mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Adding compatibility API phase 2

Browse Source
This commit is contained in:
Eric Blankenhorn 2019-08-15 11:04:00 -05:00
parent 256ac4a515
commit 0c9ba1b361
11 changed files with 1992 additions and 47 deletions
doc/dox_comments/header_files
ssl.h
src
internal.cssl.c
tests
api.c
wolfcrypt/src
evp.c
wolfssl
internal.h
openssl
evp.hssl.hx509v3.h
ssl.h
wolfcrypt
asn.h

27
doc/dox_comments/header_files/ssl.h

@ -11363,6 +11363,33 @@ WOLFSSL_API long wolfSSL_BIO_get_fp(WOLFSSL_BIO *bio, XFILE* fp);
*/
WOLFSSL_API int wolfSSL_check_private_key(const WOLFSSL* ssl);
/*!
\ingroup CertsKeys
\brief This function looks for and returns the extension index
matching the passed in NID value.
\return >= 0 If successful the extension index is returned.
\return -1 If extension is not found or error is encountered.
\param x509 certificate to get parse through for extension.
\param nid extension OID to be found.
\param lastPos start search from extension after lastPos.
Set to -1 initially.
_Example_
\code
const WOLFSSL_X509* x509;
int lastPos = -1;
int idx;
idx = wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, lastPos);
\endcode
*/
WOLFSSL_API int wolfSSL_X509_get_ext_by_NID(const WOLFSSL_X509* x509,
int nid, int lastPos);
/*!
\ingroup CertsKeys

18
src/internal.c

@ -3283,6 +3283,24 @@ void FreeX509(WOLFSSL_X509* x509)
XFREE(x509->authInfo, x509->heap, DYNAMIC_TYPE_X509_EXT);
x509->authInfo = NULL;
}
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
if (x509->authInfoCaIssuer != NULL) {
XFREE(x509->authInfoCaIssuer, x509->heap, DYNAMIC_TYPE_X509_EXT);
}
if (x509->notBeforeTime != NULL) {
XFREE(x509->notBeforeTime, x509->heap, DYNAMIC_TYPE_OPENSSL);
}
if (x509->notAfterTime != NULL) {
XFREE(x509->notAfterTime, x509->heap, DYNAMIC_TYPE_OPENSSL);
}
if (x509->ext_sk != NULL) {
wolfSSL_sk_X509_EXTENSION_free(x509->ext_sk);
}
/* Free serialNumber that was set by wolfSSL_X509_get_serialNumber */
if (x509->serialNumber != NULL) {
wolfSSL_ASN1_INTEGER_free(x509->serialNumber);
}
#endif /* OPENSSL_ALL || WOLFSSL_QT */
if (x509->extKeyUsageSrc != NULL) {
XFREE(x509->extKeyUsageSrc, x509->heap, DYNAMIC_TYPE_X509_EXT);
x509->extKeyUsageSrc= NULL;

1344
src/ssl.c

File diff suppressed because it is too large Load Diff

429
tests/api.c

@ -4551,6 +4551,14 @@ static void test_wolfSSL_PKCS5(void)
(int)XSTRLEN((const char *) salt), 10,
WC_SHA_DIGEST_SIZE,out);
AssertIntEQ(ret, SSL_SUCCESS);
#ifdef WOLFSSL_SHA512
ret = PKCS5_PBKDF2_HMAC(passwd,(int)XSTRLEN(passwd), salt,
(int)XSTRLEN((const char *) salt), 10,
wolfSSL_EVP_sha512(), WC_SHA_DIGEST_SIZE, out);
AssertIntEQ(ret, SSL_SUCCESS);
#endif
XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif /* defined(OPENSSL_EXTRA) && !defined(NO_SHA) */
}
@ -21450,6 +21458,25 @@ static void test_wolfSSL_OBJ(void)
#endif
}
static void test_wolfSSL_i2a_ASN1_OBJECT(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_ASN)
ASN1_OBJECT *obj = NULL;
BIO *bio = NULL;
AssertNotNull(obj = OBJ_nid2obj(NID_sha256));
AssertTrue((bio = BIO_new(BIO_s_mem())) != NULL);
AssertIntGT(wolfSSL_i2a_ASN1_OBJECT(bio, obj), 0);
AssertIntGT(wolfSSL_i2a_ASN1_OBJECT(bio, NULL), 0);
AssertIntEQ(wolfSSL_i2a_ASN1_OBJECT(NULL, obj), 0);
BIO_free(bio);
ASN1_OBJECT_free(obj);
#endif
}
static void test_wolfSSL_X509_NAME_ENTRY(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) \
@ -23288,8 +23315,225 @@ static void test_wolfSSL_AES_cbc_encrypt()
#endif
}
static void test_wolfSSL_X509V3_EXT_get(void) {
#if !defined(NO_FILESYSTEM) && defined (OPENSSL_ALL)
FILE* f;
int numOfExt =0;
int extNid = 0;
int i = 0;
WOLFSSL_X509* x509;
WOLFSSL_X509_EXTENSION* ext;
const WOLFSSL_v3_ext_method* method;
static void test_wolfSSL_X509_get_ext_count(void) {
AssertNotNull(f = fopen("./certs/server-cert.pem", "rb"));
AssertNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL));
fclose(f);
printf(testingFmt, "wolfSSL_X509V3_EXT_get() return struct and nid test");
AssertIntEQ((numOfExt = wolfSSL_X509_get_ext_count(x509)), 3);
for (i = 0; i < numOfExt; i++) {
AssertNotNull(ext = wolfSSL_X509_get_ext(x509, i));
AssertNotNull(extNid = ext->obj->nid);
AssertNotNull(method = wolfSSL_X509V3_EXT_get(ext));
AssertIntEQ(method->ext_nid, extNid);
}
printf(resultFmt, "passed");
printf(testingFmt, "wolfSSL_X509V3_EXT_get() NULL argument test");
AssertNull(method = wolfSSL_X509V3_EXT_get(NULL));
printf(resultFmt, "passed");
wolfSSL_X509_free(x509);
#endif
}
static void test_wolfSSL_X509V3_EXT_d2i(void) {
#if !defined(NO_FILESYSTEM) && defined (OPENSSL_ALL)
FILE* f;
int numOfExt = 0, nid = 0, i = 0, expected, actual;
char* str;
unsigned char* data;
const WOLFSSL_v3_ext_method* method;
WOLFSSL_X509* x509;
WOLFSSL_X509_EXTENSION* ext;
WOLFSSL_ASN1_OBJECT *obj, *adObj;
WOLFSSL_ASN1_STRING* asn1str;
WOLFSSL_AUTHORITY_KEYID* aKeyId;
WOLFSSL_AUTHORITY_INFO_ACCESS* aia;
WOLFSSL_BASIC_CONSTRAINTS* bc;
WOLFSSL_ACCESS_DESCRIPTION* ad;
WOLFSSL_GENERAL_NAME* gn;
printf(testingFmt, "wolfSSL_X509V3_EXT_d2i()");
/* Check NULL argument */
AssertNull(wolfSSL_X509V3_EXT_d2i(NULL));
/* Using OCSP cert with X509V3 extensions */
AssertNotNull(f = fopen("./certs/ocsp/root-ca-cert.pem", "rb"));
AssertNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL));
fclose(f);
AssertIntEQ((numOfExt = wolfSSL_X509_get_ext_count(x509)), 5);
/* Basic Constraints */
AssertNotNull(ext = wolfSSL_X509_get_ext(x509, i));
AssertNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext));
AssertIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_basic_constraints);
AssertNotNull(bc = wolfSSL_X509V3_EXT_d2i(ext));
AssertIntEQ(bc->ca, 1);
AssertNull(bc->pathlen);
wolfSSL_BASIC_CONSTRAINTS_free(bc);
i++;
/* Subject Key Identifier */
AssertNotNull(ext = wolfSSL_X509_get_ext(x509, i));
AssertNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext));
AssertIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_subject_key_identifier);
AssertNotNull(asn1str = wolfSSL_X509V3_EXT_d2i(ext));
AssertNotNull(method = wolfSSL_X509V3_EXT_get(ext));
AssertNotNull(method->i2s);
AssertNotNull(str = method->i2s((WOLFSSL_v3_ext_method*)method, asn1str));
wolfSSL_ASN1_STRING_free(asn1str);
actual = strcmp(str,
"73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21");
AssertIntEQ(actual, 0);
XFREE(str, NULL, DYNAMIC_TYPE_TMP_BUFFER);
i++;
/* Authority Key Identifier */
AssertNotNull(ext = wolfSSL_X509_get_ext(x509, i));
AssertNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext));
AssertIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_authority_key_identifier);
AssertNotNull(aKeyId = wolfSSL_X509V3_EXT_d2i(ext));
AssertNotNull(method = wolfSSL_X509V3_EXT_get(ext));
AssertNotNull(asn1str = aKeyId->keyid);
AssertNotNull(str =
wolfSSL_i2s_ASN1_STRING((WOLFSSL_v3_ext_method*)method, asn1str));
actual = strcmp(str,
"73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21");
AssertIntEQ(actual, 0);
XFREE(str, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL_AUTHORITY_KEYID_free(aKeyId);
i++;
/* Key Usage */
AssertNotNull(ext = wolfSSL_X509_get_ext(x509, i));
AssertNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext));
AssertIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_key_usage);
AssertNotNull(asn1str = wolfSSL_X509V3_EXT_d2i(ext));
AssertNotNull(data = wolfSSL_ASN1_STRING_data(asn1str));
expected = KEYUSE_KEY_CERT_SIGN | KEYUSE_CRL_SIGN;
actual = data[0];
AssertIntEQ(actual, expected);
wolfSSL_ASN1_STRING_free(asn1str);
#if 0
i++;
/* Authority Info Access */
AssertNotNull(ext = wolfSSL_X509_get_ext(x509, i));
AssertNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext));
AssertIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_info_access);
AssertNotNull(aia = wolfSSL_X509V3_EXT_d2i(ext));
AssertIntEQ(wolfSSL_sk_num(aia), 1); /* Only one URI entry for this cert */
/* URI entry is an ACCESS_DESCRIPTION type */
AssertNotNull(ad = wolfSSL_sk_value(aia, 0));
AssertNotNull(adObj = ad->method);
/* Make sure nid is OCSP */
AssertIntEQ(wolfSSL_OBJ_obj2nid(adObj), AIA_OCSP_OID);
/* GENERAL_NAME stores URI as an ASN1_STRING */
AssertNotNull(gn = ad->location);
AssertIntEQ(gn->type, GEN_URI); /* Type should always be GEN_URI */
AssertNotNull(asn1str = gn->d.uniformResourceIdentifier);
AssertIntEQ(wolfSSL_ASN1_STRING_length(asn1str), 22);
str = (char*)wolfSSL_ASN1_STRING_data(asn1str);
actual = strcmp(str, "http://127.0.0.1:22220");
AssertIntEQ(actual, 0);
wolfSSL_sk_ACCESS_DESCRIPTION_pop_free(aia, NULL);
XFREE(ad, NULL, DYNAMIC_TYPE_X509_EXT);
#else
(void) aia; (void) ad; (void) adObj; (void) gn;
#endif
wolfSSL_X509_free(x509);
printf(resultFmt, "passed");
#endif
}
static void test_wolfSSL_X509_get_ext(void){
#if !defined(NO_FILESYSTEM) && defined (OPENSSL_ALL)
int ret = 0;
FILE* f;
WOLFSSL_X509* x509;
WOLFSSL_X509_EXTENSION* foundExtension;
AssertNotNull(f = fopen("./certs/server-cert.pem", "rb"));
AssertNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL));
fclose(f);
AssertIntEQ((ret = wolfSSL_X509_get_ext_count(x509)), 3);
printf(testingFmt, "wolfSSL_X509_get_ext() valid input");
AssertNotNull(foundExtension = wolfSSL_X509_get_ext(x509, 0));
printf(resultFmt, "passed");
printf(testingFmt, "wolfSSL_X509_get_ext() valid x509, idx out of bounds");
AssertNull(foundExtension = wolfSSL_X509_get_ext(x509, -1));
AssertNull(foundExtension = wolfSSL_X509_get_ext(x509, 100));
printf(resultFmt, "passed");
printf(testingFmt, "wolfSSL_X509_get_ext() NULL x509, idx out of bounds");
AssertNull(foundExtension = wolfSSL_X509_get_ext(NULL, -1));
AssertNull(foundExtension = wolfSSL_X509_get_ext(NULL, 100));
printf(resultFmt, "passed");
printf(testingFmt, "wolfSSL_X509_get_ext() NULL x509, valid idx");
AssertNull(foundExtension = wolfSSL_X509_get_ext(NULL, 0));
printf(resultFmt, "passed");
wolfSSL_X509_free(x509);
#endif
}
static void test_wolfSSL_X509_get_ext_by_NID(void)
{
#if defined(OPENSSL_ALL)
int rc;
FILE* f;
WOLFSSL_X509* x509;
AssertNotNull(f = fopen("./certs/server-cert.pem", "rb"));
AssertNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL));
fclose(f);
rc = wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, -1);
AssertIntGE(rc, 0);
/* Start search from last location (should fail) */
rc = wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, rc);
AssertIntGE(rc, -1);
rc = wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, -2);
AssertIntGE(rc, -1);
rc = wolfSSL_X509_get_ext_by_NID(NULL, NID_basic_constraints, -1);
AssertIntEQ(rc, -1);
rc = wolfSSL_X509_get_ext_by_NID(x509, NID_undef, -1);
AssertIntEQ(rc, -1);
wolfSSL_X509_free(x509);
#endif
}
static void test_wolfSSL_X509_get_ext_count(void)
{
#if !defined(NO_FILESYSTEM) && defined (OPENSSL_ALL)
FILE* f;
WOLFSSL_X509* x509;
@ -23311,7 +23555,120 @@ static void test_wolfSSL_X509_get_ext_count(void) {
#endif
}
static void test_wolfSSL_X509_cmp(void){
static void test_wolfSSL_X509_EXTENSION_new(void)
{
#if defined (OPENSSL_ALL)
WOLFSSL_X509_EXTENSION* ext;
AssertNotNull(ext = wolfSSL_X509_EXTENSION_new());
AssertNotNull(ext->obj = wolfSSL_ASN1_OBJECT_new());
ext->obj->nid = WOLFSSL_SUCCESS;
AssertIntEQ(WOLFSSL_SUCCESS, ext->obj->nid);
wolfSSL_X509_EXTENSION_free(ext);
#endif
}
static void test_wolfSSL_X509_EXTENSION_get_object(void)
{
#if !defined(NO_FILESYSTEM) && defined (OPENSSL_ALL)
WOLFSSL_X509* x509;
WOLFSSL_X509_EXTENSION* ext;
WOLFSSL_ASN1_OBJECT* o;
FILE* file;
int nid = 0;
AssertNotNull(file = fopen("./certs/server-cert.pem", "rb"));
AssertNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL));
fclose(file);
printf(testingFmt, "wolfSSL_X509_EXTENSION_get_object() testing ext idx 0");
AssertNotNull(ext = wolfSSL_X509_get_ext(x509, 0));
AssertNotNull(o = wolfSSL_X509_EXTENSION_get_object(ext));
AssertIntEQ(o->nid, 128);
nid = o->nid;
printf(resultFmt, nid == 128 ? passed : failed);
printf(testingFmt, "wolfSSL_X509_EXTENSION_get_object() NULL argument");
AssertNull(o = wolfSSL_X509_EXTENSION_get_object(NULL));
printf(resultFmt, passed);
wolfSSL_X509_free(x509);
#endif
}
static void test_wolfSSL_X509_EXTENSION_get_data(void)
{
#if !defined(NO_FILESYSTEM) && defined (OPENSSL_ALL)
WOLFSSL_X509* x509;
WOLFSSL_X509_EXTENSION* ext;
WOLFSSL_ASN1_STRING* str;
FILE* file;
printf(testingFmt, "wolfSSL_X509_EXTENSION_get_data");
AssertNotNull(file = fopen("./certs/server-cert.pem", "rb"));
AssertNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL));
fclose(file);
AssertNotNull(ext = wolfSSL_X509_get_ext(x509, 0));
AssertNotNull(str = wolfSSL_X509_EXTENSION_get_data(ext));
printf(resultFmt, passed);
wolfSSL_X509_free(x509);
#endif
}
static void test_wolfSSL_X509_EXTENSION_get_critical(void)
{
#if !defined(NO_FILESYSTEM) && defined (OPENSSL_ALL)
WOLFSSL_X509* x509;
WOLFSSL_X509_EXTENSION* ext;
FILE* file;
int crit = -1;
printf(testingFmt, "wolfSSL_X509_EXTENSION_get_critical");
AssertNotNull(file = fopen("./certs/server-cert.pem", "rb"));
AssertNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL));
fclose(file);
AssertNotNull(ext = wolfSSL_X509_get_ext(x509, 0));
crit = wolfSSL_X509_EXTENSION_get_critical(ext);
AssertIntEQ(crit, 0);
printf(resultFmt, passed);
wolfSSL_X509_free(x509);
#endif
}
static void test_wolfSSL_X509V3_EXT_print(void)
{
#if !defined(NO_FILESYSTEM) && defined (OPENSSL_ALL)
FILE* f;
WOLFSSL_X509* x509;
X509_EXTENSION * ext = NULL;
int loc;
BIO *bio = NULL;
AssertNotNull(f = fopen("./certs/server-cert.pem", "rb"));
AssertNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL));
fclose(f);
loc = wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, -1);
AssertIntGT(loc, -1);
AssertNotNull(ext = wolfSSL_X509_get_ext(x509, loc));
AssertNotNull(bio = wolfSSL_BIO_new(BIO_s_mem()));
AssertIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), WOLFSSL_SUCCESS);
wolfSSL_BIO_free(bio);
wolfSSL_X509_free(x509);
#endif
}
static void test_wolfSSL_X509_cmp(void)
{
#if defined(OPENSSL_ALL)
FILE* file1;
FILE* file2;
@ -25385,6 +25742,63 @@ static void test_wolfSSL_X509_print()
#endif
}
static void test_wolfSSL_ASN1_STRING_print(void){
#if defined(OPENSSL_ALL) && !defined(NO_ASN) && !defined(NO_CERTS)
ASN1_STRING* asnStr = NULL;
const char HELLO_DATA[]= \
{'H','e','l','l','o',' ','w','o','l','f','S','S','L','!'};
const unsigned int MAX_UNPRINTABLE_CHAR = 32;
const unsigned int MAX_BUF = 255;
const int LF = 10, CR = 13;
unsigned char unprintableData[MAX_UNPRINTABLE_CHAR + sizeof(HELLO_DATA)];
unsigned char expected[sizeof(unprintableData)+1];
unsigned char rbuf[MAX_BUF];
BIO *bio;
int p_len, i;
printf(testingFmt, "wolfSSL_ASN1_STRING_print()");
/* setup */
for (i = 0; i < (int)sizeof(HELLO_DATA); i++) {
unprintableData[i] = HELLO_DATA[i];
expected[i] = HELLO_DATA[i];
}
for (i = 0; i < (int)MAX_UNPRINTABLE_CHAR; i++) {
unprintableData[sizeof(HELLO_DATA)+i] = i;
if (i == LF || i == CR)
expected[sizeof(HELLO_DATA)+i] = i;
else
expected[sizeof(HELLO_DATA)+i] = '.';
}
unprintableData[sizeof(unprintableData)-1] = '\0';
expected[sizeof(expected)-1] = '\0';
XMEMSET(rbuf, 0, MAX_BUF);
bio = BIO_new(BIO_s_mem());
BIO_set_write_buf_size(bio, MAX_BUF);
asnStr = ASN1_STRING_type_new(V_ASN1_OCTET_STRING);
ASN1_STRING_set(asnStr,(const void*)unprintableData,
sizeof(unprintableData));
/* test */
p_len = wolfSSL_ASN1_STRING_print(bio, asnStr);
AssertIntEQ(p_len, 46);
BIO_read(bio, (void*)rbuf, 46);
AssertStrEQ((char*)rbuf, (const char*)expected);
BIO_free(bio);
ASN1_STRING_free(asnStr);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && !NO_ASN && !NO_CERTS */
}
static void test_wolfSSL_RSA_verify()
{
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_FAST_RSA) && \
@ -25675,6 +26089,7 @@ void ApiTest(void)
test_wolfSSL_ERR_put_error();
test_wolfSSL_HMAC();
test_wolfSSL_OBJ();
test_wolfSSL_i2a_ASN1_OBJECT();
test_wolfSSL_X509_NAME_ENTRY();
test_wolfSSL_BIO_gets();
test_wolfSSL_d2i_PUBKEY();
@ -25718,8 +26133,18 @@ void ApiTest(void)
test_wolfSSL_X509_print();
test_wolfSSL_RSA_verify();
test_wolfSSL_X509V3_EXT_get();
test_wolfSSL_X509V3_EXT_d2i();
test_wolfSSL_X509_get_ext();
test_wolfSSL_X509_get_ext_by_NID();
test_wolfSSL_X509_get_ext_count();
test_wolfSSL_X509_EXTENSION_new();
test_wolfSSL_X509_EXTENSION_get_object();
test_wolfSSL_X509_EXTENSION_get_data();
test_wolfSSL_X509_EXTENSION_get_critical();
test_wolfSSL_X509V3_EXT_print();
test_wolfSSL_X509_cmp();
test_wolfSSL_ASN1_STRING_print();
/* test the no op functions for compatibility */
test_no_op_functions();

26
wolfcrypt/src/evp.c

@ -1622,3 +1622,29 @@ WOLFSSL_API int wolfSSL_PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
return WOLFSSL_FAILURE;
}
#endif /* OPENSSL_EXTRA && !NO_PWDBASED !NO_SHA*/
#if defined(OPENSSL_EXTRA) && !defined(NO_PWDBASED)
WOLFSSL_API int wolfSSL_PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
const unsigned char *salt,
int saltlen, int iter,
const WOLFSSL_EVP_MD *digest,
int keylen, unsigned char *out)
{
const char *nostring = "";
int ret = 0;
if (pass == NULL) {
passlen = 0;
pass = nostring;
} else if (passlen == -1) {
passlen = (int)XSTRLEN(pass);
}
ret = wc_PBKDF2((byte*)out, (byte*)pass, passlen, (byte*)salt, saltlen,
iter, keylen, wolfSSL_EVP_MD_type(digest));
if (ret == 0)
return WOLFSSL_SUCCESS;
else
return WOLFSSL_FAILURE;
}
#endif /* OPENSSL_EXTRA && !NO_PWDBASED */

52
wolfssl/internal.h

@ -3442,20 +3442,22 @@ struct WOLFSSL_STACK {
unsigned long num; /* number of nodes in stack
* (safety measure for freeing and shortcut for count) */
union {
WOLFSSL_X509* x509;
WOLFSSL_X509_NAME* name;
WOLFSSL_BIO* bio;
WOLFSSL_ASN1_OBJECT* obj;
#if defined(OPENSSL_ALL)
WOLFSSL_X509* x509;
WOLFSSL_X509_NAME* name;
WOLFSSL_BIO* bio;
WOLFSSL_ASN1_OBJECT* obj;
WOLFSSL_CIPHER* cipher;
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
WOLFSSL_ACCESS_DESCRIPTION* access;
#endif
char* string;
WOLFSSL_X509_EXTENSION* ext;
#endif
void* generic;
char* string;
} data;
WOLFSSL_STACK* next;
byte type; /* Identifies type of stack. */
};
struct WOLFSSL_X509_NAME {
char *name;
int dynamicName;
@ -3492,11 +3494,19 @@ struct WOLFSSL_X509 {
byte hwType[EXTERNAL_SERIAL_SIZE];
int hwSerialNumSz;
byte hwSerialNum[EXTERNAL_SERIAL_SIZE];
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
byte certPolicySet;
byte certPolicyCrit;
#endif /* OPENSSL_EXTRA */
#endif
#endif /* WOLFSSL_SEP */
#if (defined(WOLFSSL_SEP) || defined(WOLFSSL_QT) || defined (OPENSSL_ALL)) && \
(defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
byte certPolicySet;
byte certPolicyCrit;
#endif /* (WOLFSSL_SEP || WOLFSSL_QT) && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */
#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
WOLFSSL_ASN1_TIME* notAfterTime;
WOLFSSL_ASN1_TIME* notBeforeTime;
WOLFSSL_STACK* ext_sk; /* Store X509_EXTENSIONS from wolfSSL_X509_get_ext */
WOLFSSL_STACK* ext_d2i;/* Store d2i extensions from wolfSSL_X509_get_ext_d2i */
WOLFSSL_ASN1_INTEGER* serialNumber; /* Stores SN from wolfSSL_X509_get_serialNumber */
#endif /* WOLFSSL_QT || OPENSSL_ALL */
int notBeforeSz;
int notAfterSz;
byte notBefore[MAX_DATE_SZ];
@ -3507,12 +3517,12 @@ struct WOLFSSL_X509 {
buffer pubKey;
int pubKeyOID;
DNS_entry* altNamesNext; /* hint for retrieval */
#if defined(HAVE_ECC) || defined(HAVE_ED25519)
word32 pkCurveOID;
#endif /* HAVE_ECC */
#ifndef NO_CERTS
DerBuffer* derCert; /* may need */
#endif
#if defined(HAVE_ECC) || defined(HAVE_ED25519)
word32 pkCurveOID;
#endif /* HAVE_ECC */
#ifndef NO_CERTS
DerBuffer* derCert; /* may need */
#endif
void* heap; /* heap hint */
byte dynamicMemory; /* dynamic memory flag */
byte isCa:1;
@ -3533,6 +3543,10 @@ struct WOLFSSL_X509 {
byte* extKeyUsageSrc;
const byte* CRLInfo;
byte* authInfo;
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
byte* authInfoCaIssuer;
int authInfoCaIssuerSz;
#endif
word32 pathLength;
word16 keyUsage;
int CRLInfoSz;

6
wolfssl/openssl/evp.h

@ -436,6 +436,11 @@ WOLFSSL_API int wolfSSL_PKCS5_PBKDF2_HMAC_SHA1(const char * pass, int passlen,
int saltlen, int iter,
int keylen, unsigned char *out);
WOLFSSL_API int wolfSSL_PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
const unsigned char *salt,
int saltlen, int iter,
const WOLFSSL_EVP_MD *digest,
int keylen, unsigned char *out);
#define EVP_CIPH_STREAM_CIPHER WOLFSSL_EVP_CIPH_STREAM_CIPHER
#define EVP_CIPH_ECB_MODE WOLFSSL_EVP_CIPH_ECB_MODE
#define EVP_CIPH_CBC_MODE WOLFSSL_EVP_CIPH_CBC_MODE
@ -611,6 +616,7 @@ typedef WOLFSSL_EVP_CIPHER_CTX EVP_CIPHER_CTX;
#define wolfSSL_OPENSSL_add_all_algorithms_noconf wolfSSL_OpenSSL_add_all_algorithms_noconf
#define PKCS5_PBKDF2_HMAC_SHA1 wolfSSL_PKCS5_PBKDF2_HMAC_SHA1
#define PKCS5_PBKDF2_HMAC wolfSSL_PKCS5_PBKDF2_HMAC
#ifndef EVP_MAX_MD_SIZE
#define EVP_MAX_MD_SIZE 64 /* sha512 */

19
wolfssl/openssl/ssl.h

@ -88,6 +88,7 @@ typedef WOLFSSL_ASN1_STRING ASN1_STRING;
typedef WOLFSSL_dynlock_value CRYPTO_dynlock_value;
typedef WOLFSSL_BUF_MEM BUF_MEM;
typedef WOLFSSL_GENERAL_NAME GENERAL_NAME;
typedef WOLFSSL_GENERAL_NAMES GENERAL_NAMES;
#define ASN1_UTCTIME WOLFSSL_ASN1_TIME
#define ASN1_GENERALIZEDTIME WOLFSSL_ASN1_TIME
@ -261,9 +262,16 @@ typedef WOLFSSL_X509_VERIFY_PARAM X509_VERIFY_PARAM;
#define SSL_SESSION_get_master_key wolfSSL_SESSION_get_master_key
#define SSL_SESSION_get_master_key_length wolfSSL_SESSION_get_master_key_length
#if defined(OPENSSL_ALL)
#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
#define ASN1_BOOLEAN WOLFSSL_ASN1_BOOLEAN
#define X509_get_ext wolfSSL_X509_get_ext
#define X509_cmp wolfSSL_X509_cmp
#define X509_get_ext_count wolfSSL_X509_get_ext_count
#define X509_EXTENSION_get_object wolfSSL_X509_EXTENSION_get_object
#define X509_EXTENSION_get_critical wolfSSL_X509_EXTENSION_get_critical
#define X509_EXTENSION_get_data wolfSSL_X509_EXTENSION_get_data
#define X509_EXTENSION_new wolfSSL_X509_EXTENSION_new
#define X509_EXTENSION_free wolfSSL_X509_EXTENSION_free
#endif
#define DSA_dup_DH wolfSSL_DSA_dup_DH
@ -292,6 +300,7 @@ typedef WOLFSSL_X509_VERIFY_PARAM X509_VERIFY_PARAM;
#define X509_load_certificate_file wolfSSL_X509_load_certificate_file
#define X509_digest wolfSSL_X509_digest
#define X509_get_ext_d2i wolfSSL_X509_get_ext_d2i
#define X509_get_ext_by_NID wolfSSL_X509_get_ext_by_NID
#define X509_get_issuer_name wolfSSL_X509_get_issuer_name
#define X509_get_subject_name wolfSSL_X509_get_subject_name
#define X509_get_pubkey wolfSSL_X509_get_pubkey
@ -487,11 +496,14 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING;
#define ASN1_INTEGER_set wolfSSL_ASN1_INTEGER_set
#define ASN1_INTEGER_to_BN wolfSSL_ASN1_INTEGER_to_BN
#define i2a_ASN1_OBJECT wolfSSL_i2a_ASN1_OBJECT
#define ASN1_STRING_data wolfSSL_ASN1_STRING_data
#define ASN1_STRING_get0_data wolfSSL_ASN1_STRING_data
#define ASN1_STRING_length wolfSSL_ASN1_STRING_length
#define ASN1_STRING_to_UTF8 wolfSSL_ASN1_STRING_to_UTF8
#define ASN1_STRING_print_ex wolfSSL_ASN1_STRING_print_ex
#define ASN1_STRING_print(x, y) wolfSSL_ASN1_STRING_print ((WOLFSSL_BIO*)(x), (WOLFSSL_ASN1_STRING*)(y))
#define ASN1_UTCTIME_pr wolfSSL_ASN1_UTCTIME_pr
@ -504,7 +516,7 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING;
#define SSL_CTX_get_client_CA_list wolfSSL_SSL_CTX_get_client_CA_list
#define SSL_CTX_set_client_CA_list wolfSSL_CTX_set_client_CA_list
#define SSL_CTX_set_cert_store wolfSSL_CTX_set_cert_store
#define SSL_CTX_get_cert_store wolfSSL_CTX_get_cert_store
#define SSL_CTX_get_cert_store(x) wolfSSL_CTX_get_cert_store ((WOLFSSL_CTX*) (x))
#define SSL_get_ex_data_X509_STORE_CTX_idx wolfSSL_get_ex_data_X509_STORE_CTX_idx
#define SSL_get_ex_data wolfSSL_get_ex_data
@ -701,7 +713,6 @@ enum {
#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)
#include <wolfssl/openssl/pem.h>
typedef STACK_OF(WOLFSSL_ASN1_OBJECT) GENERAL_NAMES;
#define SSL_CTRL_CHAIN 88
#define BIO_CTRL_WPENDING 13
#define GEN_IPADD 7
@ -717,7 +728,6 @@ typedef STACK_OF(WOLFSSL_ASN1_OBJECT) GENERAL_NAMES;
#define d2i_PrivateKey_bio wolfSSL_d2i_PrivateKey_bio
#define BIO_new_bio_pair wolfSSL_BIO_new_bio_pair
#define SSL_get_verify_callback wolfSSL_get_verify_callback
#define GENERAL_NAMES_free(GENERAL_NAMES)NULL
#define SSL_set_mode(ssl,op) wolfSSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL)
@ -856,6 +866,7 @@ typedef STACK_OF(WOLFSSL_ASN1_OBJECT) GENERAL_NAMES;
#define SSL_SESSION_get_id wolfSSL_SESSION_get_id
#define sk_GENERAL_NAME_pop_free wolfSSL_sk_GENERAL_NAME_pop_free
#define GENERAL_NAME_free wolfSSL_GENERAL_NAME_free
#define GENERAL_NAMES_free wolfSSL_GENERAL_NAMES_free
#define SSL3_AL_FATAL 2
#define SSL_TLSEXT_ERR_OK 0

55
wolfssl/openssl/x509v3.h

@ -31,12 +31,67 @@
extern "C" {
#endif
/* Forward reference */
typedef struct WOLFSSL_v3_ext_method WOLFSSL_v3_ext_method;
typedef void *(*X509V3_EXT_D2I)(void *, const unsigned char **, long);
typedef STACK_OF(CONF_VALUE) *(*X509V3_EXT_I2V) (
struct WOLFSSL_v3_ext_method *method,
void *ext, STACK_OF(CONF_VALUE) *extlist);
typedef char *(*X509V3_EXT_I2S)(struct WOLFSSL_v3_ext_method *method, void *ext);
typedef int (*X509V3_EXT_I2R) (struct WOLFSSL_v3_ext_method *method,
void *ext, BIO *out, int indent);
typedef struct WOLFSSL_v3_ext_method X509V3_EXT_METHOD;
struct WOLFSSL_v3_ext_method {
int ext_nid;
int ext_flags;
void *usr_data;
X509V3_EXT_D2I d2i;
X509V3_EXT_I2V i2v;
X509V3_EXT_I2S i2s;
X509V3_EXT_I2R i2r;
};
#define WOLFSSL_ASN1_BOOLEAN int
struct WOLFSSL_X509_EXTENSION {
WOLFSSL_ASN1_OBJECT *obj;
WOLFSSL_ASN1_BOOLEAN crit;
WOLFSSL_ASN1_STRING value;
WOLFSSL_v3_ext_method ext_method;
WOLFSSL_STACK* ext_sk; /* For extension specific data */
};
struct WOLFSSL_ACCESS_DESCRIPTION {
WOLFSSL_ASN1_OBJECT *method;
WOLFSSL_GENERAL_NAME *location;
};
typedef struct WOLFSSL_AUTHORITY_KEYID AUTHORITY_KEYID;
typedef struct WOLFSSL_BASIC_CONSTRAINTS BASIC_CONSTRAINTS;
typedef struct WOLFSSL_ACCESS_DESCRIPTION ACCESS_DESCRIPTION;
typedef WOLF_STACK_OF(WOLFSSL_ACCESS_DESCRIPTION) WOLFSSL_AUTHORITY_INFO_ACCESS;
WOLFSSL_API void wolfSSL_BASIC_CONSTRAINTS_free(WOLFSSL_BASIC_CONSTRAINTS *bc);
WOLFSSL_API void wolfSSL_AUTHORITY_KEYID_free(WOLFSSL_AUTHORITY_KEYID *id);
WOLFSSL_API const WOLFSSL_v3_ext_method* wolfSSL_X509V3_EXT_get(
WOLFSSL_X509_EXTENSION* ex);
WOLFSSL_API void* wolfSSL_X509V3_EXT_d2i(WOLFSSL_X509_EXTENSION* ex);
WOLFSSL_API char* wolfSSL_i2s_ASN1_STRING(WOLFSSL_v3_ext_method *method,
const WOLFSSL_ASN1_STRING *s);
WOLFSSL_API int wolfSSL_X509V3_EXT_print(WOLFSSL_BIO *out,
WOLFSSL_X509_EXTENSION *ext, unsigned long flag, int indent);
#define BASIC_CONSTRAINTS_free wolfSSL_BASIC_CONSTRAINTS_free
#define AUTHORITY_KEYID_free wolfSSL_AUTHORITY_KEYID_free
#define SSL_CTX_get_cert_store(x) wolfSSL_CTX_get_cert_store ((WOLFSSL_CTX*) (x))
#define ASN1_INTEGER WOLFSSL_ASN1_INTEGER
#define ASN1_OCTET_STRING WOLFSSL_ASN1_STRING
#define X509V3_EXT_get wolfSSL_X509V3_EXT_get
#define X509V3_EXT_d2i wolfSSL_X509V3_EXT_d2i
#define i2s_ASN1_OCTET_STRING wolfSSL_i2s_ASN1_STRING
#define X509V3_EXT_print wolfSSL_X509V3_EXT_print
#ifdef __cplusplus
}

62
wolfssl/ssl.h

@ -180,6 +180,8 @@ typedef struct WOLFSSL_DH WOLFSSL_DH;
typedef struct WOLFSSL_ASN1_BIT_STRING WOLFSSL_ASN1_BIT_STRING;
typedef struct WOLFSSL_GENERAL_NAME WOLFSSL_GENERAL_NAME;
typedef struct WOLFSSL_AUTHORITY_KEYID WOLFSSL_AUTHORITY_KEYID;
typedef struct WOLFSSL_BASIC_CONSTRAINTS WOLFSSL_BASIC_CONSTRAINTS;
typedef struct WOLFSSL_ACCESS_DESCRIPTION WOLFSSL_ACCESS_DESCRIPTION;
#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)
@ -196,6 +198,17 @@ struct WOLFSSL_GENERAL_NAME {
} d;
};
struct WOLFSSL_AUTHORITY_KEYID {
WOLFSSL_ASN1_STRING *keyid;
WOLFSSL_ASN1_OBJECT *issuer;
WOLFSSL_ASN1_INTEGER *serial;
};
struct WOLFSSL_BASIC_CONSTRAINTS {
int ca;
WOLFSSL_ASN1_INTEGER *pathlen;
};
#endif /* OPENSSL_ALL || OPENSSL_EXTRA*/
#define WOLFSSL_ASN1_UTCTIME WOLFSSL_ASN1_TIME
@ -212,6 +225,10 @@ struct WOLFSSL_ASN1_INTEGER {
unsigned char* data;
unsigned int dataMax; /* max size of data buffer */
unsigned int isDynamic:1; /* flag for if data pointer dynamic (1 is yes 0 is no) */
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
int length;
#endif
};
struct WOLFSSL_ASN1_TIME {
@ -242,11 +259,20 @@ struct WOLFSSL_ASN1_OBJECT {
unsigned char dynamic; /* if 1 then obj was dynamiclly created, 0 otherwise */
#define WOLFSSL_ASN1_DYNAMIC 0x1
#define WOLFSSL_ASN1_DYNAMIC_DATA 0x2
struct d { /* dereferenced */
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
int ca;
WOLFSSL_ASN1_INTEGER *pathlen;
#endif
struct d { /* derefrenced */
WOLFSSL_ASN1_STRING* dNSName;
WOLFSSL_ASN1_STRING ia5_internal;
WOLFSSL_ASN1_STRING* ia5; /* points to ia5_internal */
WOLFSSL_ASN1_STRING* dNSName;
WOLFSSL_ASN1_STRING* iPAddress;
#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
WOLFSSL_ASN1_STRING* uniformResourceIdentifier;
WOLFSSL_ASN1_STRING iPAddress_internal;
#endif
WOLFSSL_ASN1_STRING* iPAddress; /* points to iPAddress_internal */
} d;
};
@ -810,10 +836,15 @@ WOLFSSL_API const char* wolfSSL_ERR_reason_error_string(unsigned long);
#include "wolfssl/wolfcrypt/asn.h"
#endif
#if defined(OPENSSL_ALL)
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
WOLFSSL_API int wolfSSL_sk_ACCESS_DESCRIPTION_push(
WOLF_STACK_OF(ACCESS_DESCRIPTION)* sk,
WOLFSSL_ACCESS_DESCRIPTION* access);
WOLFSSL_API void wolfSSL_sk_ACCESS_DESCRIPTION_pop_free(WOLFSSL_STACK* sk,
void f (WOLFSSL_ACCESS_DESCRIPTION*));
#endif /* defined(OPENSSL_ALL) */
#endif /* defined(OPENSSL_ALL) || defined(WOLFSSL_QT) */
typedef WOLF_STACK_OF(WOLFSSL_GENERAL_NAME) WOLFSSL_GENERAL_NAMES;
WOLFSSL_API int wolfSSL_sk_X509_push(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk,
WOLFSSL_X509* x509);
@ -826,8 +857,10 @@ WOLFSSL_API int wolfSSL_sk_GENERAL_NAME_num(WOLFSSL_STACK* sk);
WOLFSSL_API void wolfSSL_sk_GENERAL_NAME_pop_free(WOLFSSL_STACK* sk,
void f (WOLFSSL_GENERAL_NAME*));
WOLFSSL_API void wolfSSL_GENERAL_NAME_free(WOLFSSL_GENERAL_NAME* name);
WOLFSSL_API void wolfSSL_GENERAL_NAMES_free(WOLFSSL_GENERAL_NAMES* name);
WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_ASN1_OBJECT_new(void);
WOLFSSL_API void wolfSSL_ASN1_OBJECT_free(WOLFSSL_ASN1_OBJECT* obj);
WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_new_asn1_obj(void);
WOLFSSL_API int wolfSSL_sk_ASN1_OBJECT_push(WOLF_STACK_OF(WOLFSSL_ASN1_OBJEXT)* sk,
WOLFSSL_ASN1_OBJECT* obj);
WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_sk_ASN1_OBJECT_pop(
@ -1069,6 +1102,8 @@ WOLFSSL_API WOLFSSL_X509_REVOKED* wolfSSL_sk_X509_REVOKED_value(
WOLFSSL_API WOLFSSL_ASN1_INTEGER* wolfSSL_X509_get_serialNumber(WOLFSSL_X509*);
WOLFSSL_API void wolfSSL_ASN1_INTEGER_free(WOLFSSL_ASN1_INTEGER*);
WOLFSSL_API WOLFSSL_ASN1_INTEGER* wolfSSL_ASN1_INTEGER_new(void);
WOLFSSL_API WOLFSSL_ASN1_INTEGER* wolfSSL_ASN1_INTEGER_dup(
const WOLFSSL_ASN1_INTEGER* src);
WOLFSSL_API int wolfSSL_ASN1_INTEGER_set(WOLFSSL_ASN1_INTEGER *a, long v);
WOLFSSL_API int wolfSSL_ASN1_TIME_print(WOLFSSL_BIO*, const WOLFSSL_ASN1_TIME*);
@ -2729,6 +2764,8 @@ WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_NAME_new(void);
WOLFSSL_API int wolfSSL_check_private_key(const WOLFSSL* ssl);
WOLFSSL_API void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509,
int nid, int* c, int* idx);
WOLFSSL_API int wolfSSL_X509_get_ext_by_NID(const WOLFSSL_X509* x509,
int nid, int lastPos);
WOLFSSL_API int wolfSSL_X509_digest(const WOLFSSL_X509* x509,
const WOLFSSL_EVP_MD* digest, unsigned char* buf, unsigned int* len);
WOLFSSL_API int wolfSSL_use_certificate(WOLFSSL* ssl, WOLFSSL_X509* x509);
@ -2743,9 +2780,20 @@ WOLFSSL_API int wolfSSL_use_RSAPrivateKey_ASN1(WOLFSSL* ssl, unsigned char* der,
WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_ASN1(int pri, WOLFSSL_CTX* ctx,
unsigned char* der, long derSz);
#if defined(OPENSSL_ALL)
#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
WOLFSSL_API int wolfSSL_X509_cmp(const WOLFSSL_X509* a, const WOLFSSL_X509* b);
WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509_get_ext(const WOLFSSL_X509* x, int loc);
WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x, int loc);
WOLFSSL_API int wolfSSL_X509_get_ext_count(const WOLFSSL_X509* passed_cert);
WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_X509_EXTENSION_get_object(WOLFSSL_X509_EXTENSION* ex);
WOLFSSL_API int wolfSSL_X509_EXTENSION_get_critical(const WOLFSSL_X509_EXTENSION* ex);
WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_X509_EXTENSION_get_data(WOLFSSL_X509_EXTENSION* ex);
WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509_EXTENSION_new(void);
WOLFSSL_API int wolfSSL_sk_X509_EXTENSION_push(WOLFSSL_STACK* sk,
WOLFSSL_X509_EXTENSION* ext);
WOLFSSL_API void wolfSSL_sk_X509_EXTENSION_free(WOLFSSL_STACK* sk);
WOLFSSL_API void wolfSSL_X509_EXTENSION_free(WOLFSSL_X509_EXTENSION* ext_to_free);
WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_new_x509_ext(void);
#endif
#endif /* NO_CERTS */
@ -3137,6 +3185,7 @@ WOLFSSL_API void X509_ALGOR_get0(WOLFSSL_ASN1_OBJECT **paobj, int *pptype, const
WOLFSSL_API void *X509_get_X509_PUBKEY(void * x);
WOLFSSL_API int X509_PUBKEY_get0_param(WOLFSSL_ASN1_OBJECT **ppkalg, const unsigned char **pk, int *ppklen, void **pa, WOLFSSL_EVP_PKEY *pub);
WOLFSSL_API int i2t_ASN1_OBJECT(char *buf, int buf_len, WOLFSSL_ASN1_OBJECT *a);
WOLFSSL_API int wolfSSL_i2a_ASN1_OBJECT(WOLFSSL_BIO *bp, WOLFSSL_ASN1_OBJECT *a);
WOLFSSL_API void SSL_CTX_set_tmp_dh_callback(WOLFSSL_CTX *ctx, WOLFSSL_DH *(*dh) (WOLFSSL *ssl, int is_export, int keylength));
WOLFSSL_API WOLF_STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
WOLFSSL_API int X509_STORE_load_locations(WOLFSSL_X509_STORE *ctx, const char *file, const char *dir);
@ -3149,6 +3198,7 @@ WOLFSSL_API void wolfSSL_EC_POINT_dump(const char *msg, const WOLFSSL_EC_POINT *
WOLFSSL_API const char *wolfSSL_ASN1_tag2str(int tag);
WOLFSSL_API int wolfSSL_ASN1_STRING_print_ex(WOLFSSL_BIO *out, WOLFSSL_ASN1_STRING *str, unsigned long flags);
WOLFSSL_API int wolfSSL_ASN1_STRING_print(WOLFSSL_BIO *out, WOLFSSL_ASN1_STRING *str);
WOLFSSL_API int wolfSSL_ASN1_TIME_get_length(WOLFSSL_ASN1_TIME *t);
WOLFSSL_API unsigned char* wolfSSL_ASN1_TIME_get_data(WOLFSSL_ASN1_TIME *t);
WOLFSSL_API WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_to_generalizedtime(WOLFSSL_ASN1_TIME *t,

1
wolfssl/wolfcrypt/asn.h

@ -168,6 +168,7 @@ enum
NID_info_access = 69,
NID_sinfo_access = 79, /* id-pe 11 */
NID_name_constraints = 144, /* 2.5.29.30 */
NID_crl_distribution_points = 145, /* 2.5.29.31 */
NID_certificate_policies = 146,
NID_policy_mappings = 147,
NID_policy_constraints = 150,