifyCallback(WOLFSSL* ssl, int ret, ProcPeerCertArgs* args)
|
||||
#endif
|
||||
}
|
||||
#endif /* SESSION_CERTS */
|
||||
#ifdef OPENSSL_EXTRA
|
||||
if (store->param){
|
||||
XFREE(store->param, ssl->heap, DYNAMIC_TYPE_OPENSSL);
|
||||
}
|
||||
#endif
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(domain, ssl->heap, DYNAMIC_TYPE_STRING);
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
|
||||
@@ -7630,6 +7630,24 @@ int wolfSSL_use_PrivateKey_ASN1(int pri, WOLFSSL* ssl, unsigned char* der,
|
||||
(void)pri; /* type of private key */
|
||||
return wolfSSL_use_PrivateKey_buffer(ssl, der, derSz, WOLFSSL_FILETYPE_ASN1);
|
||||
}
|
||||
/******************************************************************************
|
||||
* wolfSSL_CTX_use_PrivateKey_ASN1 - loads a private key buffer into the SSL ctx
|
||||
*
|
||||
* RETURNS:
|
||||
* returns WOLFSSL_SUCCESS on success, otherwise returns WOLFSSL_FAILURE
|
||||
*/
|
||||
|
||||
int wolfSSL_CTX_use_PrivateKey_ASN1(int pri, WOLFSSL_CTX* ctx,
|
||||
unsigned char* der, long derSz)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey_ASN1");
|
||||
if (ctx == NULL || der == NULL ) {
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
(void)pri; /* type of private key */
|
||||
return wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, derSz, WOLFSSL_FILETYPE_ASN1);
|
||||
}
|
||||
|
||||
|
||||
#ifndef NO_RSA
|
||||
@@ -12194,7 +12212,6 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
|
||||
return &ctx->x509_store;
|
||||
}
|
||||
|
||||
|
||||
void wolfSSL_CTX_set_cert_store(WOLFSSL_CTX* ctx, WOLFSSL_X509_STORE* str)
|
||||
{
|
||||
if (ctx == NULL || str == NULL) {
|
||||
@@ -16649,7 +16666,48 @@ WOLFSSL_X509_NAME* wolfSSL_X509_get_subject_name(WOLFSSL_X509* cert)
|
||||
return NULL;
|
||||
}
|
||||
|
||||
#if defined(OPENSSL_EXTRA) && !defined(NO_SHA)
|
||||
/******************************************************************************
|
||||
* wolfSSL_X509_subject_name_hash - compute the hash digest of the raw subject name
|
||||
*
|
||||
* RETURNS:
|
||||
* The beginning of the hash digest. Otherwise, returns zero.
|
||||
* Note:
|
||||
* Returns a different hash value from OpenSSL's X509_subject_name_hash() API
|
||||
* depending on the subject name.
|
||||
*/
|
||||
unsigned long wolfSSL_X509_subject_name_hash(const WOLFSSL_X509* x509)
|
||||
{
|
||||
word32 ret = 0;
|
||||
int retHash;
|
||||
WOLFSSL_X509_NAME *subjectName = NULL;
|
||||
|
||||
#ifdef WOLFSSL_PIC32MZ_HASH
|
||||
byte digest[PIC32_DIGEST_SIZE];
|
||||
#else
|
||||
byte digest[WC_SHA_DIGEST_SIZE];
|
||||
#endif
|
||||
|
||||
if (x509 == NULL){
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
subjectName = wolfSSL_X509_get_subject_name((WOLFSSL_X509*)x509);
|
||||
|
||||
if (subjectName != NULL){
|
||||
retHash = wc_ShaHash((const byte*)subjectName->name,
|
||||
(word32)subjectName->sz, digest);
|
||||
|
||||
if(retHash != 0){
|
||||
WOLFSSL_MSG("Hash of X509 subjectName has failed");
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
ret = MakeWordFromHash(digest);
|
||||
}
|
||||
|
||||
return (unsigned long)ret;
|
||||
}
|
||||
#endif
|
||||
|
||||
WOLFSSL_X509_NAME* wolfSSL_X509_get_issuer_name(WOLFSSL_X509* cert)
|
||||
{
|
||||
@@ -19182,6 +19240,14 @@ WOLFSSL_X509_STORE* wolfSSL_X509_STORE_new(void)
|
||||
goto err_exit;
|
||||
#endif
|
||||
|
||||
#ifdef OPENSSL_EXTRA
|
||||
if ((store->param = (WOLFSSL_X509_VERIFY_PARAM*)XMALLOC(
|
||||
sizeof(WOLFSSL_X509_VERIFY_PARAM),
|
||||
NULL,DYNAMIC_TYPE_OPENSSL)) == NULL)
|
||||
goto err_exit;
|
||||
|
||||
#endif
|
||||
|
||||
return store;
|
||||
|
||||
err_exit:
|
||||
@@ -19192,6 +19258,11 @@ err_exit:
|
||||
#ifdef HAVE_CRL
|
||||
if(store->crl != NULL)
|
||||
wolfSSL_X509_CRL_free(store->crl);
|
||||
#endif
|
||||
#ifdef OPENSSL_EXTRA
|
||||
if (store->param != NULL){
|
||||
XFREE(store->param,NULL,DYNAMIC_TYPE_OPENSSL);
|
||||
}
|
||||
#endif
|
||||
wolfSSL_X509_STORE_free(store);
|
||||
|
||||
@@ -19207,6 +19278,11 @@ void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE* store)
|
||||
#ifdef HAVE_CRL
|
||||
if (store->crl != NULL)
|
||||
wolfSSL_X509_CRL_free(store->crl);
|
||||
#endif
|
||||
#ifdef OPENSSL_EXTRA
|
||||
if (store->param != NULL){
|
||||
XFREE(store->param,NULL,DYNAMIC_TYPE_OPENSSL);
|
||||
}
|
||||
#endif
|
||||
XFREE(store, NULL, DYNAMIC_TYPE_X509_STORE);
|
||||
}
|
||||
@@ -19658,6 +19734,60 @@ void wolfSSL_X509_STORE_CTX_set_time(WOLFSSL_X509_STORE_CTX* ctx,
|
||||
ctx->param->check_time = t;
|
||||
ctx->param->flags |= WOLFSSL_USE_CHECK_TIME;
|
||||
}
|
||||
/******************************************************************************
|
||||
* wolfSSL_X509_VERIFY_PARAM_set1_host - sets the DNS hostname to name
|
||||
* hostnames is cleared if name is NULL or empty.
|
||||
*
|
||||
* RETURNS:
|
||||
*
|
||||
*/
|
||||
int wolfSSL_X509_VERIFY_PARAM_set1_host(WOLFSSL_X509_VERIFY_PARAM* pParam,
|
||||
const char* name,
|
||||
unsigned int nameSz)
|
||||
{
|
||||
unsigned int sz = 0;
|
||||
|
||||
if (pParam == NULL)
|
||||
return WOLFSSL_FAILURE;
|
||||
|
||||
XMEMSET(pParam->hostName, 0, WOLFSSL_HOST_NAME_MAX);
|
||||
|
||||
if (name == NULL)
|
||||
return WOLFSSL_SUCCESS;
|
||||
|
||||
sz = (unsigned int)XSTRLEN(name);
|
||||
|
||||
/* If name is NUL-terminated, namelen can be set to zero. */
|
||||
if(nameSz == 0 || nameSz > sz)
|
||||
nameSz = sz;
|
||||
|
||||
if (nameSz > 0 && name[nameSz - 1] == '\0')
|
||||
nameSz--;
|
||||
|
||||
if (nameSz > WOLFSSL_HOST_NAME_MAX-1)
|
||||
nameSz = WOLFSSL_HOST_NAME_MAX-1;
|
||||
|
||||
if (nameSz > 0)
|
||||
XMEMCPY(pParam->hostName, name, nameSz);
|
||||
|
||||
pParam->hostName[nameSz] = '\0';
|
||||
|
||||
return WOLFSSL_SUCCESS;
|
||||
}
|
||||
/******************************************************************************
|
||||
* wolfSSL_get0_param - return a pointer to the SSL verification parameters
|
||||
*
|
||||
* RETURNS:
|
||||
* returns pointer to the SSL verification parameters on success,
|
||||
* otherwise returns NULL
|
||||
*/
|
||||
WOLFSSL_X509_VERIFY_PARAM* wolfSSL_get0_param(WOLFSSL* ssl)
|
||||
{
|
||||
if (ssl == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
return ssl->param;
|
||||
}
|
||||
|
||||
#ifndef NO_WOLFSSL_STUB
|
||||
void wolfSSL_X509_OBJECT_free_contents(WOLFSSL_X509_OBJECT* obj)
|
||||
@@ -22940,7 +23070,6 @@ int wolfSSL_RAND_bytes(unsigned char* buf, int num)
|
||||
rng = tmpRNG;
|
||||
initTmpRng = 1;
|
||||
}
|
||||
|
||||
if (rng) {
|
||||
if (wc_RNG_GenerateBlock(rng, buf, num) != 0)
|
||||
WOLFSSL_MSG("Bad wc_RNG_GenerateBlock");
|
||||
@@ -34462,8 +34591,8 @@ int wolfSSL_CTX_get_verify_mode(WOLFSSL_CTX* ctx)
|
||||
WOLFSSL_LEAVE("wolfSSL_CTX_get_verify_mode", mode);
|
||||
return mode;
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif
|
||||
#if defined(OPENSSL_EXTRA) && defined(HAVE_CURVE25519)
|
||||
/* return 1 if success, 0 if error
|
||||
* output keys are little endian format
|
||||
@@ -36275,6 +36404,28 @@ PKCS7* wolfSSL_PKCS7_new(void)
|
||||
|
||||
return (PKCS7*)pkcs7;
|
||||
}
|
||||
/******************************************************************************
|
||||
* wolfSSL_PKCS7_SIGNED_new - allocates PKCS7 and initialize it for a signed data
|
||||
*
|
||||
* RETURNS:
|
||||
* returns pointer to the PKCS7 structure on success, otherwise returns NULL
|
||||
*/
|
||||
PKCS7_SIGNED* wolfSSL_PKCS7_SIGNED_new(void)
|
||||
{
|
||||
byte signedData[]= { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x02};
|
||||
PKCS7* pkcs7 = NULL;
|
||||
|
||||
if ((pkcs7 = wolfSSL_PKCS7_new()) == NULL)
|
||||
return NULL;
|
||||
pkcs7->contentOID = SIGNED_DATA;
|
||||
if ((wc_PKCS7_SetContentType(pkcs7, signedData, sizeof(signedData))) < 0) {
|
||||
if (pkcs7) {
|
||||
wolfSSL_PKCS7_free(pkcs7);
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
return pkcs7;
|
||||
}
|
||||
|
||||
void wolfSSL_PKCS7_free(PKCS7* pkcs7)
|
||||
{
|
||||
@@ -36287,7 +36438,11 @@ void wolfSSL_PKCS7_free(PKCS7* pkcs7)
|
||||
XFREE(p7, NULL, DYNAMIC_TYPE_PKCS7);
|
||||
}
|
||||
}
|
||||
|
||||
void wolfSSL_PKCS7_SIGNED_free(PKCS7_SIGNED* p7)
|
||||
{
|
||||
wolfSSL_PKCS7_free(p7);
|
||||
return;
|
||||
}
|
||||
PKCS7* wolfSSL_d2i_PKCS7(PKCS7** p7, const unsigned char** in, int len)
|
||||
{
|
||||
WOLFSSL_PKCS7* pkcs7 = NULL;
|
||||
@@ -36426,7 +36581,130 @@ WOLFSSL_STACK* wolfSSL_PKCS7_get0_signers(PKCS7* pkcs7, WOLFSSL_STACK* certs,
|
||||
|
||||
return signers;
|
||||
}
|
||||
|
||||
/******************************************************************************
|
||||
* wolfSSL_PEM_write_bio_PKCS7 - writes the PKCS7 data to BIO
|
||||
*
|
||||
* RETURNS:
|
||||
* returns WOLFSSL_SUCCESS on success, otherwise returns WOLFSSL_FAILURE
|
||||
*/
|
||||
|
||||
int wolfSSL_PEM_write_bio_PKCS7(WOLFSSL_BIO* bio, PKCS7* p7)
|
||||
{
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
byte* outputHead;
|
||||
byte* outputFoot;
|
||||
#else
|
||||
byte outputHead[2048];
|
||||
byte outputFoot[2048];
|
||||
#endif
|
||||
word32 outputHeadSz = 2048;
|
||||
word32 outputFootSz = 2048;
|
||||
word32 outputSz = 0;
|
||||
byte* output = NULL;
|
||||
byte* pem = NULL;
|
||||
int pemSz = -1;
|
||||
enum wc_HashType hashType;
|
||||
byte hashBuf[WC_MAX_DIGEST_SIZE];
|
||||
word32 hashSz = -1;
|
||||
|
||||
WOLFSSL_ENTER("wolfSSL_PEM_write_bio_PKCS7()");
|
||||
|
||||
if (bio == NULL || p7 == NULL)
|
||||
return WOLFSSL_FAILURE;
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
outputHead = (byte*)XMALLOC(outputHeadSz, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (outputHead == NULL)
|
||||
return MEMORY_E;
|
||||
|
||||
outputFoot = (byte*)XMALLOC(outputFootSz, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (outputFoot == NULL)
|
||||
goto error;
|
||||
|
||||
#endif
|
||||
|
||||
XMEMSET(hashBuf, 0, WC_MAX_DIGEST_SIZE);
|
||||
XMEMSET(outputHead, 0, outputHeadSz);
|
||||
XMEMSET(outputFoot, 0, outputFootSz);
|
||||
|
||||
hashType = wc_OidGetHash(p7->hashOID);
|
||||
hashSz = wc_HashGetDigestSize(hashType);
|
||||
if (hashSz > WC_MAX_DIGEST_SIZE)
|
||||
return WOLFSSL_FAILURE;
|
||||
|
||||
/* only SIGNED_DATA is supported */
|
||||
switch (p7->contentOID) {
|
||||
case SIGNED_DATA:
|
||||
break;
|
||||
default:
|
||||
WOLFSSL_MSG("Unknown PKCS#7 Type");
|
||||
return WOLFSSL_FAILURE;
|
||||
};
|
||||
|
||||
if ((wc_PKCS7_EncodeSignedData_ex(p7, hashBuf, hashSz,
|
||||
outputHead, &outputHeadSz, outputFoot, &outputFootSz)) != 0)
|
||||
return WOLFSSL_FAILURE;
|
||||
|
||||
outputSz = outputHeadSz + p7->contentSz + outputFootSz;
|
||||
output = (byte*)XMALLOC(outputSz, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
|
||||
if (!output)
|
||||
return WOLFSSL_FAILURE;
|
||||
|
||||
XMEMSET(output, 0, outputSz);
|
||||
outputSz = 0;
|
||||
XMEMCPY(&output[outputSz], outputHead, outputHeadSz);
|
||||
outputSz += outputHeadSz;
|
||||
XMEMCPY(&output[outputSz], p7->content, p7->contentSz);
|
||||
outputSz += p7->contentSz;
|
||||
XMEMCPY(&output[outputSz], outputFoot, outputFootSz);
|
||||
outputSz += outputFootSz;
|
||||
|
||||
/* get PEM size */
|
||||
pemSz = wc_DerToPemEx(output, outputSz, NULL, 0, NULL, CERT_TYPE);
|
||||
if (pemSz < 0)
|
||||
goto error;
|
||||
|
||||
pemSz++; /* for '\0'*/
|
||||
|
||||
/* create PEM buffer and convert from DER to PEM*/
|
||||
if ((pem = (byte*)XMALLOC(pemSz, bio->heap, DYNAMIC_TYPE_TMP_BUFFER)) == NULL)
|
||||
goto error;
|
||||
|
||||
XMEMSET(pem, 0, pemSz);
|
||||
|
||||
if (wc_DerToPemEx(output, outputSz, pem, pemSz, NULL, CERT_TYPE) < 0) {
|
||||
goto error;
|
||||
}
|
||||
if ((wolfSSL_BIO_write(bio, pem, pemSz) == pemSz)) {
|
||||
XFREE(output, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(pem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(outputHead, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(outputFoot, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
#endif
|
||||
return WOLFSSL_SUCCESS;
|
||||
}
|
||||
|
||||
error:
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
if (outputHead) {
|
||||
XFREE(outputHead, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
}
|
||||
if (outputFoot) {
|
||||
XFREE(outputFoot, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
}
|
||||
#endif
|
||||
if (output) {
|
||||
XFREE(output, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
}
|
||||
if (pem) {
|
||||
XFREE(pem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
}
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
#endif /* defined(OPENSSL_ALL) && defined(HAVE_PKCS7) */
|
||||
|
||||
#ifdef OPENSSL_ALL
|
||||
WOLFSSL_STACK* wolfSSL_sk_X509_new(void)
|
||||
@@ -36998,4 +37276,3 @@ int wolfSSL_X509_REQ_set_pubkey(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey)
|
||||
return wolfSSL_X509_set_pubkey(req, pkey);
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
+226
-2
@@ -4140,7 +4140,6 @@ static void test_wolfSSL_X509_NAME_get_entry(void)
|
||||
#endif /* !NO_CERTS && !NO_RSA */
|
||||
}
|
||||
|
||||
|
||||
/* Testing functions dealing with PKCS12 parsing out X509 certs */
|
||||
static void test_wolfSSL_PKCS12(void)
|
||||
{
|
||||
@@ -17839,7 +17838,31 @@ static void test_wolfSSL_X509_NAME(void)
|
||||
printf(resultFmt, passed);
|
||||
#endif /* defined(OPENSSL_EXTRA) && !defined(NO_DES3) */
|
||||
}
|
||||
static void test_wolfSSL_X509_subject_name_hash(void)
|
||||
{
|
||||
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \
|
||||
&& !defined(NO_SHA) && !defined(NO_RSA)
|
||||
|
||||
X509* x509;
|
||||
X509_NAME* subjectName = NULL;
|
||||
unsigned long ret = 0;
|
||||
|
||||
printf(testingFmt, "wolfSSL_X509_subject_name_hash()");
|
||||
|
||||
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
|
||||
SSL_FILETYPE_PEM));
|
||||
|
||||
AssertNotNull(subjectName = wolfSSL_X509_get_subject_name(x509));
|
||||
|
||||
ret = X509_subject_name_hash(x509);
|
||||
|
||||
AssertIntNE(ret, WOLFSSL_FAILURE);
|
||||
|
||||
X509_free(x509);
|
||||
printf(resultFmt, passed);
|
||||
|
||||
#endif
|
||||
}
|
||||
|
||||
static void test_wolfSSL_DES(void)
|
||||
{
|
||||
@@ -18310,6 +18333,21 @@ static void test_wolfSSL_private_keys(void)
|
||||
/* After loading back in DER format of original key, should match */
|
||||
AssertIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
|
||||
|
||||
/* test loading private key to the WOLFSSL_CTX */
|
||||
AssertIntEQ(SSL_CTX_use_PrivateKey_ASN1(0, ctx,
|
||||
(unsigned char*)client_key_der_2048,
|
||||
sizeof_client_key_der_2048), WOLFSSL_SUCCESS);
|
||||
#ifndef HAVE_USER_RSA
|
||||
/* Should mismatch now that a different private key loaded */
|
||||
AssertIntNE(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_SUCCESS);
|
||||
#endif
|
||||
|
||||
AssertIntEQ(SSL_CTX_use_PrivateKey_ASN1(0, ctx,
|
||||
(unsigned char*)server_key,
|
||||
sizeof_server_key_der_2048), WOLFSSL_SUCCESS);
|
||||
/* After loading back in DER format of original key, should match */
|
||||
AssertIntEQ(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_SUCCESS);
|
||||
|
||||
/* pkey not set yet, expecting to fail */
|
||||
AssertIntEQ(SSL_use_PrivateKey(ssl, pkey), WOLFSSL_FAILURE);
|
||||
|
||||
@@ -19451,6 +19489,58 @@ static void test_wolfSSL_X509_STORE_CTX_set_time(void)
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
}
|
||||
|
||||
static void test_wolfSSL_get0_param(void)
|
||||
{
|
||||
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
|
||||
SSL_CTX* ctx;
|
||||
SSL* ssl;
|
||||
WOLFSSL_X509_VERIFY_PARAM* pParam;
|
||||
|
||||
printf(testingFmt, "wolfSSL_get0_param()");
|
||||
|
||||
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
|
||||
AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM));
|
||||
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
|
||||
AssertNotNull(ssl = SSL_new(ctx));
|
||||
|
||||
pParam = SSL_get0_param(ssl);
|
||||
|
||||
(void)pParam;
|
||||
|
||||
SSL_free(ssl);
|
||||
SSL_CTX_free(ctx);
|
||||
printf(resultFmt, passed);
|
||||
#endif /* OPENSSL_EXTRA && !defined(NO_RSA)*/
|
||||
}
|
||||
|
||||
static void test_wolfSSL_X509_VERIFY_PARAM_set1_host(void)
|
||||
{
|
||||
#if defined(OPENSSL_EXTRA)
|
||||
const char host[] = "www.example.com";
|
||||
WOLFSSL_X509_VERIFY_PARAM* pParam;
|
||||
|
||||
printf(testingFmt, "wolfSSL_X509_VERIFY_PARAM_set1_host()");
|
||||
|
||||
AssertNotNull(pParam = (WOLFSSL_X509_VERIFY_PARAM*)XMALLOC(
|
||||
sizeof(WOLFSSL_X509_VERIFY_PARAM),
|
||||
HEAP_HINT, DYNAMIC_TYPE_OPENSSL));
|
||||
|
||||
XMEMSET(pParam, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM));
|
||||
|
||||
X509_VERIFY_PARAM_set1_host(pParam, host, sizeof(host));
|
||||
|
||||
AssertIntEQ(XMEMCMP(pParam->hostName, host, sizeof(host)), 0);
|
||||
|
||||
XMEMSET(pParam, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM));
|
||||
|
||||
AssertIntNE(XMEMCMP(pParam->hostName, host, sizeof(host)), 0);
|
||||
|
||||
XFREE(pParam, HEAP_HINT, DYNAMIC_TYPE_OPENSSL);
|
||||
|
||||
printf(resultFmt, passed);
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
}
|
||||
|
||||
static void test_wolfSSL_CTX_set_client_CA_list(void)
|
||||
{
|
||||
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_CERTS)
|
||||
@@ -23586,6 +23676,136 @@ static void test_wolfssl_PKCS7(void)
|
||||
#endif
|
||||
}
|
||||
|
||||
static void test_wolfSSL_PKCS7_SIGNED_new(void)
|
||||
{
|
||||
#if defined(OPENSSL_ALL) && defined(HAVE_PKCS7)
|
||||
PKCS7_SIGNED* pkcs7;
|
||||
|
||||
printf(testingFmt, "wolfSSL_PKCS7_SIGNED_new()");
|
||||
|
||||
pkcs7 = PKCS7_SIGNED_new();
|
||||
AssertNotNull(pkcs7);
|
||||
AssertIntEQ(pkcs7->contentOID, SIGNED_DATA);
|
||||
|
||||
PKCS7_SIGNED_free(pkcs7);
|
||||
printf(resultFmt, passed);
|
||||
#endif
|
||||
}
|
||||
|
||||
static void test_wolfSSL_PEM_write_bio_PKCS7(void)
|
||||
{
|
||||
#if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM)
|
||||
PKCS7* pkcs7 = NULL;
|
||||
BIO* bio = NULL;
|
||||
const byte* cert_buf = NULL;
|
||||
int ret = 0;
|
||||
WC_RNG rng;
|
||||
const byte data[] = { /* Hello World */
|
||||
0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
|
||||
0x72,0x6c,0x64
|
||||
};
|
||||
#ifndef NO_RSA
|
||||
#if defined(USE_CERT_BUFFERS_2048)
|
||||
byte key[sizeof_client_key_der_2048];
|
||||
byte cert[sizeof_client_cert_der_2048];
|
||||
word32 keySz = (word32)sizeof(key);
|
||||
word32 certSz = (word32)sizeof(cert);
|
||||
XMEMSET(key, 0, keySz);
|
||||
XMEMSET(cert, 0, certSz);
|
||||
XMEMCPY(key, client_key_der_2048, keySz);
|
||||
XMEMCPY(cert, client_cert_der_2048, certSz);
|
||||
#elif defined(USE_CERT_BUFFERS_1024)
|
||||
byte key[sizeof_client_key_der_1024];
|
||||
byte cert[sizeof_client_cert_der_1024];
|
||||
word32 keySz = (word32)sizeof(key);
|
||||
word32 certSz = (word32)sizeof(cert);
|
||||
XMEMSET(key, 0, keySz);
|
||||
XMEMSET(cert, 0, certSz);
|
||||
XMEMCPY(key, client_key_der_1024, keySz);
|
||||
XMEMCPY(cert, client_cert_der_1024, certSz);
|
||||
#else
|
||||
unsigned char cert[ONEK_BUF];
|
||||
unsigned char key[ONEK_BUF];
|
||||
XFILE fp;
|
||||
int certSz;
|
||||
int keySz;
|
||||
|
||||
fp = XFOPEN("./certs/1024/client-cert.der", "rb");
|
||||
AssertTrue((fp != XBADFILE));
|
||||
certSz = XFREAD(cert, 1, sizeof_client_cert_der_1024, fp);
|
||||
XFCLOSE(fp);
|
||||
|
||||
fp = XFOPEN("./certs/1024/client-key.der", "rb");
|
||||
AssertTrue(fp != XBADFILE);
|
||||
keySz = XFREAD(key, 1, sizeof_client_key_der_1024, fp);
|
||||
XFCLOSE(fp);
|
||||
#endif
|
||||
#elif defined(HAVE_ECC)
|
||||
#if defined(USE_CERT_BUFFERS_256)
|
||||
unsigned char cert[sizeof_cliecc_cert_der_256];
|
||||
unsigned char key[sizeof_ecc_clikey_der_256];
|
||||
int certSz = (int)sizeof(cert);
|
||||
int keySz = (int)sizeof(key);
|
||||
XMEMSET(cert, 0, certSz);
|
||||
XMEMSET(key, 0, keySz);
|
||||
XMEMCPY(cert, cliecc_cert_der_256, sizeof_cliecc_cert_der_256);
|
||||
XMEMCPY(key, ecc_clikey_der_256, sizeof_ecc_clikey_der_256);
|
||||
#else
|
||||
unsigned char cert[ONEK_BUF];
|
||||
unsigned char key[ONEK_BUF];
|
||||
XFILE fp;
|
||||
int certSz, keySz;
|
||||
|
||||
fp = XFOPEN("./certs/client-ecc-cert.der", "rb");
|
||||
AssertTrue(fp != XBADFILE);
|
||||
certSz = XFREAD(cert, 1, sizeof_cliecc_cert_der_256, fp);
|
||||
XFCLOSE(fp);
|
||||
|
||||
fp = XFOPEN("./certs/client-ecc-key.der", "rb");
|
||||
AssertTrue(fp != XBADFILE);
|
||||
keySz = XFREAD(key, 1, sizeof_ecc_clikey_der_256, fp);
|
||||
XFCLOSE(fp);
|
||||
#endif
|
||||
#else
|
||||
#error PKCS7 requires ECC or RSA
|
||||
#endif
|
||||
printf(testingFmt, "wolfSSL_PEM_write_bio_PKCS7()");
|
||||
|
||||
AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
|
||||
/* initialize with DER encoded cert */
|
||||
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, (byte*)cert, (word32)certSz), 0);
|
||||
|
||||
/* init rng */
|
||||
AssertIntEQ(wc_InitRng(&rng), 0);
|
||||
|
||||
pkcs7->rng = &rng;
|
||||
pkcs7->content = (byte*)data; /* not used for ex */
|
||||
pkcs7->contentSz = (word32)sizeof(data);
|
||||
pkcs7->contentOID = SIGNED_DATA;
|
||||
pkcs7->privateKey = key;
|
||||
pkcs7->privateKeySz = (word32)sizeof(key);
|
||||
pkcs7->encryptOID = RSAk;
|
||||
pkcs7->hashOID = SHAh;
|
||||
pkcs7->signedAttribs = NULL;
|
||||
pkcs7->signedAttribsSz = 0;
|
||||
|
||||
AssertNotNull(bio = BIO_new(BIO_s_mem()));
|
||||
/* Write PKCS#7 PEM to BIO, the function converts the DER to PEM cert*/
|
||||
AssertIntEQ(PEM_write_bio_PKCS7(bio, pkcs7), WOLFSSL_SUCCESS);
|
||||
|
||||
/* Read PKCS#7 PEM from BIO */
|
||||
ret = wolfSSL_BIO_get_mem_data(bio, &cert_buf);
|
||||
AssertIntGE(ret, 0);
|
||||
|
||||
BIO_free(bio);
|
||||
wc_PKCS7_Free(pkcs7);
|
||||
wc_FreeRng(&rng);
|
||||
|
||||
printf(resultFmt, passed);
|
||||
|
||||
#endif
|
||||
}
|
||||
|
||||
/*----------------------------------------------------------------------------*
|
||||
| Certficate Failure Checks
|
||||
*----------------------------------------------------------------------------*/
|
||||
@@ -24876,7 +25096,6 @@ static void test_SetTmpEC_DHE_Sz(void)
|
||||
#endif
|
||||
}
|
||||
|
||||
|
||||
/*----------------------------------------------------------------------------*
|
||||
| Main
|
||||
*----------------------------------------------------------------------------*/
|
||||
@@ -24960,6 +25179,7 @@ void ApiTest(void)
|
||||
|
||||
/* compatibility tests */
|
||||
test_wolfSSL_X509_NAME();
|
||||
test_wolfSSL_X509_subject_name_hash();
|
||||
test_wolfSSL_DES();
|
||||
test_wolfSSL_certs();
|
||||
test_wolfSSL_ASN1_TIME_print();
|
||||
@@ -24990,6 +25210,8 @@ void ApiTest(void)
|
||||
test_wolfSSL_X509_LOOKUP_load_file();
|
||||
test_wolfSSL_X509_NID();
|
||||
test_wolfSSL_X509_STORE_CTX_set_time();
|
||||
test_wolfSSL_get0_param();
|
||||
test_wolfSSL_X509_VERIFY_PARAM_set1_host();
|
||||
test_wolfSSL_X509_STORE();
|
||||
test_wolfSSL_BN();
|
||||
test_wolfSSL_PEM_read_bio();
|
||||
@@ -25067,6 +25289,8 @@ void ApiTest(void)
|
||||
test_X509_REQ();
|
||||
/* OpenSSL PKCS7 API test */
|
||||
test_wolfssl_PKCS7();
|
||||
test_wolfSSL_PKCS7_SIGNED_new();
|
||||
test_wolfSSL_PEM_write_bio_PKCS7();
|
||||
|
||||
/* wolfCrypt ASN tests */
|
||||
test_wc_GetPkcs8TraditionalOffset();
|
||||
|
||||
@@ -3739,6 +3739,7 @@ struct WOLFSSL {
|
||||
WOLFSSL_BIO* biord; /* socket bio read to free/close */
|
||||
WOLFSSL_BIO* biowr; /* socket bio write to free/close */
|
||||
byte sessionCtx[ID_LEN]; /* app session context ID */
|
||||
WOLFSSL_X509_VERIFY_PARAM* param; /* verification parameters*/
|
||||
#endif
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
unsigned long peerVerifyRet;
|
||||
|
||||
@@ -47,8 +47,9 @@ typedef struct WOLFSSL_PKCS7
|
||||
|
||||
|
||||
WOLFSSL_API PKCS7* wolfSSL_PKCS7_new(void);
|
||||
WOLFSSL_API PKCS7_SIGNED* wolfSSL_PKCS7_SIGNED_new(void);
|
||||
WOLFSSL_API void wolfSSL_PKCS7_free(PKCS7* p7);
|
||||
|
||||
WOLFSSL_API void wolfSSL_PKCS7_SIGNED_free(PKCS7_SIGNED* p7);
|
||||
WOLFSSL_API PKCS7* wolfSSL_d2i_PKCS7(PKCS7** p7, const unsigned char** in,
|
||||
int len);
|
||||
WOLFSSL_API PKCS7* wolfSSL_d2i_PKCS7_bio(WOLFSSL_BIO* bio, PKCS7** p7);
|
||||
@@ -56,13 +57,17 @@ WOLFSSL_API int wolfSSL_PKCS7_verify(PKCS7* p7, WOLFSSL_STACK* certs,
|
||||
WOLFSSL_X509_STORE* store, WOLFSSL_BIO* in, WOLFSSL_BIO* out, int flags);
|
||||
WOLFSSL_API WOLFSSL_STACK* wolfSSL_PKCS7_get0_signers(PKCS7* p7,
|
||||
WOLFSSL_STACK* certs, int flags);
|
||||
WOLFSSL_API int wolfSSL_PEM_write_bio_PKCS7(WOLFSSL_BIO* bio, PKCS7* p7);
|
||||
|
||||
#define PKCS7_new wolfSSL_PKCS7_new
|
||||
#define PKCS7_new wolfSSL_PKCS7_new
|
||||
#define PKCS7_SIGNED_new wolfSSL_PKCS7_SIGNED_new
|
||||
#define PKCS7_free wolfSSL_PKCS7_free
|
||||
#define PKCS7_SIGNED_free wolfSSL_PKCS7_SIGNED_free
|
||||
#define d2i_PKCS7 wolfSSL_d2i_PKCS7
|
||||
#define d2i_PKCS7_bio wolfSSL_d2i_PKCS7_bio
|
||||
#define PKCS7_verify wolfSSL_PKCS7_verify
|
||||
#define PKCS7_get0_signers wolfSSL_PKCS7_get0_signers
|
||||
#define PEM_write_bio_PKCS7 wolfSSL_PEM_write_bio_PKCS7
|
||||
|
||||
#endif /* OPENSSL_ALL && HAVE_PKCS7 */
|
||||
|
||||
|
||||
+17
-15
@@ -101,6 +101,7 @@ typedef WOLFSSL_X509_REVOKED X509_REVOKED;
|
||||
typedef WOLFSSL_X509_OBJECT X509_OBJECT;
|
||||
typedef WOLFSSL_X509_STORE X509_STORE;
|
||||
typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
|
||||
typedef WOLFSSL_X509_VERIFY_PARAM X509_VERIFY_PARAM;
|
||||
|
||||
#define EVP_CIPHER_INFO EncryptedInfo
|
||||
|
||||
@@ -115,7 +116,6 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
|
||||
/* depreciated */
|
||||
#define CRYPTO_thread_id wolfSSL_thread_id
|
||||
#define CRYPTO_set_id_callback wolfSSL_set_id_callback
|
||||
|
||||
#define CRYPTO_LOCK 0x01
|
||||
#define CRYPTO_UNLOCK 0x02
|
||||
#define CRYPTO_READ 0x04
|
||||
@@ -162,6 +162,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
|
||||
#define SSL_use_PrivateKey_ASN1 wolfSSL_use_PrivateKey_ASN1
|
||||
#define SSL_use_RSAPrivateKey_ASN1 wolfSSL_use_RSAPrivateKey_ASN1
|
||||
#define SSL_get_privatekey wolfSSL_get_privatekey
|
||||
#define SSL_CTX_use_PrivateKey_ASN1 wolfSSL_CTX_use_PrivateKey_ASN1
|
||||
|
||||
#define SSLv23_method wolfSSLv23_method
|
||||
#define SSLv23_client_method wolfSSLv23_client_method
|
||||
@@ -250,7 +251,6 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
|
||||
#define SSL_session_reused wolfSSL_session_reused
|
||||
#define SSL_SESSION_free wolfSSL_SESSION_free
|
||||
#define SSL_is_init_finished wolfSSL_is_init_finished
|
||||
|
||||
#define SSL_get_version wolfSSL_get_version
|
||||
#define SSL_get_current_cipher wolfSSL_get_current_cipher
|
||||
|
||||
@@ -266,7 +266,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
|
||||
#define SSL_SESSION_get_master_key_length wolfSSL_SESSION_get_master_key_length
|
||||
|
||||
#define DSA_dup_DH wolfSSL_DSA_dup_DH
|
||||
|
||||
|
||||
#define i2d_X509_bio wolfSSL_i2d_X509_bio
|
||||
#define d2i_X509_bio wolfSSL_d2i_X509_bio
|
||||
#define d2i_X509_fp wolfSSL_d2i_X509_fp
|
||||
@@ -317,7 +317,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
|
||||
#define X509_email_free wolfSSL_X509_email_free
|
||||
#define X509_check_issued wolfSSL_X509_check_issued
|
||||
#define X509_dup wolfSSL_X509_dup
|
||||
|
||||
|
||||
#define sk_X509_new wolfSSL_sk_X509_new
|
||||
#define sk_X509_num wolfSSL_sk_X509_num
|
||||
#define sk_X509_value wolfSSL_sk_X509_value
|
||||
@@ -371,7 +371,6 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
|
||||
#define X509_STORE_CTX_cleanup wolfSSL_X509_STORE_CTX_cleanup
|
||||
#define X509_STORE_CTX_set_error wolfSSL_X509_STORE_CTX_set_error
|
||||
#define X509_STORE_CTX_get_ex_data wolfSSL_X509_STORE_CTX_get_ex_data
|
||||
|
||||
#define X509_STORE_new wolfSSL_X509_STORE_new
|
||||
#define X509_STORE_free wolfSSL_X509_STORE_free
|
||||
#define X509_STORE_add_lookup wolfSSL_X509_STORE_add_lookup
|
||||
@@ -382,16 +381,17 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
|
||||
#define X509_STORE_get_by_subject wolfSSL_X509_STORE_get_by_subject
|
||||
#define X509_STORE_CTX_get1_issuer wolfSSL_X509_STORE_CTX_get1_issuer
|
||||
#define X509_STORE_CTX_set_time wolfSSL_X509_STORE_CTX_set_time
|
||||
#define X509_VERIFY_PARAM_set1_host wolfSSL_X509_VERIFY_PARAM_set1_host
|
||||
|
||||
#define X509_LOOKUP_add_dir wolfSSL_X509_LOOKUP_add_dir
|
||||
#define X509_LOOKUP_load_file wolfSSL_X509_LOOKUP_load_file
|
||||
#define X509_LOOKUP_hash_dir wolfSSL_X509_LOOKUP_hash_dir
|
||||
#define X509_LOOKUP_file wolfSSL_X509_LOOKUP_file
|
||||
|
||||
|
||||
#define d2i_X509_CRL wolfSSL_d2i_X509_CRL
|
||||
#define d2i_X509_CRL_fp wolfSSL_d2i_X509_CRL_fp
|
||||
#define PEM_read_X509_CRL wolfSSL_PEM_read_X509_CRL
|
||||
|
||||
|
||||
#define X509_CRL_free wolfSSL_X509_CRL_free
|
||||
#define X509_CRL_get_lastUpdate wolfSSL_X509_CRL_get_lastUpdate
|
||||
#define X509_CRL_get_nextUpdate wolfSSL_X509_CRL_get_nextUpdate
|
||||
@@ -402,9 +402,10 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
|
||||
#define sk_X509_REVOKED_value wolfSSL_sk_X509_REVOKED_value
|
||||
|
||||
#define X509_OBJECT_free_contents wolfSSL_X509_OBJECT_free_contents
|
||||
#define X509_subject_name_hash wolfSSL_X509_subject_name_hash
|
||||
|
||||
#define OCSP_parse_url wolfSSL_OCSP_parse_url
|
||||
|
||||
|
||||
#define MD4_Init wolfSSL_MD4_Init
|
||||
#define MD4_Update wolfSSL_MD4_Update
|
||||
#define MD4_Final wolfSSL_MD4_Final
|
||||
@@ -433,7 +434,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
|
||||
#define SSL_set_bio wolfSSL_set_bio
|
||||
#define BIO_eof wolfSSL_BIO_eof
|
||||
#define BIO_set_ss wolfSSL_BIO_set_ss
|
||||
|
||||
|
||||
#define BIO_s_mem wolfSSL_BIO_s_mem
|
||||
#define BIO_f_base64 wolfSSL_BIO_f_base64
|
||||
#define BIO_set_flags wolfSSL_BIO_set_flags
|
||||
@@ -515,7 +516,7 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING;
|
||||
#define RSA_free wolfSSL_RSA_free
|
||||
#define RSA_generate_key wolfSSL_RSA_generate_key
|
||||
#define SSL_CTX_set_tmp_rsa_callback wolfSSL_CTX_set_tmp_rsa_callback
|
||||
|
||||
|
||||
#define PEM_def_callback wolfSSL_PEM_def_callback
|
||||
|
||||
#define SSL_CTX_sess_accept wolfSSL_CTX_sess_accept
|
||||
@@ -609,7 +610,7 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING;
|
||||
#define SSL_want_write wolfSSL_want_write
|
||||
|
||||
#define BIO_prf wolfSSL_BIO_prf
|
||||
|
||||
|
||||
#define sk_num wolfSSL_sk_num
|
||||
#define sk_value wolfSSL_sk_value
|
||||
|
||||
@@ -700,7 +701,7 @@ typedef STACK_OF(WOLFSSL_ASN1_OBJECT) GENERAL_NAMES;
|
||||
#define SSL_R_SHORT_READ 10
|
||||
#define ERR_R_PEM_LIB 9
|
||||
#define V_ASN1_IA5STRING 22
|
||||
#define SSL_CTRL_MODE 33
|
||||
#define SSL_CTRL_MODE 33
|
||||
|
||||
#define SSL_CTX_clear_chain_certs(ctx) SSL_CTX_set0_chain(ctx,NULL)
|
||||
#define d2i_RSAPrivateKey_bio wolfSSL_d2i_RSAPrivateKey_bio
|
||||
@@ -761,7 +762,7 @@ typedef STACK_OF(WOLFSSL_ASN1_OBJECT) GENERAL_NAMES;
|
||||
#define SSL_set_tlsext_status_ocsp_res wolfSSL_set_tlsext_status_ocsp_resp
|
||||
#define SSL_set_tlsext_status_ocsp_resp wolfSSL_set_tlsext_status_ocsp_resp
|
||||
#define SSL_get_tlsext_status_ocsp_resp wolfSSL_get_tlsext_status_ocsp_resp
|
||||
|
||||
|
||||
#define SSL_CTX_add_extra_chain_cert wolfSSL_CTX_add_extra_chain_cert
|
||||
#define SSL_CTX_get_read_ahead wolfSSL_CTX_get_read_ahead
|
||||
#define SSL_CTX_set_read_ahead wolfSSL_CTX_set_read_ahead
|
||||
@@ -949,7 +950,7 @@ typedef STACK_OF(WOLFSSL_ASN1_OBJECT) GENERAL_NAMES;
|
||||
#define SSL_is_server wolfSSL_is_server
|
||||
#define SSL_CTX_set1_curves_list wolfSSL_CTX_set1_curves_list
|
||||
|
||||
#endif /* WOLFSSL_NGINX || WOLFSSL_HAPROXY || WOLFSSL_MYSQL_COMPATIBLE ||
|
||||
#endif /* WOLFSSL_NGINX || WOLFSSL_HAPROXY || WOLFSSL_MYSQL_COMPATIBLE ||
|
||||
OPENSSL_ALL || HAVE_LIGHTY */
|
||||
|
||||
#ifdef OPENSSL_EXTRA
|
||||
@@ -957,9 +958,10 @@ typedef STACK_OF(WOLFSSL_ASN1_OBJECT) GENERAL_NAMES;
|
||||
#define SSL_CTX_set_srp_password wolfSSL_CTX_set_srp_password
|
||||
#define SSL_CTX_set_srp_username wolfSSL_CTX_set_srp_username
|
||||
#define SSL_get_SSL_CTX wolfSSL_get_SSL_CTX
|
||||
#define SSL_get0_param wolfSSL_get0_param
|
||||
|
||||
#define ERR_NUM_ERRORS 16
|
||||
#define EVP_PKEY_RSA 6
|
||||
#define EVP_PKEY_RSA 6
|
||||
#define EVP_PKEY_RSA2 19
|
||||
#define SN_pkcs9_emailAddress "Email"
|
||||
#define LN_pkcs9_emailAddress "emailAddress"
|
||||
|
||||
+14
-3
@@ -307,6 +307,7 @@ struct WOLFSSL_X509_STORE {
|
||||
WOLFSSL_X509_LOOKUP lookup;
|
||||
#ifdef OPENSSL_EXTRA
|
||||
int isDynamic;
|
||||
WOLFSSL_X509_VERIFY_PARAM* param; /* certificate validation parameter */
|
||||
#endif
|
||||
#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL)
|
||||
WOLFSSL_X509_CRL *crl;
|
||||
@@ -317,9 +318,11 @@ struct WOLFSSL_X509_STORE {
|
||||
#define WOLFSSL_USE_CHECK_TIME 0x2
|
||||
#define WOLFSSL_NO_CHECK_TIME 0x200000
|
||||
#define WOLFSSL_NO_WILDCARDS 0x4
|
||||
#define WOLFSSL_HOST_NAME_MAX 256
|
||||
struct WOLFSSL_X509_VERIFY_PARAM {
|
||||
time_t check_time;
|
||||
unsigned long flags;
|
||||
time_t check_time;
|
||||
unsigned long flags;
|
||||
char hostName[WOLFSSL_HOST_NAME_MAX];
|
||||
};
|
||||
#endif
|
||||
|
||||
@@ -578,6 +581,7 @@ WOLFSSL_API WOLFSSL_CTX* wolfSSL_CTX_new_ex(WOLFSSL_METHOD* method, void* heap);
|
||||
WOLFSSL_API WOLFSSL_CTX* wolfSSL_CTX_new(WOLFSSL_METHOD*);
|
||||
WOLFSSL_API WOLFSSL* wolfSSL_new(WOLFSSL_CTX*);
|
||||
WOLFSSL_API WOLFSSL_CTX* wolfSSL_get_SSL_CTX(WOLFSSL* ssl);
|
||||
WOLFSSL_API WOLFSSL_X509_VERIFY_PARAM* wolfSSL_get0_param(WOLFSSL* ssl);
|
||||
WOLFSSL_API int wolfSSL_is_server(WOLFSSL*);
|
||||
WOLFSSL_API WOLFSSL* wolfSSL_write_dup(WOLFSSL*);
|
||||
WOLFSSL_API int wolfSSL_set_fd (WOLFSSL*, int);
|
||||
@@ -1014,6 +1018,10 @@ WOLFSSL_API int wolfSSL_sk_X509_REVOKED_num(WOLFSSL_X509_REVOKED*);
|
||||
WOLFSSL_API void wolfSSL_X509_STORE_CTX_set_time(WOLFSSL_X509_STORE_CTX*,
|
||||
unsigned long flags,
|
||||
time_t t);
|
||||
WOLFSSL_API int wolfSSL_X509_VERIFY_PARAM_set1_host(WOLFSSL_X509_VERIFY_PARAM* pParam,
|
||||
const char* name,
|
||||
unsigned int nameSz);
|
||||
|
||||
#endif
|
||||
WOLFSSL_API WOLFSSL_X509_REVOKED* wolfSSL_X509_CRL_get_REVOKED(WOLFSSL_X509_CRL*);
|
||||
WOLFSSL_API WOLFSSL_X509_REVOKED* wolfSSL_sk_X509_REVOKED_value(
|
||||
@@ -2689,6 +2697,8 @@ WOLFSSL_API WOLFSSL_EVP_PKEY *wolfSSL_get_privatekey(const WOLFSSL *ssl);
|
||||
WOLFSSL_API int wolfSSL_use_RSAPrivateKey_ASN1(WOLFSSL* ssl, unsigned char* der,
|
||||
long derSz);
|
||||
#endif
|
||||
WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_ASN1(int pri, WOLFSSL_CTX* ctx,
|
||||
unsigned char* der, long derSz);
|
||||
#endif /* NO_CERTS */
|
||||
|
||||
WOLFSSL_API WOLFSSL_DH *wolfSSL_DSA_dup_DH(const WOLFSSL_DSA *r);
|
||||
@@ -2791,7 +2801,6 @@ WOLFSSL_API WOLFSSL_DSA *wolfSSL_PEM_read_bio_DSAparams(WOLFSSL_BIO *bp,
|
||||
WOLFSSL_API int wolfSSL_PEM_write_bio_X509_REQ(WOLFSSL_BIO *bp,WOLFSSL_X509 *x);
|
||||
WOLFSSL_API int wolfSSL_PEM_write_bio_X509_AUX(WOLFSSL_BIO *bp,WOLFSSL_X509 *x);
|
||||
WOLFSSL_API int wolfSSL_PEM_write_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 *x);
|
||||
|
||||
#endif /* HAVE_STUNNEL || HAVE_LIGHTY */
|
||||
|
||||
#ifdef OPENSSL_ALL
|
||||
@@ -3107,6 +3116,8 @@ WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PKCS8PrivateKey_bio(WOLFSSL_BIO* bio,
|
||||
WOLFSSL_EVP_PKEY** pkey, pem_password_cb* cb, void* u);
|
||||
WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_AutoPrivateKey(
|
||||
WOLFSSL_EVP_PKEY** pkey, const unsigned char** data, long length);
|
||||
WOLFSSL_API unsigned long wolfSSL_X509_subject_name_hash(const WOLFSSL_X509* x509);
|
||||
|
||||
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
|
||||
|
||||
@@ -198,6 +198,7 @@ typedef struct PKCS7State PKCS7State;
|
||||
typedef struct Pkcs7Cert Pkcs7Cert;
|
||||
typedef struct Pkcs7EncodedRecip Pkcs7EncodedRecip;
|
||||
typedef struct PKCS7 PKCS7;
|
||||
typedef struct PKCS7 PKCS7_SIGNED;
|
||||
typedef struct PKCS7SignerInfo PKCS7SignerInfo;
|
||||
|
||||
/* OtherRecipientInfo decrypt callback prototype */
|
||||
@@ -220,7 +221,7 @@ typedef int (*CallbackWrapCEK)(PKCS7* pkcs7, byte* cek, word32 cekSz,
|
||||
int keyWrapAlgo, int type, int dir);
|
||||
|
||||
/* Public Structure Warning:
|
||||
* Existing members must not be changed to maintain backwards compatibility!
|
||||
* Existing members must not be changed to maintain backwards compatibility!
|
||||
*/
|
||||
struct PKCS7 {
|
||||
WC_RNG* rng;
|
||||
@@ -267,7 +268,7 @@ struct PKCS7 {
|
||||
byte issuerSn[MAX_SN_SZ]; /* singleCert's serial number */
|
||||
byte publicKey[MAX_RSA_INT_SZ + MAX_RSA_E_SZ]; /* MAX RSA key size (m + e)*/
|
||||
word32 certSz[MAX_PKCS7_CERTS];
|
||||
|
||||
|
||||
/* flags - up to 16-bits */
|
||||
word16 isDynamic:1;
|
||||
word16 noDegenerate:1; /* allow degenerate case in verify function */
|
||||
@@ -320,7 +321,6 @@ struct PKCS7 {
|
||||
/* !! NEW DATA MEMBERS MUST BE ADDED AT END !! */
|
||||
};
|
||||
|
||||
|
||||
WOLFSSL_API PKCS7* wc_PKCS7_New(void* heap, int devId);
|
||||
WOLFSSL_API int wc_PKCS7_Init(PKCS7* pkcs7, void* heap, int devId);
|
||||
WOLFSSL_API int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* der, word32 derSz);
|
||||
@@ -346,7 +346,7 @@ WOLFSSL_API int wc_PKCS7_SetDetached(PKCS7* pkcs7, word16 flag);
|
||||
WOLFSSL_API int wc_PKCS7_NoDefaultSignedAttribs(PKCS7* pkcs7);
|
||||
WOLFSSL_API int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7,
|
||||
byte* output, word32 outputSz);
|
||||
WOLFSSL_API int wc_PKCS7_EncodeSignedData_ex(PKCS7* pkcs7, const byte* hashBuf,
|
||||
WOLFSSL_API int wc_PKCS7_EncodeSignedData_ex(PKCS7* pkcs7, const byte* hashBuf,
|
||||
word32 hashSz, byte* outputHead,
|
||||
word32* outputHeadSz,
|
||||
byte* outputFoot,
|
||||
@@ -354,7 +354,7 @@ WOLFSSL_API int wc_PKCS7_EncodeSignedData_ex(PKCS7* pkcs7, const byte* hashBuf,
|
||||
WOLFSSL_API void wc_PKCS7_AllowDegenerate(PKCS7* pkcs7, word16 flag);
|
||||
WOLFSSL_API int wc_PKCS7_VerifySignedData(PKCS7* pkcs7,
|
||||
byte* pkiMsg, word32 pkiMsgSz);
|
||||
WOLFSSL_API int wc_PKCS7_VerifySignedData_ex(PKCS7* pkcs7, const byte* hashBuf,
|
||||
WOLFSSL_API int wc_PKCS7_VerifySignedData_ex(PKCS7* pkcs7, const byte* hashBuf,
|
||||
word32 hashSz, byte* pkiMsgHead,
|
||||
word32 pkiMsgHeadSz, byte* pkiMsgFoot,
|
||||
word32 pkiMsgFootSz);
|
||||
|
||||
Reference in New Issue
Block a user