mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #5662 from Uriah-wolfSSL/haproxy-update-2.6.0

Browse Source
This commit is contained in:
Hayden Roche 2022-10-25 07:47:54 -07:00 committed by GitHub
commit 2b72a50688
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 201 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
src/crl.c
View File

@ -99,7 +99,17 @@ static int InitCRL_Entry(CRL_Entry* crle, DecodedCRL* dcrl, const byte* buff,
crle->lastDateFormat = dcrl->lastDateFormat;
crle->nextDateFormat = dcrl->nextDateFormat;
crle->version = dcrl->version;
#if defined(OPENSSL_EXTRA)
crle->lastDateAsn1.length = MAX_DATE_SIZE;
XMEMCPY (crle->lastDateAsn1.data, crle->lastDate,
crle->lastDateAsn1.length);
crle->lastDateAsn1.type = crle->lastDateFormat;
crle->nextDateAsn1.length = MAX_DATE_SIZE;
XMEMCPY (crle->nextDateAsn1.data, crle->nextDate,
crle->nextDateAsn1.length);
crle->nextDateAsn1.type = crle->nextDateFormat;
crle->issuer = NULL;
wolfSSL_d2i_X509_NAME(&crle->issuer, (unsigned char**)&dcrl->issuer,
dcrl->issuerSz);
@ -696,6 +706,17 @@ static CRL_Entry* DupCRL_Entry(const CRL_Entry* ent, void* heap)
dupl->lastDateFormat = ent->lastDateFormat;
dupl->nextDateFormat = ent->nextDateFormat;
#if defined(OPENSSL_EXTRA)
dupl->lastDateAsn1.length = MAX_DATE_SIZE;
XMEMCPY (dupl->lastDateAsn1.data, dupl->lastDate,
dupl->lastDateAsn1.length);
dupl->lastDateAsn1.type = dupl->lastDateFormat;
dupl->nextDateAsn1.length = MAX_DATE_SIZE;
XMEMCPY (dupl->nextDateAsn1.data, dupl->nextDate,
dupl->nextDateAsn1.length);
dupl->nextDateAsn1.type = dupl->nextDateFormat;
#endif
#ifdef CRL_STATIC_REVOKED_LIST
XMEMCPY(dupl->certs, ent->certs, ent->totalCerts*sizeof(RevokedCert));
#else

45
src/ocsp.c
View File

@ -1068,6 +1068,51 @@ int wolfSSL_i2d_OCSP_CERTID(WOLFSSL_OCSP_CERTID* id, unsigned char** data)
return id->rawCertIdSize;
}
WOLFSSL_OCSP_CERTID* wolfSSL_d2i_OCSP_CERTID(WOLFSSL_OCSP_CERTID** cidOut,
const unsigned char** derIn,
int length)
{
WOLFSSL_OCSP_CERTID *cid = NULL;
if ((cidOut != NULL) && (derIn != NULL) && (*derIn != NULL) &&
(length > 0)) {
cid = *cidOut;
/* If a NULL is passed we allocate the memory for the caller. */
if (cid == NULL) {
cid = (WOLFSSL_OCSP_CERTID*)XMALLOC(sizeof(*cid), NULL,
DYNAMIC_TYPE_OPENSSL);
}
else if (cid->rawCertId != NULL) {
XFREE(cid->rawCertId, NULL, DYNAMIC_TYPE_OPENSSL);
cid->rawCertId = NULL;
cid->rawCertIdSize = 0;
}
if (cid != NULL) {
cid->rawCertId = (byte*)XMALLOC(length + 1, NULL, DYNAMIC_TYPE_OPENSSL);
if (cid->rawCertId != NULL) {
XMEMCPY(cid->rawCertId, *derIn, length);
cid->rawCertIdSize = length;
/* Per spec. advance past the data that is being returned
* to the caller. */
*cidOut = cid;
*derIn = *derIn + length;
return cid;
}
}
}
if (cid && (!cidOut || cid != *cidOut)) {
XFREE(cid, NULL, DYNAMIC_TYPE_OPENSSL);
}
return NULL;
}
const WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_SINGLERESP_get0_id(const WOLFSSL_OCSP_SINGLERESP *single)
{
return single;

54
src/x509.c
View File

@ -7595,7 +7595,7 @@ int wolfSSL_X509_CRL_get_signature_nid(const WOLFSSL_X509_CRL* crl)
}
/* Retrieve signature from CRL
* return WOLFSSL_SUCCESS on success
* return WOLFSSL_SUCCESS on success and negative values on failure
*/
int wolfSSL_X509_CRL_get_signature(WOLFSSL_X509_CRL* crl,
unsigned char* buf, int* bufSz)
@ -7613,7 +7613,7 @@ int wolfSSL_X509_CRL_get_signature(WOLFSSL_X509_CRL* crl,
}
/* Retrieve serial number from RevokedCert
* return WOLFSSL_SUCCESS on success
* return WOLFSSL_SUCCESS on success and negative values on failure
*/
int wolfSSL_X509_REVOKED_get_serial_number(RevokedCert* rev,
byte* in, int* inOutSz)
@ -7635,8 +7635,32 @@ int wolfSSL_X509_REVOKED_get_serial_number(RevokedCert* rev,
return WOLFSSL_SUCCESS;
}
const WOLFSSL_ASN1_INTEGER* wolfSSL_X509_REVOKED_get0_serial_number(const
WOLFSSL_X509_REVOKED *rev)
{
WOLFSSL_ENTER("wolfSSL_X509_REVOKED_get0_serial_number");
if (rev != NULL) {
return rev->serialNumber;
}
else
return NULL;
}
#ifndef NO_WOLFSSL_STUB
const WOLFSSL_ASN1_TIME* wolfSSL_X509_REVOKED_get0_revocation_date(const
WOLFSSL_X509_REVOKED *rev)
{
WOLFSSL_STUB("wolfSSL_X509_REVOKED_get0_revocation_date");
(void) rev;
return NULL;
}
#endif
/* print serial number out
* return WOLFSSL_SUCCESS on success
* return WOLFSSL_SUCCESS on success
*/
static int X509RevokedPrintSerial(WOLFSSL_BIO* bio, RevokedCert* rev,
int indent)
@ -8015,23 +8039,25 @@ void wolfSSL_X509_CRL_free(WOLFSSL_X509_CRL *crl)
#endif /* HAVE_CRL && (OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL) */
#ifdef OPENSSL_EXTRA
#ifndef NO_WOLFSSL_STUB
WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_lastUpdate(WOLFSSL_X509_CRL* crl)
{
(void)crl;
WOLFSSL_STUB("X509_CRL_get_lastUpdate");
return 0;
if ((crl != NULL) && (crl->crlList != NULL) &&
(crl->crlList->lastDateAsn1.data[0] != 0)) {
return &crl->crlList->lastDateAsn1;
}
else
return NULL;
}
#endif
#ifndef NO_WOLFSSL_STUB
WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_nextUpdate(WOLFSSL_X509_CRL* crl)
{
(void)crl;
WOLFSSL_STUB("X509_CRL_get_nextUpdate");
return 0;
if ((crl != NULL) && (crl->crlList != NULL) &&
(crl->crlList->nextDateAsn1.data[0] != 0)) {
return &crl->crlList->nextDateAsn1;
}
else
return NULL;
}
#endif
#ifndef NO_WOLFSSL_STUB
int wolfSSL_X509_CRL_verify(WOLFSSL_X509_CRL* crl, WOLFSSL_EVP_PKEY* key)

68
tests/api.c
View File

@ -48439,6 +48439,73 @@ static int test_wolfSSL_i2d_OCSP_CERTID(void)
return 0;
}
static int test_wolfSSL_d2i_OCSP_CERTID(void)
{
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY)) && defined(HAVE_OCSP)
WOLFSSL_OCSP_CERTID* certId;
WOLFSSL_OCSP_CERTID* certIdBad;
const unsigned char* rawCertIdPtr;
const unsigned char rawCertId[] = {
0x30, 0x49, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05,
0x00, 0x04, 0x14, 0x80, 0x51, 0x06, 0x01, 0x32, 0xad, 0x9a, 0xc2, 0x7d,
0x51, 0x87, 0xa0, 0xe8, 0x87, 0xfb, 0x01, 0x62, 0x01, 0x55, 0xee, 0x04,
0x14, 0x03, 0xde, 0x50, 0x35, 0x56, 0xd1, 0x4c, 0xbb, 0x66, 0xf0, 0xa3,
0xe2, 0x1b, 0x1b, 0xc3, 0x97, 0xb2, 0x3d, 0xd1, 0x55, 0x02, 0x10, 0x01,
0xfd, 0xa3, 0xeb, 0x6e, 0xca, 0x75, 0xc8, 0x88, 0x43, 0x8b, 0x72, 0x4b,
0xcf, 0xbc, 0x91
};
rawCertIdPtr = &rawCertId[0];
printf(testingFmt, "wolfSSL_d2i_OCSP_CERTID()");
/* If the cert ID is NULL the function should allocate it and copy the
* data to it. */
certId = NULL;
certId = wolfSSL_d2i_OCSP_CERTID(&certId, &rawCertIdPtr, sizeof(rawCertId));
AssertNotNull(certId);
AssertIntEQ(certId->rawCertIdSize, sizeof(rawCertId));
XFREE(certId->rawCertId, NULL, DYNAMIC_TYPE_OPENSSL);
XFREE(certId, NULL, DYNAMIC_TYPE_OPENSSL);
/* If the cert ID is not NULL the function will just copy the data to it. */
certId = (WOLFSSL_OCSP_CERTID*)XMALLOC(sizeof(*certId), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
XMEMSET(certId, 0, sizeof(*certId));
/* Reset rawCertIdPtr since it was push forward in the previous call. */
rawCertIdPtr = &rawCertId[0];
certId = wolfSSL_d2i_OCSP_CERTID(&certId, &rawCertIdPtr, sizeof(rawCertId));
AssertNotNull(certId);
AssertIntEQ(certId->rawCertIdSize, sizeof(rawCertId));
XFREE(certId->rawCertId, NULL, DYNAMIC_TYPE_OPENSSL);
XFREE(certId, NULL, DYNAMIC_TYPE_TMP_BUFFER);
/* The below tests should fail when passed bad parameters. NULL should
* always be returned. */
certIdBad = (WOLFSSL_OCSP_CERTID*) 1;
certIdBad = wolfSSL_d2i_OCSP_CERTID(NULL, &rawCertIdPtr, sizeof(rawCertId));
AssertNull(certIdBad);
certIdBad = (WOLFSSL_OCSP_CERTID*) 1;
certIdBad = wolfSSL_d2i_OCSP_CERTID(&certId, NULL, sizeof(rawCertId));
AssertNull(certIdBad);
certIdBad = (WOLFSSL_OCSP_CERTID*) 1;
certIdBad = wolfSSL_d2i_OCSP_CERTID(&certId, &rawCertIdPtr, 0);
AssertNull(certIdBad);
printf(resultFmt, passed);
#endif
return 0;
}
static int test_wolfSSL_OCSP_id_cmp(void)
{
#if defined(OPENSSL_ALL) && defined(HAVE_OCSP)
@ -59896,6 +59963,7 @@ TEST_CASE testCases[] = {
TEST_DECL(test_wolfSSL_i2d_PrivateKey),
TEST_DECL(test_wolfSSL_OCSP_id_get0_info),
TEST_DECL(test_wolfSSL_i2d_OCSP_CERTID),
TEST_DECL(test_wolfSSL_d2i_OCSP_CERTID),
TEST_DECL(test_wolfSSL_OCSP_id_cmp),
TEST_DECL(test_wolfSSL_OCSP_SINGLERESP_get0_id),
TEST_DECL(test_wolfSSL_OCSP_single_get0_status),

10
wolfssl/internal.h
View File

@ -2217,13 +2217,17 @@ struct CRL_Entry {
byte nextDate[MAX_DATE_SIZE]; /* next update date */
byte lastDateFormat; /* last date format */
byte nextDateFormat; /* next date format */
#if defined(OPENSSL_EXTRA)
WOLFSSL_ASN1_TIME lastDateAsn1; /* last date updated */
WOLFSSL_ASN1_TIME nextDateAsn1; /* next update date */
#endif
#ifdef CRL_STATIC_REVOKED_LIST
RevokedCert certs[CRL_MAX_REVOKED_CERTS];
#else
RevokedCert* certs; /* revoked cert list */
RevokedCert* certs; /* revoked cert list */
#endif
int totalCerts; /* number on list */
int version; /* version of certficate */
int totalCerts; /* number on list */
int version; /* version of certficate */
int verified;
byte* toBeSigned;
word32 tbsSz;

4
wolfssl/ocsp.h
View File

@ -112,6 +112,10 @@ WOLFSSL_API int wolfSSL_i2d_OCSP_REQUEST_bio(WOLFSSL_BIO* out,
WOLFSSL_API int wolfSSL_i2d_OCSP_CERTID(WOLFSSL_OCSP_CERTID* id,
unsigned char** data);
WOLFSSL_API
WOLFSSL_OCSP_CERTID* wolfSSL_d2i_OCSP_CERTID(WOLFSSL_OCSP_CERTID** cidOut,
const unsigned char** derIn,
int length);
WOLFSSL_API const WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_SINGLERESP_get0_id(
const WOLFSSL_OCSP_SINGLERESP *single);
WOLFSSL_API int wolfSSL_OCSP_id_cmp(WOLFSSL_OCSP_CERTID *a, WOLFSSL_OCSP_CERTID *b);

1
wolfssl/openssl/ocsp.h
View File

@ -78,6 +78,7 @@
#define i2d_OCSP_REQUEST_bio wolfSSL_i2d_OCSP_REQUEST_bio
#define i2d_OCSP_CERTID wolfSSL_i2d_OCSP_CERTID
#define d2i_OCSP_CERTID wolfSSL_d2i_OCSP_CERTID
#define OCSP_SINGLERESP_get0_id wolfSSL_OCSP_SINGLERESP_get0_id
#define OCSP_id_cmp wolfSSL_OCSP_id_cmp
#define OCSP_single_get0_status wolfSSL_OCSP_single_get0_status

8
wolfssl/openssl/ssl.h
View File

@ -701,9 +701,14 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#define X509_CRL_free wolfSSL_X509_CRL_free
#define X509_CRL_get_lastUpdate wolfSSL_X509_CRL_get_lastUpdate
#define X509_CRL_get0_lastUpdate wolfSSL_X509_CRL_get_lastUpdate
#define X509_CRL_get_nextUpdate wolfSSL_X509_CRL_get_nextUpdate
#define X509_CRL_get0_nextUpdate wolfSSL_X509_CRL_get_nextUpdate
#define X509_CRL_verify wolfSSL_X509_CRL_verify
#define X509_CRL_get_REVOKED wolfSSL_X509_CRL_get_REVOKED
#define X509_CRL_get_issuer wolfSSL_X509_CRL_get_issuer_name
#define X509_CRL_get_signature_nid wolfSSL_X509_CRL_get_signature_nid
#define X509_CRL_get_version wolfSSL_X509_CRL_version
#define X509_load_crl_file wolfSSL_X509_load_crl_file
#define X509_get_X509_PUBKEY wolfSSL_X509_get_X509_PUBKEY
@ -728,6 +733,9 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#define X509_OBJECT_get0_X509 wolfSSL_X509_OBJECT_get0_X509
#define X509_OBJECT_get0_X509_CRL wolfSSL_X509_OBJECT_get0_X509_CRL
#define X509_REVOKED_get0_serialNumber wolfSSL_X509_REVOKED_get0_serial_number
#define X509_REVOKED_get0_revocationDate wolfSSL_X509_REVOKED_get0_revocation_date
#define X509_check_purpose(...) 0
#define OCSP_parse_url wolfSSL_OCSP_parse_url

7
wolfssl/ssl.h
View File

@ -2901,6 +2901,13 @@ WOLFSSL_API int wolfSSL_X509_REVOKED_get_serial_number(RevokedCert* rev,
WOLFSSL_API void wolfSSL_X509_CRL_free(WOLFSSL_X509_CRL *crl);
#endif
WOLFSSL_API
const WOLFSSL_ASN1_INTEGER* wolfSSL_X509_REVOKED_get0_serial_number(const
WOLFSSL_X509_REVOKED *rev);
WOLFSSL_API
const WOLFSSL_ASN1_TIME* wolfSSL_X509_REVOKED_get0_revocation_date(const
WOLFSSL_X509_REVOKED *rev);
#ifndef NO_FILESYSTEM
#ifndef NO_STDIO_FILESYSTEM
WOLFSSL_API WOLFSSL_X509*