From ff2574b3cbab74b210042614128af388338cc923 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Wed, 29 Jul 2020 23:46:08 +0200 Subject: [PATCH] OpenSSL Compat layer Implment/stub: - wolfSSL_X509_NAME_delete_entry - wolfSSL_X509_get_ext_by_OBJ - wolfSSL_a2i_ASN1_INTEGER - X509V3_parse_list - wolfSSL_TXT_DB_write - wolfSSL_TXT_DB_insert - wolfSSL_EVP_PKEY_get_default_digest_nid --- configure.ac | 4 +- src/ssl.c | 350 +++++++++++++++++++++++++++++++++---- wolfcrypt/src/evp.c | 16 +- wolfssl/openssl/dh.h | 1 + wolfssl/openssl/evp.h | 6 +- wolfssl/openssl/opensslv.h | 2 +- wolfssl/openssl/ssl.h | 2 + wolfssl/openssl/txt_db.h | 4 + wolfssl/openssl/x509v3.h | 1 + wolfssl/ssl.h | 6 + 10 files changed, 347 insertions(+), 45 deletions(-) diff --git a/configure.ac b/configure.ac index 3d222f01b..e449615e4 100644 --- a/configure.ac +++ b/configure.ac @@ -702,7 +702,7 @@ AC_ARG_ENABLE([mcast], # signal (--enable-signal) # lighty (--enable-lighty) HAVE_LIGHTY # stunnel (--enable-stunnel) HAVE_STUNNEL -# libest (--enable-libest) +# libest (--enable-libest) HAVE_LIBEST # asio (--enable-asio) WOLFSSL_ASIO # libwebsockets (--enable-libwebsockets) WOLFSSL_LIBWEBSOCKETS # qt (--enable-qt) WOLFSSL_QT @@ -4250,7 +4250,7 @@ AC_ARG_ENABLE([libest], if test "$ENABLED_LIBEST" = "yes" then - AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA" + AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA -DHAVE_LIBEST" # Requires opensslextra and opensslall if test "x$ENABLED_OPENSSLALL" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno" diff --git a/src/ssl.c b/src/ssl.c index 76a9f0392..bd538526c 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -8290,6 +8290,30 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_get_ext(const WOLFSSL_X509* x509, int loc) return ext; } +int wolfSSL_X509_get_ext_by_OBJ(const WOLFSSL_X509 *x, + const WOLFSSL_ASN1_OBJECT *obj, int lastpos) +{ + const WOLF_STACK_OF(WOLFSSL_X509_EXTENSION) *sk; + + if (!x || !obj) { + WOLFSSL_MSG("Bad parameter"); + return -1; + } + + sk = wolfSSL_X509_get0_extensions(x); + if (!sk) { + WOLFSSL_MSG("No extensions"); + return -1; + } + lastpos++; + if (lastpos < 0) + lastpos = 0; + for (; lastpos < wolfSSL_sk_num(sk); lastpos++) + if (wolfSSL_OBJ_cmp(wolfSSL_sk_value(sk, lastpos), obj) == 0) + return lastpos; + return -1; +} + /* Pushes a new X509_EXTENSION* ext onto the stack inside WOLFSSL_X509* x509. * This is currently a helper function for wolfSSL_X509_get_ext * Caller does not free the returned WOLFSSL_X509_EXTENSION* @@ -21164,7 +21188,8 @@ WOLFSSL_TXT_DB *wolfSSL_TXT_DB_read(WOLFSSL_BIO *in, int num) fieldCheckIdx = strBuf + fieldsSz; fieldPtr[fieldPtrIdx++] = fieldCheckIdx; while (*fieldCheckIdx != '\0') { - if (*fieldCheckIdx == '\t') { + /* Handle escaped tabs */ + if (*fieldCheckIdx == '\t' && fieldCheckIdx[-1] != '\\') { fieldPtr[fieldPtrIdx++] = fieldCheckIdx + 1; *fieldCheckIdx = '\0'; if (fieldPtrIdx > num) { @@ -21199,8 +21224,94 @@ error: return ret; } +long wolfSSL_TXT_DB_write(WOLFSSL_BIO *out, WOLFSSL_TXT_DB *db) +{ + const WOLF_STACK_OF(WOLFSSL_STRING)* data; + long totalLen = 0; + char buf[512]; /* Should be more than enough for a single row */ + char* bufEnd = buf + sizeof(buf); + int sz; + int i; + + WOLFSSL_ENTER("wolfSSL_TXT_DB_write"); + + if (!out || !db || !db->num_fields) { + WOLFSSL_MSG("Bad parameter"); + return WOLFSSL_FAILURE; + } + + data = db->data; + while (data) { + char** fields = (char**)data->data.string; + char* idx = buf; + + if (!fields) { + WOLFSSL_MSG("Missing row"); + return WOLFSSL_FAILURE; + } + + for (i = 0; i < db->num_fields; i++) { + char* fieldValue = fields[i]; + if (!fieldValue) { + WOLFSSL_MSG("Missing fields ptr"); + return WOLFSSL_FAILURE; + } + + /* Copy over field escaping tabs */ + while (*fieldValue != '\0') { + if (idx+1 < bufEnd) { + if (*fieldValue == '\t') + *idx++ = '\\'; + *idx++ = *fieldValue++; + } + else { + WOLFSSL_MSG("Data row is too big"); + return WOLFSSL_FAILURE; + } + } + if (idx < bufEnd) { + *idx++ = '\t'; + } + else { + WOLFSSL_MSG("Data row is too big"); + return WOLFSSL_FAILURE; + } + } + idx[-1] = '\n'; + sz = idx - buf; + + if (wolfSSL_BIO_write(out, buf, sz) != sz) { + WOLFSSL_MSG("wolfSSL_BIO_write error"); + return WOLFSSL_FAILURE; + } + totalLen += sz; + + data = data->next; + } + + return totalLen; +} + +int wolfSSL_TXT_DB_insert(WOLFSSL_TXT_DB *db, WOLFSSL_STRING *row) +{ + WOLFSSL_ENTER("wolfSSL_TXT_DB_insert"); + + if (!db || !row || !db->data) { + WOLFSSL_MSG("Bad parameter"); + return WOLFSSL_FAILURE; + } + + if (wolfSSL_sk_push(db->data, row) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("wolfSSL_sk_push error"); + return WOLFSSL_FAILURE; + } + + return WOLFSSL_SUCCESS; +} + void wolfSSL_TXT_DB_free(WOLFSSL_TXT_DB *db) { + WOLFSSL_ENTER("wolfSSL_TXT_DB_free"); if (db) { if (db->data) { wolfSSL_sk_free(db->data); @@ -40711,6 +40822,7 @@ err: { int ret; WOLFSSL_X509_NAME_ENTRY* entry; + WOLFSSL_ENTER("wolfSSL_X509_NAME_add_entry_by_NID"); entry = wolfSSL_X509_NAME_ENTRY_create_by_NID(NULL, nid, type, bytes, len); if (entry == NULL) @@ -40719,6 +40831,40 @@ err: wolfSSL_X509_NAME_ENTRY_free(entry); return ret; } + + WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_delete_entry( + WOLFSSL_X509_NAME *name, int loc) + { + WOLFSSL_X509_NAME_ENTRY* ret; + WOLFSSL_ENTER("wolfSSL_X509_NAME_delete_entry"); + + if (!name) { + WOLFSSL_MSG("Bad parameter"); + return NULL; + } + + ret = wolfSSL_X509_NAME_get_entry(name, loc); + if (!ret) { + WOLFSSL_MSG("loc entry not found"); + return NULL; + } + + if (loc <= DN_NAMES_MAX + name->fullName.dcNum) { + name->fullName.loc[loc] = ASN_DN_NULL; + } + else if (name->fullName.dcMode) { + if (name->fullName.fullName != NULL) { + if (loc == name->fullName.dcNum) { + name->fullName.dcNum = 0; + } + else { + name->fullName.dcIdx[loc] = -1; + } + } + } + + return ret; + } #endif /* !NO_CERTS */ @@ -41583,7 +41729,37 @@ err: if (name->entry[loc].set) { return &name->entry[loc]; } - else { + /* DC component */ + if (name->fullName.dcMode) { + if (name->fullName.fullName != NULL){ + if (loc == name->fullName.dcNum){ + name->cnEntry.data.data + = &name->fullName.fullName[name->fullName.cIdx]; + name->cnEntry.data.length = name->fullName.cLen; + name->cnEntry.nid = ASN_COUNTRY_NAME; + } + else if (name->fullName.dcIdx[loc] >= 0) { + name->cnEntry.data.data + = &name->fullName.fullName[name->fullName.dcIdx[loc]]; + name->cnEntry.data.length = name->fullName.dcLen[loc]; + name->cnEntry.nid = ASN_DOMAIN_COMPONENT; + } + else { + WOLFSSL_MSG("loc passed in is not in range of parsed DN's"); + return NULL; + } + } + name->cnEntry.data.type = CTC_UTF8; + /* common name index case */ + } else if (loc == name->fullName.cnIdx && name->x509 != NULL) { + /* get CN shortcut from x509 since it has null terminator */ + name->cnEntry.data.data = name->x509->subjectCN; + name->cnEntry.data.length = name->fullName.cnLen; + name->cnEntry.data.type = CTC_UTF8; + name->cnEntry.nid = ASN_COMMON_NAME; + name->cnEntry.set = 1; + } else { + WOLFSSL_MSG("loc passed in is not in range of parsed DN's"); return NULL; } } @@ -45861,14 +46037,138 @@ WOLFSSL_SESSION *wolfSSL_SSL_get0_session(const WOLFSSL *ssl) #endif /* NO_SESSION_CACHE */ +int wolfSSL_X509_check_host(X509 *x, const char *chk, size_t chklen, + unsigned int flags, char **peername) +{ + int ret; + DecodedCert dCert; + + WOLFSSL_ENTER("wolfSSL_X509_check_host"); + + /* flags and peername not needed for Nginx. */ + (void)flags; + (void)peername; + + if (flags == WOLFSSL_NO_WILDCARDS) { + WOLFSSL_MSG("X509_CHECK_FLAG_NO_WILDCARDS not yet implemented"); + return WOLFSSL_FAILURE; + } + + InitDecodedCert(&dCert, x->derCert->buffer, x->derCert->length, NULL); + ret = ParseCertRelative(&dCert, CERT_TYPE, 0, NULL); + if (ret != 0) { + FreeDecodedCert(&dCert); + return WOLFSSL_FAILURE; + } + + ret = CheckHostName(&dCert, (char *)chk, chklen); + FreeDecodedCert(&dCert); + if (ret != 0) + return WOLFSSL_FAILURE; + return WOLFSSL_SUCCESS; +} + #ifndef NO_BIO +int wolfSSL_a2i_ASN1_INTEGER(WOLFSSL_BIO *bio, WOLFSSL_ASN1_INTEGER *asn1, + char *buf, int size) +{ + int readNextLine; + int lineLen; + int len; + byte isNumCheck; + word32 outLen; + const int extraTagSz = MAX_LENGTH_SZ - 1; + + WOLFSSL_ENTER("wolfSSL_a2i_ASN1_INTEGER"); + + if (!bio || !asn1 || !buf || size <= 0) { + WOLFSSL_MSG("Bad parameter"); + return WOLFSSL_FAILURE; + } + + /* Reset asn1 */ + if (asn1->isDynamic && asn1->data) { + XFREE(asn1->data, NULL, DYNAMIC_TYPE_OPENSSL); + asn1->isDynamic = 0; + } + XMEMSET(asn1->intData, 0, sizeof(WOLFSSL_ASN1_INTEGER)); + asn1->data = asn1->intData; + asn1->length = 0; + asn1->negative = 0; + asn1->type = V_ASN1_INTEGER; + + lineLen = wolfSSL_BIO_gets(bio, buf, size); + do { + readNextLine = 0; + if (lineLen <= 0) { + WOLFSSL_MSG("wolfSSL_BIO_gets error"); + return WOLFSSL_FAILURE; + } + while (lineLen && buf[lineLen-1] == '\n' && buf[lineLen-1] == '\r') + lineLen--; + if (buf[lineLen-1] == '\\') + readNextLine = 1; + /* Ignore none-hex chars at the end of the line */ + outLen = 1; + while (lineLen && Base16_Decode((byte*)buf + lineLen - 1, 1, + &isNumCheck, &outLen) == ASN_INPUT_E) + lineLen--; + if (!lineLen || lineLen % 2) { + WOLFSSL_MSG("Invalid line length"); + return WOLFSSL_FAILURE; + } + len = asn1->length + (lineLen/2); + /* Check if it will fit in static memory and + * save space for the ASN tag in front */ + if (len > (int)(sizeof(asn1->intData) - extraTagSz)) { + /* Allocate mem for data */ + if (asn1->isDynamic) { + byte* tmp = XREALLOC(asn1->data, len + extraTagSz, NULL, + DYNAMIC_TYPE_OPENSSL); + if (!tmp) { + WOLFSSL_MSG("realloc error"); + return WOLFSSL_FAILURE; + } + asn1->data = tmp; + } + else { + asn1->data = XMALLOC(len + extraTagSz, NULL, + DYNAMIC_TYPE_OPENSSL); + if (!asn1->data) { + WOLFSSL_MSG("malloc error"); + return WOLFSSL_FAILURE; + } + XMEMCPY(asn1->data, asn1->intData, asn1->length); + } + } + len = lineLen/2; + if (Base16_Decode((byte*)buf, lineLen, asn1->data + asn1->length, + (word32*)&len) != 0) { + WOLFSSL_MSG("Base16_Decode error"); + return WOLFSSL_FAILURE; + } + asn1->length += len; + } while (readNextLine); + + /* Write ASN tag */ + outLen = SetLength(asn1->length, NULL); + if (asn1->data[0] == 0x80) + outLen++; /* Special ASN integer case */ + XMEMMOVE(asn1->data + outLen + 1, asn1->data, asn1->length); + asn1->data[0] = ASN_INTEGER; + (void)SetLength(asn1->length, asn1->data + 1); + if (asn1->data[outLen+1] == 0x80) + asn1->data[outLen] = 0; + + return WOLFSSL_SUCCESS; +} + int wolfSSL_i2a_ASN1_INTEGER(BIO *bp, const WOLFSSL_ASN1_INTEGER *a) { - static char num[16] = { '0', '1', '2', '3', '4', '5', '6', '7', - '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' }; - int i; - word32 j; - word32 len = 0; + word32 idx = 1; + int len = 0; + byte buf[512]; + word32 bufLen = 512; WOLFSSL_ENTER("wolfSSL_i2a_ASN1_INTEGER"); @@ -45876,32 +46176,9 @@ int wolfSSL_i2a_ASN1_INTEGER(BIO *bp, const WOLFSSL_ASN1_INTEGER *a) return WOLFSSL_FAILURE; /* Skip ASN.1 INTEGER (type) byte. */ - i = 1; - /* When indefinite length, can't determine length with data available. */ - if (a->data[i] == 0x80) + if (a->data[idx] == 0x80 || /* Indefinite length, can't determine length */ + GetLength(a->data, &idx, &len, a->length) < 0) { return 0; - /* One length byte if less than 0x80. */ - if (a->data[i] < 0x80) - len = a->data[i++]; - /* Multiple length byte if greater than 0x80. */ - else if (a->data[i] > 0x80) { - switch (a->data[i++] - 0x80) { - case 4: - len |= a->data[i++] << 24; - FALL_THROUGH; - case 3: - len |= a->data[i++] << 16; - FALL_THROUGH; - case 2: - len |= a->data[i++] << 8; - FALL_THROUGH; - case 1: - len |= a->data[i++]; - break; - default: - /* Not supporting greater than 4 bytes of length. */ - return 0; - } } /* Zero length integer is the value zero. */ @@ -45910,14 +46187,11 @@ int wolfSSL_i2a_ASN1_INTEGER(BIO *bp, const WOLFSSL_ASN1_INTEGER *a) return 2; } - /* Don't do negative - just write out every byte. */ - for (j = 0; j < len; i++,j++) { - wolfSSL_BIO_write(bp, &num[a->data[i] >> 4], 1); - wolfSSL_BIO_write(bp, &num[a->data[i] & 0xf], 1); + if (Base16_Encode(a->data + idx, len, buf, &bufLen) != 0) { + return 0; } - /* Two nibbles written for each byte. */ - return len * 2; + return wolfSSL_BIO_write(bp, buf, bufLen); } #endif /* !NO_BIO */ diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index 7215b13b7..74f6294dc 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -6494,7 +6494,7 @@ int wolfSSL_EVP_PKEY_type(int type) } -int wolfSSL_EVP_PKEY_id(const EVP_PKEY *pkey) +int wolfSSL_EVP_PKEY_id(const WOLFSSL_EVP_PKEY *pkey) { if (pkey != NULL) return pkey->type; @@ -6502,13 +6502,25 @@ int wolfSSL_EVP_PKEY_id(const EVP_PKEY *pkey) } -int wolfSSL_EVP_PKEY_base_id(const EVP_PKEY *pkey) +int wolfSSL_EVP_PKEY_base_id(const WOLFSSL_EVP_PKEY *pkey) { if (pkey == NULL) return NID_undef; return wolfSSL_EVP_PKEY_type(pkey->type); } +int wolfSSL_EVP_PKEY_get_default_digest_nid(WOLFSSL_EVP_PKEY *pkey, int *pnid) +{ + (void)pkey; +#ifndef NO_SHA256 + if (pnid) { + *pnid = NID_sha256; + } + return WOLFSSL_SUCCESS; +#else + return -2; +#endif +} /* increments ref count of WOLFSSL_EVP_PKEY. Return 1 on success, 0 on error */ int wolfSSL_EVP_PKEY_up_ref(WOLFSSL_EVP_PKEY* pkey) diff --git a/wolfssl/openssl/dh.h b/wolfssl/openssl/dh.h index ac4d7e1a0..6fb896c84 100644 --- a/wolfssl/openssl/dh.h +++ b/wolfssl/openssl/dh.h @@ -26,6 +26,7 @@ #define WOLFSSL_DH_H_ #include +#include #ifdef __cplusplus extern "C" { diff --git a/wolfssl/openssl/evp.h b/wolfssl/openssl/evp.h index d928becc7..2ee0cc28c 100644 --- a/wolfssl/openssl/evp.h +++ b/wolfssl/openssl/evp.h @@ -575,8 +575,9 @@ WOLFSSL_API int wolfSSL_EVP_PKEY_size(WOLFSSL_EVP_PKEY *pkey); WOLFSSL_API int wolfSSL_EVP_PKEY_missing_parameters(WOLFSSL_EVP_PKEY *pkey); WOLFSSL_API int wolfSSL_EVP_PKEY_cmp(const WOLFSSL_EVP_PKEY *a, const WOLFSSL_EVP_PKEY *b); WOLFSSL_API int wolfSSL_EVP_PKEY_type(int type); -WOLFSSL_API int wolfSSL_EVP_PKEY_id(const EVP_PKEY *pkey); -WOLFSSL_API int wolfSSL_EVP_PKEY_base_id(const EVP_PKEY *pkey); +WOLFSSL_API int wolfSSL_EVP_PKEY_id(const WOLFSSL_EVP_PKEY *pkey); +WOLFSSL_API int wolfSSL_EVP_PKEY_base_id(const WOLFSSL_EVP_PKEY *pkey); +WOLFSSL_API int wolfSSL_EVP_PKEY_get_default_digest_nid(WOLFSSL_EVP_PKEY *pkey, int *pnid); WOLFSSL_API int wolfSSL_EVP_SignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen, WOLFSSL_EVP_PKEY *pkey); WOLFSSL_API int wolfSSL_EVP_SignInit(WOLFSSL_EVP_MD_CTX *ctx, const WOLFSSL_EVP_MD *type); @@ -832,6 +833,7 @@ typedef WOLFSSL_EVP_CIPHER_CTX EVP_CIPHER_CTX; #define EVP_PKEY_cmp wolfSSL_EVP_PKEY_cmp #define EVP_PKEY_type wolfSSL_EVP_PKEY_type #define EVP_PKEY_base_id wolfSSL_EVP_PKEY_base_id +#define EVP_PKEY_get_default_digest_nid wolfSSL_EVP_PKEY_get_default_digest_nid #define EVP_PKEY_id wolfSSL_EVP_PKEY_id #define EVP_PKEY_CTX_ctrl_str wolfSSL_EVP_PKEY_CTX_ctrl_str #define EVP_SignFinal wolfSSL_EVP_SignFinal diff --git a/wolfssl/openssl/opensslv.h b/wolfssl/openssl/opensslv.h index 2199cdf6a..4b32dcc7e 100644 --- a/wolfssl/openssl/opensslv.h +++ b/wolfssl/openssl/opensslv.h @@ -30,7 +30,7 @@ defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER == 0x10100000L) ||\ defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER == 0x10001040L) /* valid version */ -#elif defined(WOLFSSL_APACHE_HTTPD) +#elif defined(WOLFSSL_APACHE_HTTPD) || defined(HAVE_LIBEST) /* For Apache httpd, Use 1.1.0 compatibility */ #define OPENSSL_VERSION_NUMBER 0x10100000L #elif defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY) || \ diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index f390be82f..7174c2c0a 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -346,6 +346,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define SSL_MODE_RELEASE_BUFFERS 0x00000010U #define ASN1_BOOLEAN WOLFSSL_ASN1_BOOLEAN #define X509_get_ext wolfSSL_X509_get_ext + #define X509_get_ext_by_OBJ wolfSSL_X509_get_ext_by_OBJ #define X509_cmp wolfSSL_X509_cmp #define X509_EXTENSION_get_object wolfSSL_X509_EXTENSION_get_object #define X509_EXTENSION_get_critical wolfSSL_X509_EXTENSION_get_critical @@ -705,6 +706,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define ASN1_tag2str wolfSSL_ASN1_tag2str +#define a2i_ASN1_INTEGER wolfSSL_a2i_ASN1_INTEGER #define i2a_ASN1_INTEGER wolfSSL_i2a_ASN1_INTEGER #define i2c_ASN1_INTEGER wolfSSL_i2c_ASN1_INTEGER #define ASN1_INTEGER_new wolfSSL_ASN1_INTEGER_new diff --git a/wolfssl/openssl/txt_db.h b/wolfssl/openssl/txt_db.h index 7fcc29f94..a3e0fd362 100644 --- a/wolfssl/openssl/txt_db.h +++ b/wolfssl/openssl/txt_db.h @@ -39,6 +39,8 @@ struct WOLFSSL_TXT_DB { typedef struct WOLFSSL_TXT_DB WOLFSSL_TXT_DB; WOLFSSL_API WOLFSSL_TXT_DB *wolfSSL_TXT_DB_read(WOLFSSL_BIO *in, int num); +WOLFSSL_API long wolfSSL_TXT_DB_write(WOLFSSL_BIO *out, WOLFSSL_TXT_DB *db); +WOLFSSL_API int wolfSSL_TXT_DB_insert(WOLFSSL_TXT_DB *db, WOLFSSL_STRING *row); WOLFSSL_API void wolfSSL_TXT_DB_free(WOLFSSL_TXT_DB *db); WOLFSSL_API int wolfSSL_TXT_DB_create_index(WOLFSSL_TXT_DB *db, int field, void* qual, wolf_sk_hash_cb hash, wolf_sk_compare_cb cmp); @@ -48,6 +50,8 @@ WOLFSSL_API WOLFSSL_STRING *wolfSSL_TXT_DB_get_by_index(WOLFSSL_TXT_DB *db, #define TXT_DB WOLFSSL_TXT_DB #define TXT_DB_read wolfSSL_TXT_DB_read +#define TXT_DB_write wolfSSL_TXT_DB_write +#define TXT_DB_insert wolfSSL_TXT_DB_insert #define TXT_DB_free wolfSSL_TXT_DB_free #define TXT_DB_create_index wolfSSL_TXT_DB_create_index #define TXT_DB_get_by_index wolfSSL_TXT_DB_get_by_index diff --git a/wolfssl/openssl/x509v3.h b/wolfssl/openssl/x509v3.h index 406481bf4..ba8a73051 100644 --- a/wolfssl/openssl/x509v3.h +++ b/wolfssl/openssl/x509v3.h @@ -111,6 +111,7 @@ WOLFSSL_API int wolfSSL_X509V3_EXT_print(WOLFSSL_BIO *out, #define X509V3_EXT_d2i wolfSSL_X509V3_EXT_d2i #ifndef NO_WOLFSSL_STUB #define X509V3_EXT_add_nconf(...) 0 +#define X509V3_parse_list(...) NULL #endif #define i2s_ASN1_OCTET_STRING wolfSSL_i2s_ASN1_STRING #define X509V3_EXT_print wolfSSL_X509V3_EXT_print diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 68dbe1950..d1b79c60a 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -3360,6 +3360,8 @@ WOLFSSL_API int wolfSSL_X509_NAME_add_entry_by_txt(WOLFSSL_X509_NAME *name, WOLFSSL_API int wolfSSL_X509_NAME_add_entry_by_NID(WOLFSSL_X509_NAME *name, int nid, int type, const unsigned char *bytes, int len, int loc, int set); +WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_delete_entry( + WOLFSSL_X509_NAME *name, int loc); WOLFSSL_API int wolfSSL_X509_NAME_cmp(const WOLFSSL_X509_NAME* x, const WOLFSSL_X509_NAME* y); WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_NAME_new(void); @@ -3418,6 +3420,8 @@ WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_ASN1(int pri, WOLFSSL_CTX* ctx, WOLFSSL_API int wolfSSL_X509_cmp(const WOLFSSL_X509* a, const WOLFSSL_X509* b); WOLFSSL_API const WOLFSSL_STACK *wolfSSL_X509_get0_extensions(const WOLFSSL_X509 *x); WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509_get_ext(const WOLFSSL_X509* x, int loc); +WOLFSSL_API int wolfSSL_X509_get_ext_by_OBJ(const WOLFSSL_X509 *x, + const WOLFSSL_ASN1_OBJECT *obj, int lastpos); WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x, int loc); WOLFSSL_API int wolfSSL_X509_EXTENSION_get_critical(const WOLFSSL_X509_EXTENSION* ex); WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509_EXTENSION_new(void); @@ -4008,6 +4012,8 @@ WOLFSSL_API unsigned char* wolfSSL_ASN1_TIME_get_data(WOLFSSL_ASN1_TIME *t); WOLFSSL_API WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_to_generalizedtime(WOLFSSL_ASN1_TIME *t, WOLFSSL_ASN1_TIME **out); WOLFSSL_API int wolfSSL_i2c_ASN1_INTEGER(WOLFSSL_ASN1_INTEGER *a, unsigned char **pp); +WOLFSSL_API int wolfSSL_a2i_ASN1_INTEGER(WOLFSSL_BIO *bio, WOLFSSL_ASN1_INTEGER *asn1, + char *buf, int size); WOLFSSL_API int wolfSSL_X509_CA_num(WOLFSSL_X509_STORE *store); WOLFSSL_API long wolfSSL_X509_get_version(const WOLFSSL_X509 *x); WOLFSSL_API int wolfSSL_X509_get_signature_nid(const WOLFSSL_X509* x);